Lucene search
K
QualysblogRecent

1089 matches found

Qualys Blog
Qualys Blog
added 2019/04/09 6:50 p.m.307 views

April 2019 Patch Tuesday – 74 Vulns, 16 Critical, 2 Actively Attacked, 1 PoC Exploit, Adobe Vulns

This month's Patch Tuesday addresses 74 vulnerabilities, with 16 labeled as Critical. Eight of the Critical vulns are for scripting engines and browser components, impacting Microsoft browsers and Office, along with another 5 Critical vulns in MSXML. Two Critical remote code execution RCE...

9.3CVSS1.7AI score0.4523EPSS
Exploits47
Qualys Blog
Qualys Blog
added 2019/04/03 11:23 a.m.77 views

Qualys Policy Compliance Notification: Policy Library Update

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS an...

0.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/04/02 5:36 a.m.14 views

Qualys Cloud Platform (VM, PC) 8.18.1 New Features

The patch release of the Qualys Cloud Platform, version 8.18.1.0-1, includes new support for HashiCorp Vaults as well as for Virtual Scanner Appliance for OCI and OCI-Classic Platforms. Feature Highlights Support for HashiCorp Vaults – This release adds a new vault type that can be used to retrie...

0.6AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/03/23 6:2 p.m.119 views

Qualys Cloud Platform (VM, PC) 8.18 New Features

This new release of the Qualys Cloud Platform VM, PC, version 8.18 contains several new features and improvements in Qualys Vulnerability Management and Policy Compliance, which include CertView Vulnerability Scan for EC2 Assets, support for new authentication types to filter vulnerabilities,...

1.5AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/03/18 4:0 p.m.152 views

Free Training: New Certified Learning Paths

The Qualys Training team is eager to share all of the recent additions to our free training program, as well as provide insight into what is coming in 2019. You can expect to see regular updates as we continue to improve our training offerings! It is our mission to help Qualys customers and...

0.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/03/14 4:0 p.m.110 views

PCI & SSL/Early TLS QIDs 38601, 42366

Two QIDs will be marked as PCI Fail on May 1, 2019 as required by ASV Program Guide: QID 38601 “SSL/TLS Use of Weak RC4 Cipher” QID 42366 “SSLv3.0/TLSv1.0 Protocol Weak CBC Mode Server Side Vulnerability BEAST” Last revision of ASV Program Guide ver. 3.1 has the following for SSL/TLS component: “...

0.6AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/03/13 8:24 p.m.70 views

Jenkins Plugin v2 for Qualys WAS Now Available

We are pleased to announce that the Qualys WAS Jenkins plugin v2 is now available. This version of the plugin introduces new features to facilitate automation, and a more user-friendly design. What's New? Whereas the previous release of the plugin supported only Jenkins "pipeline" projects, the n...

0.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/03/12 6:14 p.m.95 views

March 2019 Patch Tuesday – 65 Vulns, 18 Critical, RCEs in DHCP Client, Adobe Vulns

This month's Patch Tuesday addresses 65 vulnerabilities, with 18 of them labeled as Critical. Thirteen of the Critical vulns are for scripting engines and browser components, impacting Microsoft browsers and Office. Three remote code execution RCE vulnerabilities are patched in the Windows DHCP...

7.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/03/08 3:57 p.m.82 views

Qualys Policy Compliance Notification: Policy Library Update

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS an...

0.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/02/21 4:29 a.m.80 views

Qualys Cloud Platform 2.37 New Features

This release of the Qualys Cloud Platform version 2.37 includes updates and new features for Security Assessment Questionnaire and Web Application Scanning, highlights as follows. Security Assessment Questionnaire Manager access to all active campaigns – Questionnaire Manager role now has access ...

Exploits0
Qualys Blog
Qualys Blog
added 2019/02/14 5:0 p.m.110 views

Know What’s on Your Network at All Times with Qualys Asset Inventory

Qualys has just launched a global IT asset inventory solution that offers full visibility across even the most hybrid, complex and distributed IT environments, addressing a challenge many security and IT teams face today. When IT directors and CISOs look at their digitally transformed networks,...

6.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/02/12 7:46 p.m.590 views

February 2019 Patch Tuesday – 74 Vulns, 20 Critical, Exchange 0-day, Adobe Vulns

This month's Patch Tuesday is very large, with 74 vulns being addressed of which 20 are labeled as critical. Fifteen of these critical vulns are in the Scripting Engine and browsers, with the remainder being GDI+, SharePoint, and DHCP. Microsoft also issued an Advisory for an Exchange 0-day, alon...

9.3CVSS9.7AI score0.99913EPSS
Exploits31
Qualys Blog
Qualys Blog
added 2019/02/12 3:46 p.m.170 views

RunC Container Breakout Vulnerability

Despite the huge advantages that containers offer in application portability, acceleration of CI/CD pipelines and agility of deployment environments, the biggest concern has always been about isolation. Since all the containers running on a host share the same underlying kernel, any malicious cod...

9.3CVSS0.2AI score0.9857EPSS
Exploits33
Qualys Blog
Qualys Blog
added 2019/02/06 7:0 p.m.109 views

Assess Vulnerabilities, Misconfigurations in AWS Golden AMI Pipelines

Today we’re starting a blog series focused on how to integrate Qualys solutions into DevSecOps for securing cloud infrastructures. In this initial post, we’ll discuss the importance of assessing vulnerabilities and misconfigurations on AWS pipelines. When developing golden Amazon Machine Images...

1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/01/31 12:14 a.m.101 views

Qualys Policy Compliance Notification: Policy Library Update

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS an...

0.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/01/29 5:4 p.m.45 views

Qualys Cloud Platform 2.36 New Features

This release of the Qualys Cloud Platform version 2.36 includes updates and new features for AssetView Cloud Assets and Cloud Agents and Web Application Scanning, highlights as follows. AssetView Rules for Cloud Assets and Cloud Agents Rule-Based Method to Purge/Uninstall Cloud Assets and Cloud...

7.5AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/01/29 5:0 p.m.80 views

Policy Compliance Adds UDC Support for Cloud Agent

Qualys is extending the Cloud Agent capabilities for users of the Policy Compliance PC application by letting them define controls. Until now, the Cloud Agent could only assess Qualys PC’s “out of the box” controls. By adding support for user defined controls UDC, Qualys PC users now can use Clou...

0.7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/01/25 7:26 p.m.212 views

Qualys Cloud Platform (VM, PC) 8.17 New Features

Qualys Cloud Platform VM, PC version 8.17 contains various feature enhancements in Qualys Vulnerability Management and Qualys Policy Compliance. In addition, this release also lowers the time required before pausing or canceling an ongoing scan. Previously, scheduled scans could be cancelled or...

0.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/01/24 6:48 a.m.259 views

mod_ssl Bug and SSL Labs Renegotiation Test

Update February 20, 2019: To give more time to fix, we will re-enable the SSL Labs Renegotiation Test on March 11, 2019 two additional weeks. The Apache Security Team fixed a bug which triggers whenever a client attempts renegotiation with Apache HTTP Server 2.4.37 and OpenSSL 1.1.1. This bug...

2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/01/22 8:6 p.m.313 views

Qualys Cloud Platform (VM, PC) 8.16 New Features

This new release of the Qualys Cloud Platform VM, PC, version 8.16, contains several new improvements in Qualys Vulnerability Management and Qualys Policy Compliance, which includes new password security option, increased limit for virtual hosts that can be added to a subscription, added support...

7.6AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/01/22 6:38 p.m.88 views

Qualys Policy Compliance Notification: Policy Library Update

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS an...

0.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/01/10 5:0 p.m.75 views

Detecting Insecure Cookies with Qualys Web Application Scanning

Cookies are ubiquitous in today's modern web applications. If an attacker can acquire a user's session cookie by exploiting a cross-site scripting XSS vulnerability, by sniffing an unencrypted HTTP connection, or by some other means, then they can potentially hijack a user's valid session...

0.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/01/09 5:0 p.m.147 views

Container Security Becomes a Priority for Enterprises

Among the IT innovations that businesses are using to digitally transform operations, containers might be the most disruptive and revolutionary. “They’re a real game changer,” Qualys Chief Product Officer Sumedh Thakar said at QSC 2018 in Las Vegas. DevOps teams have embraced containers because...

7.5CVSS0.2AI score0.86978EPSS
Exploits10
Qualys Blog
Qualys Blog
added 2019/01/08 7:49 p.m.174 views

January 2019 Patch Tuesday – 47 Vulns, 7 Critical, Adobe Vulns

This month's Patch Tuesday is medium in size, with 47 vulns covered and only 7 labeled as Critical. Twenty-six of the vulns apply to Windows Servers and Workstation operating systems. Two of the Criticals apply to Hyper-V and could lead to RCE on the host system. Microsoft also issued and...

7.6CVSS7.5AI score0.29822EPSS
Exploits0
Qualys Blog
Qualys Blog
added 2018/12/17 4:0 p.m.65 views

New Frontiers In Cryptojacking

Tejas Girme & Rishikesh Bhide of Qualys Malware Research Labs present “New Frontiers in Cryptojacking” at the 21st Anti-Virus Asia Researchers International Conference AVAR 2018 in Goa, India. Cryptojacking attacks are evolving over time to better evade detection by both end users and protection...

0.5AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/12/11 7:21 p.m.135 views

December 2018 Patch Tuesday – 39 Vulns, Workstation Patches, Adobe Vulns

This month’s Patch Tuesday addresses 39 vulnerabilities, with 9 of them labeled as Critical. Out of the Criticals, most are browser-related, with the rest including Windows, and .net Framework. A Privilege Escalation vulnerability exists in Windows kernel which has been exploited in wild. Adobe...

10CVSS2.3AI score0.81844EPSS
Exploits13
Qualys Blog
Qualys Blog
added 2018/12/11 4:25 p.m.89 views

Global IT Asset Inventory: The Foundation for Security and Compliance

Pablo Quiroga, Qualys’ Director of Product Management for IT Asset Management, talks about the new Asset Inventory solution When IT directors and CISOs look at their digitally transformed networks, they encounter many shadows that their legacy enterprise software tools can’t illuminate. These bli...

Exploits0
Qualys Blog
Qualys Blog
added 2018/12/04 4:0 p.m.173 views

Capital One: Building Security Into DevOps

Capital One prides itself on staying at the forefront of IT innovations to give its business a competitive edge. For example, it adopted Agile software-development methodologies years ago, and uses artificial intelligence and machine learning. It was the first bank to implement a mobile wallet wi...

0.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/11/28 5:0 p.m.84 views

Infosec Teams Race To Secure DevOps

With DevOps adoption spreading, infosec teams are scrambling to address the new security challenges stemming from DevOps’ accelerated code development and app deployment. But while IT organizations have made notable progress adapting security to their DevOps processes, work remains to be done...

7.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/11/26 6:10 p.m.99 views

Qualys Cloud Platform 2.35 New Features

This release of the Qualys Cloud Platform version 2.35 includes updates and new features for AssetView, Cloud Agent, Security Assessment Questionnaire, and Web Application Scanning, highlights as follows. Note: this post has been edited after publishing to remove the Rule-Based Method to...

Exploits0
Qualys Blog
Qualys Blog
added 2018/11/20 3:57 p.m.59 views

QSC18 Takeaway: Complex Environments Demand Visibility and Real-Time Security

If there were two important takeaways from this year's Qualys Security Conference year they would be how today’s complex hybrid environments are demanding security teams find ways to increase visibility into the state of their security posture and be able to quickly mitigate new risks as they...

0.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/11/19 4:0 p.m.124 views

SSL Labs Grade Change for TLS 1.0 and TLS 1.1 Protocols

Update 11/30/18: Now live on ssllabs.com: In Configuration-Protocols section “TLS 1.1” text color will be changed to Orange by end of November 2018 TLS 1.0 and TLS 1.1 protocols will be removed from browsers at the beginning of 2020. As there are no fixes or patches that can adequately fix SSL or...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/11/17 12:11 a.m.67 views

QSC18: API Security, Enabling Innovation Without Enabling Attacks and Data Breaches

Without APIs, it would be near impossible to see enterprises being able to digitally transform themselves. After all, APIs are the connective-tissue between applications and systems and they make the management, automation and consumption of technology possible at scale. APIs are what enable...

7.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/11/15 8:5 p.m.81 views

QSC18 Day 1 Takeaway: Continuous Transformation Demands Continuous Security

The first day of Qualys Security Conference 2018 was a big one. Both CEO Philippe Courtot and Qualys chief product officer Sumedh Thakar detailed the challenges faced by many of today’s enterprises when it comes to the growth of cloud and the complexity of their hybrid environments. And they shar...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/11/15 4:0 p.m.89 views

QSC18: The Need for Security Visibility in the Age of Digital Transformation

Enterprises are moving full steam ahead when it comes to their digital transformation efforts. They’ve aggressively adopted cloud infrastructure and other cloud services, IoT, application containers, serverless functionality, and other technologies that are helping their organization to drive...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/11/13 6:46 p.m.400 views

November 2018 Patch Tuesday – 62 Vulns, TFTP Server RCE, Adobe PoC

This month's Patch Tuesday addresses 62 vulnerabilities, with 12 of them labeled as Critical. Out of the Criticals, 8 are for the Chakra Scripting Engine used by Microsoft Edge. A Remote Code Execution vulnerability in Windows Deployment Services' TFTP server is also addressed in this release...

10CVSS7.8AI score0.63294EPSS
Exploits0
Qualys Blog
Qualys Blog
added 2018/11/12 5:41 p.m.73 views

Welcome to Qualys Security Conference 2018

The rise of cloud computing coupled with DevOps is forcing enterprises to rewrite their cybersecurity playbook, and part of that book will be written this week at Qualys Security Conference 2018 in Las Vegas. Today, the dual cloud and DevOps mega-trends are helping companies to digitally transfor...

0.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/11/06 3:37 p.m.111 views

Bluetooth Chip Bugs Affect Enterprise Wi-Fi, as Hackers Exploit Cisco 0-Day

In this latest roundup of cyber security news, we look at serious Bluetooth chip-level bugs, a zero-day vulnerability on Cisco software, a raft of Apple security fixes, and a massive customer data breach at Cathay Pacific. Enterprise Wi-Fi access points vulnerable to Bluetooth bug A pair of...

8.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/10/23 4:0 p.m.91 views

Don’t Overlook Qualys Malware Detection

Cyber criminals are constantly looking for opportunities to infect legitimate websites with malware. They can use infected websites to cryptomine, steal data, hijack systems, deface pages, and do other damage to harm a company’s reputation and impact their users. This can result in lost revenue,...

0.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/10/17 4:42 p.m.48 views

Threat Hunting: Adoption, Expertise Grow, but Work Remains

Threat hunting, an often misunderstood but powerful security practice, is gaining traction, as more organizations reap benefits from it and get better at it. However, there is still a lot of room for adoption to increase and for practices to improve. Those were key findings from the SANS...

7.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/10/16 3:34 p.m.123 views

Apple, Amazon in a Tussle with Bloomberg over Spy Chips Report

In our latest security news digest, we delve into the brouhaha over Chinese spy chips, check out the latest in Facebook's investigation of its recent hack, and look at Google's controversial decision to delay disclosing a potential data breach. Bloomberg's spy chip report stuns tech industry, the...

6.4CVSS7.4AI score0.01251EPSS
Exploits4
Qualys Blog
Qualys Blog
added 2018/10/11 5:57 p.m.51 views

Qualys Broadens Security Offerings for Azure

Qualys is expanding its security and compliance capabilities for Microsoft Azure, by adding protection for the on-premises Azure Stack and extending capabilities for public cloud deployments. By using Qualys’ platform to defend hybrid IT environments, organizations get a unified view of their...

0.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/10/10 3:0 p.m.137 views

PCI & QID 38598 “Deprecated Public Key Length”

QID 38598 “Deprecated Public Key Length” will be marked as PCI Fail as of November 1, 2018 in accordance with its CVSS score. Under PCI DSS merchants and financial institutions are required to protect their clients' sensitive data with strong cryptography. Strong cryptography is defined in the...

2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/10/09 6:21 p.m.174 views

October 2018 Patch Tuesday – 49 Vulns, Critical browser patches, Hyper-V, Adobe vulns

In this month’s Patch Tuesday release there are 49 vulnerabilities patched with 12 Criticals. Out of the criticals, over half are browser-related, with the rest including Hyper-V and MSXML Parser. Microsoft Exchange covers CVE-2010-3190 which was not identified as in-scope product when originally...

9.3CVSS8.9AI score0.09038EPSS
Exploits1
Qualys Blog
Qualys Blog
added 2018/10/02 8:2 p.m.53 views

Stronger Security with Global IT Asset Inventory

On a Friday afternoon before a long holiday weekend, a company’s security operations center receives a potentially serious alert: It appears that a domain controller has been tampered with. After examining event logs and overlaying network traffic, a SOC analyst confirms that a suspicious system...

Exploits0
Qualys Blog
Qualys Blog
added 2018/10/02 12:2 a.m.156 views

Hackers Exploit Facebook Bug, As Twitter DMs (Maybe) Got Misrouted

In our latest security news digest, we check out the Facebook hack heard 'round the world, a Twitter bug that rattled users but may not amount to much, and a pair of serious Linux kernel vulnerabilities. Facebook scrambles to investigate major breach affecting tens of millions of users The cyber...

7.2CVSS8.1AI score0.14806EPSS
Exploits10
Qualys Blog
Qualys Blog
added 2018/09/27 11:58 a.m.72 views

Qualys Cloud Platform 2.34.1 New Features

This release of the Qualys Cloud Platform version 2.34.1 includes updates and new features for Cloud Agent & AWS EC2 Connector, AssetView, CloudView, and Security Assessment Questionnaire, highlights as follows. Cloud Agent & AWS EC2 Connector Automatic Merge of Cloud Agents running in Amazon Web...

0.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/09/18 4:0 p.m.48 views

Qualys Cloud Platform 8.15.2 New Features

Patch release of Qualys Cloud Platform, version 8.15.2, includes new support for Apache instance auto-discovery in Qualys Policy Compliance. Policy Compliance Apache Instance Auto-Discovery – This new feature in Qualys PC enables automatic discovery of Apache during compliance scans. Once one or...

1.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/09/12 7:44 p.m.60 views

Qualys Helps Consultants, MSPs Deliver World-Class Security Services To Mid-Size Customers

With the newly available Qualys Consulting Edition, consultants and MSPs can now individually manage their mid-market client networks, keeping data separate and organized. This lets them offer their clients tailored, personalized services, with valuable insights and recommendations for threat...

0.6AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/09/11 6:34 p.m.117 views

September 2018 Patch Tuesday – 61 Vulns, FragmentSmack, Hyper-V Escape

In this month’s Patch Tuesday release there are 61 vulnerabilities patched with 17 Criticals. Out of the criticals, most are browser-related, with the rest including Windows, Hyper-V, and .net Framework. A vulnerability CVE-2018-8475 in Windows' image parsing has been publicly disclosed, in...

7.6CVSS0.5AI score0.18386EPSS
Exploits7
Total number of security vulnerabilities1089