Lucene search
K
QualysblogRecent

1089 matches found

Qualys Blog
Qualys Blog
added 2017/07/12 2:57 p.m.56 views

Q&A: Conducting Cloud-Based Vendor Risk Audits With Qualys SAQ

Third-party security assessments drastically reduce your organization’s risk of suffering a data breach. When carried out properly, these assessments identify poor InfoSec and privacy practices among your vendors, partners, contractors, and other third parties with access to your IT systems and...

6.6AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/07/11 6:32 p.m.258 views

July Patch Tuesday: 19 Critical Vulnerabilities from Microsoft, plus Critical Adobe Patches

Today Microsoft released patches covering 54 vulnerabilities as part of July’s Patch Tuesday update, with 26 of them affecting Windows. Patches covering 19 of these vulnerabilities are labeled as Critical, all of which can result in Remote Code execution. According to Microsoft, none of these...

10CVSS8.8AI score0.26161EPSS
Exploits0
Qualys Blog
Qualys Blog
added 2017/07/11 4:0 p.m.40 views

Countdown to GDPR: Prioritize Vulnerability Remediation

The EU’s GDPR General Data Protection Regulation demands that organizations stringently protect EU residents’ data they hold, share and process, which requires having solid InfoSec practices, including threat prioritization. No, there is no specific mention of prioritization of vulnerability...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/06/30 2:11 p.m.64 views

SSL Labs Grading Redesign (Preview 1)

We’re excited to share with you the first preview of our next-generation grading. This is something that’s long overdue but, due to lack of available time, we managed to keep up patching the first-generation grading to keep up with the times. Now, finally, we’re taking the next necessary steps to...

6.7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/06/29 3:59 p.m.43 views

Save Time by Streamlining Vendor Risk Assessments in the Cloud

As your organization enthusiastically adopts cloud and mobile services from multiple new vendors, are your already-busy security and compliance teams scrambling to assess the risks of using these new providers’ products? Are you still using a manual process for conducting these vendor evaluations...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/06/28 4:32 p.m.23 views

Countdown to GDPR: Get 20/20 Visibility Into Your IT Assets

Anyone questioning the importance of IT asset visibility in an organization’s security and compliance postures ought to review the EU’s General Data Protection Regulation GDPR, which goes into effect next year. With the severe requirements the GDPR places on how a business handles the personal da...

6.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/06/27 9:22 p.m.61 views

Petya Ransomware: What You Need to Know

On Tuesday, a variant of the ransomware "Petya" began propagating in several countries across Europe. This new variant leverages the EternalBlue exploit used in WannaCry, and also takes advantage of misconfigured permissions to spread throughout the network. EternalBlue is a leaked exploit...

6.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/06/26 11:10 p.m.24 views

Qualys Cloud Suite 8.10.1 New Features

This new patch release of the Qualys Cloud Suite, version 8.10.1, includes updates to password management, user roles & permissions, and User Defined Control improvements in Qualys Policy Compliance PC. Feature Highlights Qualys Cloud Platform Platform Password Improvements - In this release, we...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/06/21 7:22 p.m.18 views

Qualys Cloud Platform 2.28 New Features

This release of the Qualys Cloud Platform version 2.28 includes updates and new features for Cloud Agent, AssetView, ThreatPROTECT, Security Assessment Questionnaire and Web Application Scanning, highlights as follows: Cloud Agent Cloud Agent AIX Beta – beta release of Qualys Cloud Agent supporti...

6.7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/06/21 2:51 p.m.29 views

Countdown to GDPR — Reduce your Risk

First discussed in the 1990s and turned into law last year, the EU’s General Data Protection Regulation GDPR finally goes into effect in May 2018, imposing strict requirements on millions of businesses and subjecting violators to severe penalties. The complex regulation is of concern not just to...

6.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/06/19 10:35 p.m.14 views

Qualys Cloud Platform 2.27 New Features

This release of the Qualys Cloud Platform version 2.27 includes updates and new features for Cloud Agent and AssetView as follows: Highlights Platform / Cloud Agent API Host Asset Management API – updated to query on and return additional Cloud Agent attributes. The new attribute fields are not...

6.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/06/19 5:57 p.m.25 views

Visualizing the Stack Clash Vulnerability with Dashboards

Security teams should apply vendor patches immediately to protect their Linux, OpenBSD, NetBSD, FreeBSD and Solaris infrastructure from The Stack Clash vulnerability also see the security advisory. To help in that effort, this blog post describes a new built-in Qualys AssetView dashboard to...

6.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/06/19 3:14 p.m.1503 views

The Stack Clash

What is the Stack Clash? The Stack Clash is a vulnerability in the memory management of several operating systems. It affects Linux, OpenBSD, NetBSD, FreeBSD and Solaris, on i386 and amd64. It can be exploited by attackers to corrupt memory and execute arbitrary code. Qualys researchers discovere...

7.2CVSS8AI score0.08018EPSS
Exploits15
Qualys Blog
Qualys Blog
added 2017/06/13 6:28 p.m.4124 views

Microsoft Fixes 94 Security Issues in Massive June Update

Today Microsoft released patches to fix 94 vulnerabilities out of which 27 fix remote code execution issues which can allow an attackers to remotely take control of victim machines. This is a massive update and fixes more than double the number of vulnerabilities as compared to the last two month...

10CVSS2.4AI score0.99823EPSS
Exploits68
Qualys Blog
Qualys Blog
added 2017/06/13 5:45 p.m.23 views

Dynamic Questionnaire: Accelerate Quick and Efficient Responses with Question Gating

As you roll out Security Assessment Questionnaire to your vendors and internal stakeholders, it is necessary to avoid lengthy questionnaires containing many sections with questions that are not relevant to their area of work. It is important that respondents don’t get overwhelmed and spend a lot ...

6.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/06/05 7:24 p.m.193 views

Lessons Learned from SQL Injection Fix in Joomla 3.7.0

The Joomla community recently patched a SQL injection vulnerability introduced in Joomla 3.7.0. The article reporting this vulnerability explains how to identify the vulnerability which was discovered via static code analysis and how to craft an attack, e.g...

4.3CVSS7.4AI score0.00933EPSS
Exploits0
Qualys Blog
Qualys Blog
added 2017/05/26 8:32 p.m.613 views

Samba Vulnerability CVE-2017-7494

On Wednesday, the Samba Team patched a vulnerability that exists in all versions of Samba including and after version 3.5.0. Exploitation of this vulnerability could result in remote code execution on the affected host. Samba is used to provide SMB and CIFS services for Linux systems, and is...

10CVSS0.2AI score0.99448EPSS
Exploits24
Qualys Blog
Qualys Blog
added 2017/05/24 1:21 a.m.14 views

Digging Into WannaCry Details: Answers to Your Burning Questions

Jimmy Graham, Director of Product Management, Qualys Threat Protection & AssetView The WannaCry ransomware attack spread so quickly and has been so disruptive that IT departments can’t get enough information about what caused it, how it can be remediated and what can be done to protect their...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/05/19 4:0 p.m.34 views

No More Tears: WannaCry Highlights Importance of Prompt Vulnerability Detection, Remediation

It didn’t have to happen. That’s the simple yet profound lesson from WannaCry’s ransomware rampage that has infected 300,000-plus systems in more than 150 countries, disrupting critical operations across industries, including healthcare, government, transportation and finance. If vulnerable syste...

7.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/05/18 10:18 p.m.42 views

Visualizing WannaCry & Shadow Brokers with Dashboards

To assess infections from WannaCry ransomware and threat exposure from the Shadow Brokers vulnerabilities across an entire IT environment, it's helpful to visualize your exposure via dynamic dashboards. Using Qualys AssetView and ThreatPROTECT, I created a single-pane incident response dashboard...

7.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/05/18 4:0 p.m.44 views

Better Trusted Scanning with Qualys-CyberArk Integration

To manage privileged credentials, especially across multiple systems in complex environments, many organizations use privileged account security solutions. Qualys has integrated with such solutions for a long time, and has recently upgraded its CyberArk integration to include CyberArk Application...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/05/17 4:0 p.m.44 views

For GDPR Readiness, You Need Visibility into Your IT Assets

The looming deadline for complying with the EU’s General Data Protection Regulation GDPR is shining the spotlight on a foundational InfoSec best practice: A comprehensive IT asset inventory. The reason: GDPR places strict requirements on the way a business handles the personally identifiable...

6.5AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/05/16 1:20 a.m.71 views

Qualys Cloud Suite 8.10 New Features

This new release of the Qualys Cloud Suite, version 8.10, includes new capabilities and improvements to for VM, PC and shared platform improvements: Authentication Vault integration with BeyondTrust Mandate-Based reporting for Policy Compliance to simplify reporting against multiple mandates and...

6.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/05/13 12:29 a.m.98 views

How to Rapidly Identify Assets at Risk to WannaCry Ransomware and ETERNALBLUE Exploit

In what may be the first public weaponizing of April's Shadow Brokers dump of NSA exploits, a ransomware attack has crippled IT systems globally and disrupted operations at major organizations, including patient services at UK hospitals. About 80,000 infections have been detected in about 100...

7.6AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/05/11 10:40 p.m.26 views

Qualys Policy Compliance Notification: Policy Library Update

Qualys’ library of built-in policies makes it easy to comply with commonly adhered to security standards and regulations. Qualys provides a wide range of policies, including many that have been certified by CIS as well as ones based on security guidelines from vendors such as Microsoft and VMware...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/05/10 5:46 p.m.33 views

Intel AMT Vulnerability

Last week, Intel published a security advisory INTEL-SA-00075 regarding a new vulnerability in Intel Active Management Technology AMT, Intel Standard Manageability ISM, and Intel Small Business Technology SBT. The firmware versions impacted are 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6. In...

7.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/05/10 12:28 a.m.27 views

Adobe Fixes Half a Dozen Flash Vulnerabilities and More

Flash has been the top target for exploit kits and we have observed that defender behavior, i.e. how fast patches are applied along with other factors in the threat landscape could have led to a decline in the number of Flash vulnerabilities being weaponized in exploit kits. In 2016, the time to...

7.6AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/05/09 6:6 p.m.251 views

Microsoft Fixes Malware Protection Engine and Several 0-Day Vulnerabilities, and Deprecates SHA-1

Hours before today’s Patch Tuesday release on the eve of May 8, Microsoft released an emergency updated to fix a vulnerability in their Malware Protection Engine. This critical vulnerability allows an attacker to take complete control of the victim's machine by just sending an e-mail attachment...

9.3CVSS2.2AI score0.7813EPSS
Exploits5
Qualys Blog
Qualys Blog
added 2017/05/04 3:0 p.m.21 views

Virtual Patching: A Lifesaver for Web App Security

Here’s a common scenario organizations increasingly face: Too many web apps with too many vulnerabilities and no chance for immediate remediation. In the interim, the organization is left exposed to potentially devastating breaches, at a time when web apps have become one of cyber attackers’...

7.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/04/26 12:0 a.m.32 views

Qualys Support for Reserve Bank of India (RBI) Cyber Security Guidelines

Reserve Bank of India RBI, India's central banking and monetary authority, points out that the number, frequency, and impact of cyber incidents on Indian banks has increased substantially. Like their peers globally, Indian banks are committed to maintaining customer trust, protecting financial...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/04/25 5:1 p.m.160 views

Shadow Brokers Fix for IBM Lotus Domino Released

IBM has released a patch for Lotus Domino to plug a security flaw which was disclosed in the latest Shadow Broker revelations. Lotus Domino includes an IMAP server. IMAP or Internet Message Access Protocol is an Internet standard protocol used by e-mail clients to retrieve e-mail messages from th...

6.5CVSS9AI score0.06736EPSS
Exploits2
Qualys Blog
Qualys Blog
added 2017/04/20 2:25 p.m.15 views

Qualys Cloud Platform 2.26 New Features

This release of the Qualys Cloud Platform version 2.26 includes updates and new features for Cloud Agent, AssetView, Security Assessment Questionnaire and Web Application Scanning as follows: Highlights Cloud Agent Platform View Module Activation Job Status – adds a button in Agent Management tab...

6.7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/04/18 9:39 p.m.463 views

Oracle Plugs Struts and Shadow Brokers hole along with 299 Total Vulnerabilities

Today Oracle released a total of 299 new security fixes across all product families. It is important to note that it fixed 25 instances of the infamous Apache Struts vulnerability which could allow a remote attacker to take complete control of the server running Struts. The struts fix was applied...

10CVSS0.3AI score0.99999EPSS
Exploits53
Qualys Blog
Qualys Blog
added 2017/04/18 8:29 p.m.21 views

PCI DSS v3.2 & Migrating from SSL and Early TLS v1.1

SSL & Early TLS vulnerabilities such as QID 38628 “SSL/TLS Server supports TLSv1.0”\ will be marked as a Fail for PCI as of May 1, 2017 in accordance with the PCI DSS v3.2. For existing implementations, merchants will be able to submit a PCI False Positive / Exception Request and provide proof of...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/04/15 7:11 a.m.513 views

The Shadow Brokers Release Zero Day Exploit Tools

On Friday, a hacker group known as The Shadow Brokers publicly released a large number of functional exploit tools. Several of these tools make use of zero-day vulnerabilities, most of which are in Microsoft Windows. Exploiting these vulnerabilities in many cases leads to remote code execution an...

10CVSS1.3AI score0.99823EPSS
Exploits67
Qualys Blog
Qualys Blog
added 2017/04/12 12:14 a.m.19 views

April 2017 Patch Tuesday Video Highlights

Microsoft Fixes 45 Vulnerabilities with new Security Update Guide and says goodbye to Security Bulletins. Adobe Fixes Flash, PDF reader and Photoshop...

6.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/04/11 6:24 p.m.990 views

Microsoft Fixes 45 Vulnerabilities with new Security Update Guide – says goodbye to Security Bulletins

Today is the first month since 1998 in which Microsoft stopped releasing security bulletins with the familiar MSxx-xxx format and replaced it with the new security update guide. We talked about this change earlier in a few blog posts and finally today it’s time to say good bye to security bulleti...

9.3CVSS2.6AI score0.99933EPSS
Exploits31
Qualys Blog
Qualys Blog
added 2017/04/11 4:48 p.m.6 views

Adobe Fixes Flash, PDF reader and Photoshop in April

Adobe released five security bulletins today following a pre-notification which was released on Thursday of last week. Highest priority goes to the Flash update APSB17-10 as flash has been the top choice for malware and exploit kits. If left un-patched, the vulnerabilities allow attackers to take...

7.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/04/10 4:0 p.m.21 views

IT Asset Inventory Systems and CMDBs: A Marriage Made in InfoSec Heaven

A key capability of an IT asset inventory system is being able to exchange data with CMDBs Configuration Management Databases. In fact, a common misconception is that organizations with CMDBs don’t need an IT asset inventory system because their functions overlap. While they have similar roles,...

7AI score
Exploits0
Total number of security vulnerabilities1089