Lucene search
K
QualysblogRecent

1089 matches found

Qualys Blog
Qualys Blog
added 2018/09/11 5:4 p.m.64 views

Call for Customer Presentations: Qualys Security Conference 2018

The annual Qualys user conference, QSC18, is quickly approaching, and we are looking for customer presentations showcasing how you use Qualys to enable security best practices and secure your digital transformation. If you would like to be considered as a presenter, please send a session title an...

Exploits0
Qualys Blog
Qualys Blog
added 2018/09/10 11:8 p.m.68 views

British Airways Hack Triggers GDPR Concerns, as World Awaits Windows 0-Day Patch

A swipe of confidential data from almost 400,000 British Airways customers. A string of app takedowns at the Mac App Store after exfiltration findings. A gargantuan data breach at a Chinese hotel chain. An unpatched zero-day Windows bug exploited in the wild. These are some of the security news...

Exploits0
Qualys Blog
Qualys Blog
added 2018/09/10 9:8 p.m.51 views

Qualys Policy Compliance Notification: Policy Library Update

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS an...

0.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/09/10 8:4 p.m.63 views

Qualys Cloud Platform 8.15.1 New Features

This new patch release of the Qualys Cloud Platform, version 8.15.1, includes updates to Qualys Vulnerability Management. Vulnerability Management IP Update Handling for Agents – External IP address for Agents will no longer overwrite previous internal IP address when an internal address is not...

1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/09/05 5:16 p.m.61 views

GDPR 101: Monitoring & Maintaining Compliance After the Deadline

Discussions about the EU’s General Data Protection Regulation GDPR reached a crescendo on May 25, the compliance deadline, but many companies continue seeking guidance. The reason: A majority of companies missed the deadline, according to estimates from various sources, including Gartner, Crowd...

0.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/08/30 2:53 p.m.58 views

Securing Container Deployments with Qualys

With container adoption booming, security teams must protect the applications that DevOps teams create and deploy using this method of OS virtualization. The security must be comprehensive across the entire container lifecycle, and built into the DevOps pipeline in a way that is seamless and...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/08/28 2:52 p.m.59 views

How New Passive Network Sensor Boosts Platform Capabilities

Black Hat attendees got a peek at Qualys Passive Network Sensor PNS, a product that amplifies the already comprehensive IT asset visibility Qualys provides to its customers. By adding real-time network analysis to Qualys’ versatile set of sensors, PNS eliminates blind spots across IT environments...

0.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/08/27 6:32 p.m.502 views

Security News: Hackers Aim Ransomware at Big Cos., as Experts Call for Swift Patching of Struts Bug

Ransomware raids aimed at specific targets with big pockets. Another Struts vulnerability -- but scarier than last year’s. An Android spyware that records your phone calls. These are some of the security news that have caught our attention. New Struts Bug Should Be Patched Yesterday Apache patche...

9.3CVSS9.2AI score0.99993EPSS
Exploits41
Qualys Blog
Qualys Blog
added 2018/08/23 8:27 p.m.2380 views

Detecting Apache Struts 2 Namespace RCE: CVE-2018-11776

A new remote code execution vulnerability in Apache Struts 2, CVE-2018-11776, was disclosed yesterday. While this vulnerability does not exist with a default configuration of Struts, it does exist in commonly seen configurations for some Struts plugins. Update August 24, 2018: A dashboard for thi...

9.3CVSS1.8AI score0.99993EPSS
Exploits87
Qualys Blog
Qualys Blog
added 2018/08/16 4:0 p.m.65 views

Black Hat USA 2018 Best Practices Videos

Watch the presentations from the Qualys booth at Black Hat USA 2018, available online now. Learn how your peers are securing their environments and see the breadth and depth of Qualys solutions. Industry-Leading Best Practices Qualys customers explain how they run their industry-leading security...

Exploits0
Qualys Blog
Qualys Blog
added 2018/08/14 6:47 p.m.164 views

August Patch Tuesday – 63 Vulns, L1TF (Foreshadow), Exchange, SQL, Active Attacks on IE flaw

In this month's Patch Tuesday release there are 63 vulnerabilities patched with 20 Criticals. Out of the criticals, over half are browser-related, with the rest including Windows, SQL, and Exchange. Active exploits have been detected against CVE-2018-8373, one of the scripting engine...

10CVSS0.2AI score0.61912EPSS
Exploits1
Qualys Blog
Qualys Blog
added 2018/08/14 5:0 p.m.105 views

Introducing a Burp Extension for Integration with Qualys Web Application Scanning

Qualys offers a wide array of security and compliance solutions for your organization. All capabilities are delivered from Qualys Cloud Platform. Visit Qualys Cloud Platform Apps to learn more. But let's narrow the discussion to web application security. To have a complete webappsec program, it's...

7.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/08/13 7:26 p.m.129 views

Security News: WannaCry Surfaces in Taiwan, as Reddit Breach Puts 2FA in the Spotlight

WannaCry rears its ugly head again. Reddit gets hacked, despite using two-factor authentication. A cryptojacking campaign targets carrier-grade routers. Here are some recent security industry news that have caught our attention. WannaCry hits Taiwan Semi The notorious WannaCry ransomware...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/08/09 2:51 p.m.62 views

Qualys BrowserCheck CoinBlocker Protects Users From Active Cryptojacking Campaigns

Qualys Malware Research Labs recently released the Qualys BrowserCheck CoinBlocker Chrome Extension. We have seen enthusiastic adoption from users across the globe in the first week since its release, which has given us enough telemetry data to indicate success in protecting users from popular...

7.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/08/09 7:33 a.m.68 views

Qualys Cloud Platform 2.34 New Features

This release of the Qualys Cloud Platform version 2.34 includes updates and new features for Cloud Agent, EC2 Connector, Continuous Monitoring, Security Assessment Questionnaire, Web Application Scanning, and Web Application Firewall, highlights as follows. Cloud Agent Automatic Merge of Cloud...

6.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/08/08 10:18 p.m.113 views

Qualys Cloud Platform (VM, SCA, PC) 8.15 New Features

This new release of the Qualys Cloud Platform VM, SCA, PC, version 8.15, includes several new improvements across the VM, PC, and SCA Apps including new IPv6 configuration options for the scanner, improvements to several VM reports including ability to display EC2 metadata, a new Policy Complianc...

Exploits0
Qualys Blog
Qualys Blog
added 2018/08/02 11:26 p.m.51 views

Qualys Policy Compliance Notification: Policy Library Update

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS an...

0.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/08/01 5:27 p.m.45 views

Qualys Helps Smaller Organizations Secure Hybrid IT with Free Offering

The digital transformation revolution waits for -- and spares -- no one. It forces all businesses to adopt tech innovations, like cloud, IoT and mobility, and to protect the resulting IT environments as they become hybrid, distributed and elastic. With traditional network perimeters dissolved,...

7.7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/07/31 10:22 p.m.54 views

Eager to Boost your Container Security? Don’t Miss this Webcast

DevOps teams can’t get enough of containers -- and for good reason. Faster and more efficient application development and deployment, as well as increased application portability, are some container technology benefits, which in turn help drive digital transformation efforts. Container-based...

0.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/07/30 10:16 p.m.75 views

Security News: Bluetooth Bug Triggers Patch Frenzy, as Ransomware Attack Hits Global Shipper

A scary Bluetooth bug. A crippling ransomware attack. A cyber threat to the U.S. electrical grid. A data leak of trade secrets from major car makers such as Tesla and GM. These were some of the security industry news that caught our eye last week. Bluetooth vulnerability rattles vendors, end user...

6.5AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/07/25 5:0 p.m.398 views

Staying Safe in the Era of Browser-based Cryptocurrency Mining

Qualys Malware Research Labs is announcing the release of Qualys BrowserCheck CoinBlocker Chrome extension to detect and block browser-based cryptocurrency mining, aka cryptojacking. Cryptojacking Cryptojacking attacks leverage the victim system’s resources via malicious JavaScript to mine certai...

7.5CVSS0.3AI score0.99993EPSS
Exploits46
Qualys Blog
Qualys Blog
added 2018/07/21 6:57 a.m.41 views

SAQ Enables Users to Pick and Choose Questions for Custom Templates

Qualys Security Assessment Questionnaire SAQ has been enhanced with new features for questionnaire templates, which enable customers to choose questions that they want to include in their campaigns. The new Question Bank option in the SAQ Template Editor provides users with a repository of...

1.5AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/07/13 4:0 p.m.49 views

QSC18 Virtual Edition: Securing Containers – From Build to Deployments

DevOps teams have embraced Docker container technology because it boosts speed, agility, and flexibility in app development and delivery. But it also creates security and compliance challenges. “Containers are revolutionizing the IT landscape,” Hari Srinivasan, a Qualys Director of Product...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/07/10 6:30 p.m.86 views

July Patch Tuesday – Critical browser patches, Lazy FP, Exchange, Adobe vulns

This month's Patch Tuesday is medium in weight, with 54 CVEs containing 17 Criticals. All but two of the Critical vulnerabilities are in Microsoft's browsers or browser-related technologies. An additional speculative execution vulnerability announced in June was patched as well. Adobe has also...

10CVSS1.6AI score0.21173EPSS
Exploits0
Qualys Blog
Qualys Blog
added 2018/06/29 4:0 p.m.57 views

QSC18 Virtual Edition: Vulnerability Risk Management

When vulnerability risk management is proactive, organizations don’t have to hurriedly react to attacks that exploit bugs for which patches are available, as happened with WannaCry. “The vast majority of WannaCry remediation took place as an emergency type process,” Jimmy Graham, a Qualys Directo...

7.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/06/28 4:0 p.m.59 views

GDPR Is Here: How GDPR Readiness Can Boost Your Business

Most discussions about the EU’s General Data Protection Regulation GDPR have naturally focused on best practices for achieving compliance and avoiding penalties. With GDPR now a reality for all companies that store and process personal data of EU residents, an often overlooked aspect has been the...

0.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/06/26 4:0 p.m.20 views

GDPR Is Here: Don’t Neglect Public Cloud Security

With organizations aggressively moving workloads to public cloud platforms, such as Amazon’s AWS, protecting these environments is critical for complying with the EU’s General Data Protection Regulation GDPR. GDPR, which went into effect in May, imposes strict requirements on millions of business...

0.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/06/22 8:26 p.m.61 views

QSC18 Virtual Edition: Global IT Asset Discovery, Inventory, and Management

Maintaining an IT asset inventory is essential for a strong security posture, but digital transformation has further complicated this already challenging task. “The volume and variety of assets, including cloud, virtualization, mobility and IoT, is disrupting IT, and security takes center stage,”...

0.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/06/22 6:33 p.m.65 views

Qualys Cloud Platform (VM, SCA, PC) 8.14 New Features

This new release of the Qualys Cloud Platform VM, SCA, PC, version 8.14, includes several new feature improvements across the apps such as Wallix AdminBastion support, EC2 scan improvements, VM reporting improvements, ESX/ESXi PC support for vCenter, PC STIG Report, and expanded technology suppor...

0.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/06/21 11:35 p.m.48 views

QSC18 Virtual Edition: Securing Hybrid IT Environments from Endpoints to Clouds

As organizations embrace digital transformation to boost business processes, traditional IT environments get altered, becoming distributed, elastic and hybrid. “That’s creating a new challenge for security,” Chris Carlson, Qualys’ Product Management VP, said during QSC18 Virtual Edition. As...

7.5AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/06/19 5:36 p.m.42 views

GDPR Is Here: Web App Security Is a Must

With web and mobile apps becoming a preferred vector for data breaches, organizations must include application security in their plans for complying with the EU’s General Data Protection Regulation GDPR. GDPR went into effect in May, imposing strict requirements on millions of businesses worldwid...

0.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/06/18 5:29 p.m.75 views

Get Emerging Threats Visibility with Qualys IOC Widgets

Two new built-in widgets for detecting the GravityRAT and GhostSecret advanced threats are now available in Qualys Indication of Compromise IOC. These threats are of specific concern as they target industries like finance, entertainment, telecommunication and healthcare and have capability to...

7.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/06/15 2:7 p.m.60 views

QSC18 Virtual Edition – Building Security In: The Qualys Cloud Platform and Architecture

Digital transformation, driven primarily by the DevOps movement, represents a new opportunity “to redo IT from scratch, but more importantly, to redo security from scratch,” Sumedh Thakar, Qualys' Chief Product Officer, said during QSC18 Virtual Edition. Specifically, organizations can organicall...

7.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/06/15 1:46 p.m.42 views

QSC18 Virtual Edition – Securing our Networks and Enabling the Digital Transformation: One App at a Time

Qualys Chairman and CEO Philippe Courtot set the tone for the company’s first virtual conference, the QSC18 Virtual Edition, with a call to the industry to re-invent security to protect digital transformation efforts. CIOs and CISOs can’t continue accumulating disparate, point solutions that are...

Exploits0
Qualys Blog
Qualys Blog
added 2018/06/14 4:0 p.m.58 views

GDPR Is Here: Indication of Compromise – Another Key Practice for GDPR Compliance

In this blog series, we’re discussing solid security practices that are key for General Data Protection Regulation GDPR compliance, and today we’ll address another crucial one: Indication of compromise IOC. In a nutshell, IOC can help customers who are dealing with unauthorized access to customer...

0.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/06/12 6:32 p.m.63 views

June Patch Tuesday – New Speculative Store Bypass Fixes, Adobe Vulns

June's Patch Tuesday is lighter weight compared to previous months. In all, 51 unique CVEs are addressed, with 11 CVEs marked as Critical. Adobe also released an out-of-band update for a Flash Player vulnerability last week, which is being actively exploited. Speculative Store Bypass Microsoft...

9.3CVSS7.9AI score0.22257EPSS
Exploits0
Qualys Blog
Qualys Blog
added 2018/06/06 4:0 p.m.51 views

The Digital Transformation Age Is Dawning: Do You Know Where Your Certificates Are?

How many digital certificates are in use in your organization? When do they expire? Do you have a way of discovering digital certificates from unapproved Certificate Authorities? Most organizations can't answer these questions with complete certainty, because they lack the necessary visibility an...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/06/05 4:0 p.m.18 views

GDPR Is Here: Put File Integrity Monitoring in Your Toolbox

In this latest post of our series on the EU’s General Data Protection Regulation, we’ll explain how file integrity monitoring FIM can be crucial in helping organizations comply with this severe regulation. GDPR, which went into effect in May and applies to organizations worldwide that handle EU...

0.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/06/04 4:0 p.m.40 views

Gain Visibility and Continuous Security Across All Your Public Clouds

As organizations increase their use of public cloud platforms, they encounter cloud-specific security and compliance threats, which can be challenging to address without the right tools and processes. Organizations’ cloud security difficulties lie in two main areas: Lack of visibility into their...

0.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/05/31 4:0 p.m.45 views

GDPR Is Here:  Assess the Security Configurations of Your IT Systems

In prior installments of this GDPR compliance blog series, we’ve discussed the importance of key security practices such as IT asset inventory and vulnerability management. Today, we’ll focus on another core component for GDPR: policy compliance. As we’ve stated before, to comply with the EU’s...

0.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/05/30 2:33 p.m.84 views

All Hands Memo to Owners of Home / Small Office Routers: Reboot Them!

This last week or so of May has been busy with security news and incidents, as the FBI put out an unprecedented call to do a massive wave of reboots of home and small office routers, while Intel confirmed the existence of yet another Spectre / Meltdown variant. And, yes, we had yet another...

4.9CVSS6.6AI score0.60631EPSS
Exploits2
Qualys Blog
Qualys Blog
added 2018/05/29 7:10 p.m.47 views

Qualys Cloud Platform 2.33 New Features

This release of the Qualys Cloud Platform version 2.33 includes the release for CertView, plus updates and new features for AssetView, Cloud Agent, EC2 Connector, Security Assessment Questionnaire, Web Application Scanning, and Web Application Firewall, highlights as follows. This posting has bee...

0.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/05/29 6:30 p.m.75 views

GDPR Is Here: Assess Risk from Vendors and from Internal Teams

Organizations must manage risk from third parties such as contractors and suppliers, and from internal staffers and teams, as part of their compliance program for the EU’s General Data Protection Regulation GDPR. The need to manage vendor risk in particular is stressed repeatedly throughout the...

0.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/05/28 4:0 a.m.53 views

QSC 2018 Mumbai Finds Qualys at the Forefront of Digital Transformation Security

Qualys Security Conference 2018, held in Mumbai on May 10, fortified Qualys’ stand as the leader in securing Digital Transformation in the current global IT landscape. In his keynote, “Our Journey into the Cloud: The Qualys Platform and Architecture”, Qualys Vice President of Product Management...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/05/25 9:11 a.m.142 views

GDPR Compliance: Manage Procedural Risk Assessments with New GDPR Templates

The EU’s General Data Protection Regulation GDPR goes into effect today, imposing strict security requirements on any company worldwide that handles the personal data of EU residents. Qualys Security Assessment Questionnaire SAQ – a Qualys app that helps you with this type of procedural risk...

0.7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/05/24 5:8 p.m.58 views

Qualys Policy Compliance Notification: Policy Library Update

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS an...

0.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/05/24 4:0 p.m.60 views

GDPR Is Here: Manage Vulnerabilities and Prioritize Threat Remediation

To provide the level of data protection required by the EU’s General Data Protection Regulation GDPR, your organization must continuously detect vulnerabilities, and prioritize their remediation. Why? An InfoSec team that’s chronically overwhelmed by its IT environment’s vulnerabilities and unabl...

7.5AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/05/22 3:0 a.m.31 views

GDPR Is Here: Achieve Superior Data Breach Prevention and Detection with Qualys

Turned into law in 2016, the EU’s General Data Protection Regulation GDPR finally goes into effect this week, slapping strict requirements on millions of businesses and subjecting violators to severe penalties. The complex regulation applies to any organization worldwide -- not just in Europe --...

0.5AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/05/16 4:0 p.m.97 views

DevSecOps: Practical Steps to Seamlessly Integrate Security into DevOps

To properly and effectively protect DevOps pipelines, organizations can’t blindly apply conventional security processes they’ve used for traditional network perimeters. Since DevOps’ value is the speed and frequency with which code is created, updated and deployed, security must be re-thought so...

6.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/05/15 4:0 p.m.60 views

Securing the Hybrid Cloud: A Guide to Using Security Controls, Tools and Automation

When a bank recently created a consumer mobile wallet, it built the entire project -- from development to deployment -- in the cloud, an increasingly common decision among enterprises. A less common step taken by this multinational bank and Qualys customer was incorporating the security team from...

7.5AI score
Exploits0
Total number of security vulnerabilities1089