Lucene search
K
QualysblogRecent

1089 matches found

Qualys Blog
Qualys Blog
added 2018/01/09 12:4 a.m.129 views

PCI DSS v3.2 & Private IP Address Disclosure

Private IP addresses disclosure such as QID 86247 “Web Server Internal IP Address/Internal Network Name Disclosure Vulnerability” will be marked as a Fail for PCI as of February 1, 2018 in accordance with PCI DSS v3.2. QID 86247 is a PCI Fail according to PCI DSS v3.2 Requirement 1.3.7: 1.3.7 Do...

6.5AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/01/06 1:30 a.m.72 views

Visualizing Spectre/Meltdown Impact and Remediation Progress

In order to determine the impact of Spectre/Meltdown and track remediation progress across your entire environment, it is important to visualize vulnerability detections in a dynamic dashboard. For more information on Spectre and Meltdown, please see our previous blog. Using Qualys AssetView, we...

6.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/01/05 7:10 p.m.29 views

Qualys Cloud Platform 2.31 New Features

This release of the Qualys Cloud Platform version 2.31 includes updates and new features for AssetView, Cloud Agent, EC2 Connector, Web Application Scanning, Web Application Firewall, and Security Assessment Questionnaire, highlights as follows. AssetView Use custom severities in AV searches and...

6.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/01/04 2:17 a.m.660 views

Processor Vulnerabilities – Meltdown and Spectre

UPDATE 1/4/2018: Qualys has released several QIDs for detecting missing patches for these vulnerabilities. UPDATE 1/5/2018: Pre-built AssetView dashboards to visualize impact and remediation progress. Vulnerabilities potentially impacting all major processor vendors were disclosed today by Google...

4.7CVSS7.3AI score0.93838EPSS
Exploits12
Qualys Blog
Qualys Blog
added 2017/12/14 5:27 p.m.13 views

Cloud Security Improves, But Much Work Still Remains to Be Done

As cloud computing adoption accelerates among businesses, InfoSec teams are struggling to fully protect cloud workloads due to a lack of visibility into these environments, and to hackers’ increasingly effective attacks. That’s the main finding from SANS Institute’s “Cloud Security: Defense in...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/12/13 9:16 p.m.16 views

Call For Customer Presentations at RSA Conference 2018!

Tell your security story to your peers at RSA Conference 2018 San Francisco! Qualys is looking for customers excited to share their security and DevSecOps successes, best practices and case studies leveraging the use of the Qualys Cloud Platform. Take the stage in the Qualys booth to share your...

6.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/12/12 7:27 p.m.63 views

December Patch Tuesday: Quiet End to the Year

This December Patch Tuesday is considerably lighter than last month’s patch releases. While only three of the fixes were for Windows operating systems, the majority of the vulnerabilities to pay attention to are Browser/Scripting Engine-based. Overall, this month's updates address are fixes for 3...

9.3CVSS8.5AI score0.45521EPSS
Exploits6
Qualys Blog
Qualys Blog
added 2017/12/07 4:50 p.m.14 views

Implementing the CIS 20 Critical Security Controls: Make Your InfoSec Foundation Rock Solid

For almost 10 years, thousands of organizations eager to solidify their security and compliance foundations have found clarity and direction in the the Center for Internet Security’s Critical Security Controls CSCs. This structured set of 20 foundational InfoSec best practices, first published in...

7.5AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/12/04 6:56 p.m.11 views

Implementing the CIS 20 Critical Security Controls: Delving into More Sophisticated Techniques

Corden Pharma needed a standardized security program to meet customer requirements. Link3 Technologies wanted to prioritize its network security improvements. Telenet was looking for a road map to implement its ISO-27000 compliance program. These three companies — a German pharmaceutical contract...

6.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/11/30 8:59 p.m.12 views

Qualys Policy Compliance Notification: Policy Library Update

The Qualys library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/11/30 6:9 p.m.16 views

Qualys Cloud Platform 8.11.2 New Features

This new patch release of the Qualys Cloud Platform, version 8.11.2, includes updates to shared platform features, Qualys Vulnerability Management and Qualys Policy Compliance SCAP scanning. Update 12/1/2017: New Vulnerability Management feature added below. Feature Highlights Cloud Platform User...

6.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/11/28 6:18 p.m.17 views

Qualys WAS: New Detections for XML External Entities (XXE)

In the new 2017 edition of the OWASP Top 10, XML External Entities XXE make their first appearance at A4 on the list. Qualys is pleased to announce that Qualys Web Application Scanning WAS engine 4.4 includes new detection capabilities for XXE vulnerabilities. About XML External Entities XXE If...

7.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/11/28 4:45 p.m.23 views

Implementing the CIS 20 Critical Security Controls: Building Upon Foundational Cyber Hygiene

Most successful cyber attacks exploit known vulnerabilities for which patches are available, or take advantage of weak configuration settings that could have been easily hardened. You can significantly lower the risk of being victimized by this type of common, preventable attack by adopting the...

8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/11/14 7:37 p.m.326 views

November Patch Tuesday: 53 Vulnerabilities and a Massive Adobe Update

This November Patch Tuesday is moderate in volume and severity. Microsoft released patches to address 53 unique vulnerabilities, with 25 focused on Remote Code Execution fixes. Windows OS receives 14 patches, while the lion's share is focused on Browsers, Microsoft Office, and Adobe. According to...

9.3CVSS7.8AI score0.99945EPSS
Exploits48
Qualys Blog
Qualys Blog
added 2017/11/14 5:6 p.m.71 views

Implementing the CIS 20 Critical Security Controls: Slash Risk of Cyber Attacks by 85%

If a CISO needed to cut cyber attack risk by 85%, how would this security chief go about accomplishing that? Would the CISO even know where to begin? It’s safe to say that such a mandate would be considered daunting, and maybe even overwhelming. CISOs are scrambling to protect IT infrastructures...

7.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/11/08 4:55 p.m.26 views

Webcast Q&A: DevSecOps – Building Continuous Security Into IT and App Infrastructures

As organizations adopt DevOps to create and deliver software quickly and continuously — a key step for supporting their digital transformation initiatives — they must not overlook security. In DevOps, development and operations teams add agility and efficiency to software lifecycles with automati...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/11/02 4:39 p.m.45 views

New ‘Silence’ Banking Trojan copies Carbanak to Steal from Banks (Analysis with IOCs)

Dark Reading is reporting on a new banking trojan called 'Silence' that mimics techniques similar to the Carbanak hacker group targeting banks and financial institutions. The attack vector is similar – target individuals using spear-phish emails to trick them into running a malicious attachment...

7.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/11/01 4:0 p.m.26 views

Case Study: Cisco Group Bakes Security into Web App Dev Process

“To know what is right and not do it is the worst cowardice.” That phrase was uttered by Confucius 2,500 years ago, but reflects the spirit behind a recent revamp of a Cisco web app development process that made it more effective and secure. “This is important as we talk about the secure software...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/10/31 5:24 p.m.34 views

DevSecOps: Building Continuous Security Into IT and App Infrastructures

With software now at the heart of essential business processes, organizations must build security into their IT and application development pipeline to prevent breaches, avoid compliance violations, and protect digital transformation initiatives. This especially applies to organizations creating...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/10/27 4:0 p.m.44 views

InfoSec Pros Must Fasten Their Seatbelts for Digital Transformation Ride

The IT industry has gone through multiple revolutions – client-server computing, the Internet’s rise, virtualization, mobility – but none rivals the unprecedented impact of today’s digital transformation. The implications for InfoSec professionals are broad, requiring that they adapt quickly to t...

6.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/10/26 4:30 p.m.27 views

Webcast Q&A: Automating the CIS Critical Security Controls

Qualys Product Management Director Tim White and SANS Institute Analyst John Pescatore did a deep dive into the Center for Internet Security’s Critical Security Controls during a recent webcast, and answered questions from audience members about these 20 foundational security practices, and about...

6.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/10/25 12:49 a.m.96 views

Bad Rabbit – Ransomware

updated: 10/26/2017 with additional file hashes and mitigations A new ransomware campaign has affected at least three Russian media companies in a fast-spreading malware attack. Fontanka and Interfax are among the companies affected by the Bad Rabbit ransomware named by the researchers who first...

7.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/10/23 4:0 p.m.21 views

ACLU Attorney: U.S. Citizens Legally Unsheltered from Abusive Surveillance

U.S. law has failed to protect Americans from widespread and excessive surveillance, a dire situation that requires immediate attention from citizens, lawmakers, attorneys, privacy experts and the courts. That was the urgent warning Jennifer S. Granick, Surveillance and Cybersecurity Counsel at t...

6.5AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/10/19 9:27 p.m.45 views

Gartner: The Pursuit of Perfection Weakens InfoSec Effectiveness

While malicious hackers are the obvious enemies of InfoSec pros, there’s something else that puts IT environments in danger: Perfectionism. When applied to security, perfectionism becomes detrimental, creating a false certainty that all bases are covered and yielding a fundamentally flawed approa...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/10/19 3:15 p.m.70 views

QSC17: Qualys Battles the Silos, Helps Protect Digital Transformation Efforts

Digital transformation initiatives, if properly implemented, must go way beyond deploying the latest shiny IT systems. Instead, they must aim to fundamentally disrupt and reinvent business processes throughout the entire organization. That was the message Qualys Chief Product Officer Sumedh Thaka...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/10/18 9:18 p.m.54 views

The Shift from Securing our Networks to Enabling the Digital Transformation of our Enterprises

It’s not yet Thursday, but attendees at Qualys Security Conference 2017 were treated to a major “throwback” as CEO and Chairman Philippe Courtot journeyed back centuries during QSC17’s opening keynote to illustrate the seismic changes of today’s digital revolution. Courtot cited some of history’s...

6.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/10/18 5:42 p.m.23 views

Qualys Cloud Suite 8.11 New Features

This new release of the Qualys Cloud Suite, version 8.11, adds several new major features including: Customizable Login Banners New VM features including QID Changelog View, PCAP Scanning in Express Lite subscriptions, Scanning Options, and Timestamps on IG QID’s. PC improvements to File Monitori...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/10/18 4:0 p.m.38 views

Qualys Policy Compliance Notification: Policy Library Update

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from vendo...

7.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/10/18 2:43 p.m.27 views

Bugcrowd Integration Now Available in Qualys Web Application Scanning

The new version of Qualys Web Application Scanning, WAS 5.7, adds an integration with Bugcrowd for centralized viewing and triaging of both WAS automated vulnerability detections and vulnerabilities submitted by Bugcrowd's approved security researchers. Qualys WAS customers running a bug bounty...

6.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/10/16 7:23 p.m.51 views

QSC17 Focuses on Digital Transformation’s Challenges and Opportunities

Qualys Security Conference 2017 finds Qualys rapidly advancing in its ongoing quest to seamlessly and transparently thread security into the fabric of IT environments, and to make it essential for digital transformation. At QSC17, happening this week in Las Vegas, Qualys executives will share how...

6.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/10/12 3:35 p.m.51 views

The Critical Security Controls: Basic Cybersecurity Hygiene for your Organization

It’s a well-known fact that most successful cyber attacks are easily preventable. That’s because the majority are neither highly sophisticated nor carefully customized. Instead, they are of the “spray and pray” sort. They try to exploit known vulnerabilities for which patches are available, or to...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/10/10 6:23 p.m.263 views

October Patch Tuesday: 28 Critical Microsoft Vulnerabilities

Today Microsoft released patches covering 62 vulnerabilities as part of October’s Patch Tuesday update, with 30 of them affecting Windows. Patches covering 28 of these vulnerabilities are labeled as Critical, and 33 can result in Remote Code Execution. According to Microsoft, a vulnerability in...

10CVSS8.5AI score0.81627EPSS
Exploits4
Qualys Blog
Qualys Blog
added 2017/09/26 3:35 p.m.18 views

Achieve Continuous Security and Compliance with the CIS Critical Security Controls

For InfoSec pros, it’s easy to get overwhelmed by the constant noise from cybersecurity industry players — vendors, research firms, consultants, industry groups, government regulators and media outlets. A good antidote for this hyperactive chatter is to refocus on foundational InfoSec practices...

6.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/09/26 7:55 a.m.181 views

Google and Mozilla are Deprecating Existing Symantec Certificates

Earlier this month, after roughly six months of deliberation and planning, Google finalised their plans for staged deprecation of Symantec certificates. The process began in March 2017 when Google had announced on the Blink mailing list that they had lost confidence about Symantec’s certificate...

6.7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/09/19 11:38 a.m.71 views

Fixing HPKP with Certificate Constraints

This is the third post in my series on HPKP. In my first post I declared HPKP dead, and in my second post I explored the possibility of fixing it by introducing pin revocation. Today I will consider an entirely different approach to make HPKP much safer, by changing how it’s activated. In my...

6.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/09/12 6:23 p.m.698 views

September Patch Tuesday: 27 Critical Vulnerabilities from Microsoft, plus Critical Adobe Patches

Today Microsoft released a fairly large batch of patches covering 81 vulnerabilities as part of September’s Patch Tuesday update, with 38 of them impacting Windows. Patches covering 27 of these vulnerabilities are labeled as Critical, and 39 can result in Remote Code Execution RCE. According to...

9.3CVSS2.1AI score0.88698EPSS
Exploits16
Qualys Blog
Qualys Blog
added 2017/09/05 9:2 a.m.40 views

Fixing HPKP with Pin Revocation

Last year, almost exactly to the day, I declared HPKP effectively dead. I believed then—and I still do—that HPKP is too complex and too dangerous to be worth the effort. The biggest problem lies in the fact that there is no sufficient margin of safety; pinning failures are always catastrophic...

6.7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/08/29 3:49 p.m.61 views

SANS Institute: Hackers Paint a Bullseye on Your Employees and Endpoints

End users and their devices are right smack in the center of the battle between enterprise InfoSec teams and malicious hackers, and it’s not hard to see why. When compromised, connected endpoints — desktops, laptops, smartphones, tablets — offer intruders major entry points into corporate network...

6.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/08/24 6:33 p.m.111 views

Qualys Cloud Platform 2.30 New Features

This release of the Qualys Cloud Platform version 2.30 includes updates and new features for Cloud Agent, EC2 Connector, Web Application Scanning, Web Application Firewall, and Security Assessment Questionnaire, highlights as follows. This posting has been updated on 9/6/2017 and 10/25/2017 to...

6.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/08/10 3:0 p.m.61 views

Call for Papers: Qualys Security Conference 2017

Our annual user conference, QSC17, is quickly approaching and we are looking for customer presentations that showcase hot topics related to security and best practices via case studies leveraging the use of Qualys technologies. If you would like to be considered as a presenter, please send a...

6.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/08/09 6:42 p.m.112 views

Qualys Policy Compliance Notification: Policy Library Update

Qualys’ library of built-in policies makes it easy to comply with commonly adhered to security standards and regulations. Qualys provides a wide range of policies, including many that have been certified by CIS as well as ones based on security guidelines from vendors such as Microsoft and VMware...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/08/09 4:5 p.m.52 views

Countdown to GDPR: IT Policy Compliance

From the first page, the EU’s General Data Protection Regulation stresses the importance it places on the security and privacy of EU residents’ private information. The 88-page document opens by referring to the protection of this personal data as a “fundamental right” essential for “freedom,...

6.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/08/08 9:13 p.m.13 views

Qualys Cloud Suite 8.10.2 New Features

This new patch release of the Qualys Cloud Suite, version 8.10.2, includes updates to shared platform features, a new role for user management, and expanded Policy Compliance platform support. Feature Highlights Qualys Cloud Platform Limit number of external scanners – You can now limit the numbe...

6.6AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/08/08 6:25 p.m.165 views

August Patch Tuesday: 25 critical Microsoft vulnerabilities, 43 for Adobe

Today Microsoft released patches covering 48 vulnerabilities as part of August’s Patch Tuesday update, with 15 of them affecting Windows. Patches covering 25 of these vulnerabilities are labeled as Critical, and 27 can result in Remote Code Execution. According to Microsoft, none of these...

9.3CVSS8.3AI score0.55415EPSS
Exploits0
Qualys Blog
Qualys Blog
added 2017/08/07 4:43 p.m.64 views

CyberSecurity Report: Threat Landscape Gets More Sophisticated

Destruction of service. Get acquainted with this newly-minted term, and with its acronym — DeOS. It’s a particularly disturbing type of cyber attack InfoSec teams may face regularly in the not too distant future. That’s one of the main findings featured in the Cisco 2017 Midyear Cybersecurity...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/08/02 3:27 p.m.366 views

Countdown to GDPR: Manage Vulnerabilities

If your organization needs a compelling reason for establishing or enhancing its vulnerability management program, circle this date in bold, red ink on your corporate calendar: May 25, 2018. On that day, the EU's General Data Protection Regulation GDPR goes into effect, intensifying the need for...

9.3CVSS0.3AI score0.91324EPSS
Exploits13
Qualys Blog
Qualys Blog
added 2017/07/26 3:30 p.m.55 views

How to Secure Public Clouds while Boosting Digital Transformation

It’s happening all over the business world. Organizations of all sizes and in all industries are aggressively deploying innovative products to new online consumer channels, digitizing their core services and transitioning core business workloads to public clouds as part of digital transformation...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/07/25 12:46 a.m.74 views

Introducing the Qualys New Look and Positioning

Dear Customer, Partner and Security Professional, I would like to thank all of you for your support during our ongoing journey to a world where we are making security invisible and an integrated component of the Digital Transformation of our enterprises. With your help and the dedication of our...

6.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/07/19 4:0 p.m.47 views

Countdown to GDPR: Assess Vendor Risk

To comply with GDPR, organizations typically must overhaul and update a number of internal processes and systems, but they can’t ignore a critical area: risk from vendors and other third parties such as contractors, partners, suppliers and service providers. It’s a point that’s stressed repeatedl...

6.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/07/18 9:18 p.m.67 views

Securing Public Clouds for Digital Transformation Success

As organizations seek digital transformation benefits and aggressively move workloads to public cloud platforms, InfoSec teams must support their business units’ efforts by adapting and properly protecting these environments. This may sound surprising to those who think that, when you use a publi...

6.8AI score
Exploits0
Total number of security vulnerabilities1089