Lucene search
K
QualysblogRecent

1089 matches found

Qualys Blog
Qualys Blog
added 2025/05/15 4:22 p.m.32 views

Fileless Execution: PowerShell Based Shellcode Loader Executes Remcos RAT

Cybercriminals are progressively turning PowerShell to launch stealthy attacks that evade traditional antivirus and endpoint defenses. By running code directly in memory, these threats leave minimal evidence on disk, making them particularly challenging to detect. A recent example is Remcos RAT, ...

7.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/05/13 7:13 p.m.65 views

Microsoft and Adobe Patch Tuesday, May 2025 Security Update Review

Microsoft's May 2025 Patch Tuesday rolls out critical security updates, addressing multiple vulnerabilities across Windows, Office, and other key products. Here's a quick breakdown of what you need to know. Microsoft Patch Tuesday for May 2025 In this month's Patch Tuesday, May 2025 edition,...

8.8CVSS9.9AI score0.57672EPSS
Exploits9
Qualys Blog
Qualys Blog
added 2025/05/12 4:0 p.m.24 views

Security, Uninterrupted: Inside Qualys’ Zero-Touch Security Vision with Qualys Cloud Agent

New Feature: Remote Log Collection for Seamless Troubleshooting and Analysis In the modern enterprise, where resilience and scale are non-negotiable, the margin for error in cybersecurity has all but disappeared. Yet the tools available to security teams remain tethered to legacy...

7.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/05/08 10:54 p.m.84 views

Inside LockBit: Defense Lessons from the Leaked LockBit Negotiations

The LockBit ransomware gang recently suffered a significant data breach. Their dark web affiliate panels were defaced with the message "Don't do crime CRIME IS BAD xoxo from Prague," linking to a MySQL database dump. This archive contains a SQL file from LockBit's affiliate panel database that...

10CVSS8.3AI score0.99999EPSS
Exploits913
Qualys Blog
Qualys Blog
added 2025/05/06 12:45 p.m.8 views

Powering the Future of Cyber Risk Management: Welcoming Our First mROC Alliance Members

Organizations today face a growing challenge: fragmented security tools, a flood of risk findings, and limited visibility across environments. But perhaps the biggest challenge of them all is the disconnect between cybersecurity efforts and the business value at risk. Without the ability to...

7.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/05/05 9:55 p.m.16 views

Bridging the Gap: How Qualys Simplifies NCA ECC 2024 Compliance for Businesses

As the digital environment advances, new and more sophisticated cyber threats emerge, necessitating stronger and more adaptive cybersecurity measures. Recognizing this need, the National Cybersecurity Authority NCA of Saudi Arabia has introduced the Essential Cybersecurity Controls ECC 2024...

7.6AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/05/01 7:54 p.m.13 views

Remediate Risk Without the Roadblocks: Automate with Qualys Flow

Remediation and Workflow Automation, Redefined Still relying on manual steps in your cloud security? It’s outdated, and it’s risky. Manual processes lead to slower threat detection, human errors, increased operational costs, and compliance delays. This isn’t just inefficient—it’s a liability. Ent...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/04/29 12:46 p.m.10 views

Guard Against GenAI and LLM Risks from Development to Deployment with Qualys TotalAI

Artificial intelligence is fundamentally reshaping the enterprise. From automating customer service to accelerating code generation, large language models LLMs are rapidly becoming embedded in how businesses operate and compete. But as organizations embrace this innovation, they are also opening...

7.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/04/24 5:0 p.m.17 views

Shrinking Lifespans, Growing Risk: The Final Certificate Countdown

Recent Developments Severely Shorten Certificate Lifespans. The SSL/TLS ecosystem is shifting rapidly and not in a way that favors already stretched teams. Historically, certificates could be valid for up to 10 years. Certificates now face drastically shorter lifespans. DigiCert and other major...

7.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/04/24 12:45 p.m.12 views

Introducing Qualys Policy Audit, the New Standard for Audit Readiness

Do you know how audit ready you really are? What if you could answer that question with confidence—at any moment, across every system, for every framework that matters to your business? In today’s rapidly shifting regulatory landscape, audits are no longer a periodic event—they’re a continuous...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/04/23 4:2 a.m.18 views

The Verizon 2025 Data Breach Investigations Report (DBIR): Six Trends You Can’t Ignore

Executive Summary The 2025 Data Breach Investigations Report reveals critical trends that security teams and leaders must address to protect their organizations against evolving cyber threats. Once again, Qualys contributed to this report to help unpack critical patterns and equip organizations...

7.6AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/04/21 5:0 p.m.17 views

Steps to TruRisk™ – 3: Getting Started—Assessing Business Consequences

“In preparing for battle, plans are useless, but planning is indispensable.” —Dwight D. Eisenhower Prioritization wins battles. Preparation is the difference between a coordinated response and total chaos. Protecting what matters starts with identifying critical systems, understanding the impact,...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/04/16 2:16 p.m.31 views

Oracle Critical Patch Update, April 2025 Security Update Review

Oracle released its first quarterly edition of this year’s Critical Patch Update. The update received patches for 378 s ecurity vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families,...

10CVSS7.8AI score0.99945EPSS
Exploits80
Qualys Blog
Qualys Blog
added 2025/04/16 6:29 a.m.29 views

Safeguarding Vulnerability Management Despite MITRE Funding Risks

Recently, there have been several developments from vulnerability databases that have led to some concerns around their continued effectiveness in categorizing and enriching the data about vulnerabilities. The MITRE CVE program has been an essential part of cybersecurity for over 25 years. It...

8.8CVSS7.2AI score0.00351EPSS
Exploits0
Qualys Blog
Qualys Blog
added 2025/04/15 3:0 p.m.10 views

The Efficiency Imperative: How Federal Agencies Can Streamline Cybersecurity Operations

With increasing scrutiny on government spending, federal agencies face mounting pressure to optimize IT budgets while fortifying cybersecurity defenses. However, the unchecked proliferation of security tools has led to inefficiencies, reduced visibility, and increasing total cost of ownership. A...

7.7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/04/08 7:6 p.m.42 views

Microsoft and Adobe Patch Tuesday, April 2025 Security Update Review

Microsoft's April 2025 Patch Tuesday has arrived, delivering critical security updates and fixes across the various products, features, and roles. Here's a quick breakdown of what you need to know. Microsoft Patch Tuesday for April 2025 In this month's Patch Tuesday, April 2025 edition, Microsoft...

8.8CVSS9.2AI score0.1806EPSS
Exploits6
Qualys Blog
Qualys Blog
added 2025/04/07 4:0 p.m.24 views

Steps to TruRisk™ – 2: Measuring the Likelihood of Vulnerability Exploitation

Cybersecurity programs rely on various methods to measure the risk associated with vulnerabilities for prioritization, such as CVSS, EPSS, CISA KEV, or even internally developed systems that combine multiple approaches. While these methods help assess whether a specific vulnerability exists on an...

9.6CVSS8AI score0.99759EPSS
Exploits41
Qualys Blog
Qualys Blog
added 2025/04/03 12:0 p.m.18 views

The State of Cloud & SaaS Security: Essential Statistics and Insights

Twenty-eight percent of organizations experienced a cloud- or SaaS-related data breach in the past year—meaning more than 1 in 4 enterprises were impacted. Even more alarming, 36% of those affected faced multiple breaches within a single year. This is just one of many cloud security pain points...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/03/27 5:10 p.m.12 views

Qualys TRU Discovers Three Bypasses of Ubuntu Unprivileged User Namespace Restrictions

The Qualys Threat Research Unit TRU recently disclosed three security bypasses in Ubuntu's unprivileged user namespace restrictions. Qualys responsibly disclosed these vulnerabilities to the Ubuntu Security Team on January 15, 2025, and has been working with Ubuntu since then. Qualys TRU uncovere...

7.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/03/27 3:0 p.m.9 views

How DevOps Can Move Fast and Stay Secure with TruRisk

Don’t Spend Your Time Fixing Too Many Vulnerabilities In modern DevOps, speed is everything—and so is security. But for most teams, the two feel constantly at odds. The reality? You’re probably spending valuable time fixing vulnerabilities that don’t actually matter. Moreover, there’s always the...

7.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/03/11 7:4 p.m.51 views

Microsoft and Adobe Patch Tuesday, March 2025 Security Update Review

March 2025 Patch Tuesday is here, and Microsoft has rolled out critical security updates that address multiple vulnerabilities across its product suite. Here’s a quick breakdown of what you need to know. Microsoft Patch Tuesday for March 2025 Microsoft Patch's Tuesday, March 2025 edition addresse...

8.8CVSS9.3AI score0.58974EPSS
Exploits30
Qualys Blog
Qualys Blog
added 2025/03/10 4:0 p.m.8 views

Steps to TruRisk™ – 1: Shift to Priority-Driven Strategies

“If you know the enemy and know yourself, you need not fear the result of a hundred battles.” — Sun Tzu Security and IT teams are drowning in alerts, scrambling to patch everything they can, yet breaches still happen. Not all vulnerabilities pose the same risk. While reducing totals may seem like...

7.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/03/10 3:0 p.m.9 views

Qualys & ServiceNow: Automating Risk-Driven Remediation for Container Security

Introducing the Qualys & ServiceNow Integration Qualys and ServiceNow are redefining container vulnerability management with an integrated approach that streamlines remediation for highly ephemeral containerized workloads. Organizations can now seamlessly detect, prioritize, and remediate...

7.6AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/03/03 5:0 p.m.8 views

How Qualys Policy Compliance Helps You Adopt NIST AI RMF 1.0

Artificial Intelligence AI technologies are reshaping industries at an unprecedented pace. But while these technologies present incredible opportunities for innovation, they also pose unique risks. AI systems are no longer just futuristic concepts; they are actively influencing business decisions...

7.7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/02/28 3:39 p.m.12 views

Independent Analyst Firm: Qualys Recognized as a Leader in Attack Surface Management

As the modern attack surface continues to grow in complexity, the need for simplified asset discovery and risk assessment has never been more acute. In 2021, Qualys introduced CyberSecurity Asset Management CSAM, a visionary ASM offering designed to bolster the customer’s coverage of the attack...

7.5AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/02/25 6:18 p.m.63 views

Defense Lessons From the Black Basta Ransomware Playbook

The cybersecurity world was rocked last week by a massive leak of Black Basta’s internal communications that emerged from the group’s chat logs. Triggered by internal conflicts and a retaliatory data dump following attacks on Russian banks, the exposed records offer a rare glimpse into Black...

10CVSS10AI score0.99999EPSS
Exploits1482
Qualys Blog
Qualys Blog
added 2025/02/25 4:0 p.m.10 views

Qualys TotalCloud KCS Achieves Red Hat Vulnerability Scanner Certification

We’re excited to announce that Qualys TotalCloud Kubernetes and Container Security KCS has achieved the Red Hat Vulnerability Scanning Certification , reinforcing our commitment to unbiased, 6-sigma accurate vulnerability detection. By meeting Red Hat’s rigorous security standards, Qualys...

7.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/02/24 6:0 p.m.5 views

From Vulnerability Scanning to Risk Management: The Complete VMDR Advantage

What if your vulnerability management tool did more than just scan and instead helped you take control of cyber risks across your business? CISA defines “vulnerability management” as the process by which organizations identify, analyze, and manage vulnerabilities in a critical service’s operating...

7.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/02/20 4:0 p.m.8 views

Streamline Security: Automate Database Compliance with Qualys Cloud Agent

Compliance audit failures remain a critical challenge for organizations, particularly in database security. According to the 2024 Thales Data Threat Report, nearly 43% of companies failed at least one compliance audit in the past year. This is a significant concern because audit failures correlat...

7.7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/02/18 4:0 p.m.12 views

Securing Dynamic Cloud Environments: Best Practices for Comprehensive Scanning

As organizations increasingly adopt cloud-native development, the complexity of securing dynamic environments continues to grow. Vulnerability scanning remains a cornerstone of cloud security, enabling organizations to identify and address risks effectively. However, with the increasing prevalenc...

8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/02/18 9:4 a.m.26 views

Qualys TRU Discovers Two Vulnerabilities in OpenSSH: CVE-2025-26465 & CVE-2025-26466

The Qualys Threat Research Unit TRU has identified two vulnerabilities in OpenSSH. The first, tracked as CVE-2025-26465, allows an active machine-in-the-middle attack on the OpenSSH client when the VerifyHostKeyDNS option is enabled. The second, CVE-2025-26466, affects both the OpenSSH client and...

6.8CVSS7AI score0.38474EPSS
Exploits5
Qualys Blog
Qualys Blog
added 2025/02/13 4:0 p.m.7 views

Qualys Adds Threat Intelligence for Typosquatting and Defamatory Domains to External Attack Surface Management

Cybersecurity professionals can now use Qualys CyberSecurity Asset Management CSAM with External Attack Surface Management EASM to reduce cyber risks from credential harvesting, phishing, and malware downloads and diminish reputational harm. Bad actors have been registering look-alike, sound-alik...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/02/11 7:46 p.m.55 views

Microsoft and Adobe Patch Tuesday, February 2025 Security Update Review

As the second Patch Tuesday of 2025 arrives, Microsoft has released crucial updates to strengthen cybersecurity defenses. Let's explore the highlights and what they mean for users. Microsoft Patch Tuesday for February 2025 Microsoft Patch's Tuesday, February 2025 edition addressed 67...

8.1CVSS9.1AI score0.29778EPSS
Exploits2
Qualys Blog
Qualys Blog
added 2025/02/11 4:0 p.m.6 views

What is Cloud Scanning, and Why Does It Matter?

Cloud environments continue to experience widespread adoption because of their flexibility and dynamic nature. They empower developers to quickly deploy or modify business applications and many other core business functions. However, this very dynamism and complexity also make them difficult to...

6.7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/02/05 1:0 p.m.11 views

Qualys Unveils mROC: The Industry’s First Managed Risk Operation Center To Help Partners Scale Risk Management Services

The launch of Enterprise TruRisk Management ETM, the world’s first Risk Operations Center ROC in the cloud, in October 2024 has met with an overwhelmingly positive reception from customers. They see the potential of a unified approach to managing cyber risk. We recognize that setting up and...

7.5AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/02/03 1:0 p.m.12 views

Qualys TotalAppSec Delivers AI-powered Unified Application Risk Management for Modern Web Apps and APIs

" If you can’t measure it, you can’t manage it." - This adage rings truer than ever in the world of cybersecurity. Today, the modern attack surface has exploded, fueled by APIs that now drive 83% of all web traffic, powering critical integrations, microservices, and digital experiences. Security...

8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/02/01 5:30 a.m.42 views

DeepSeek Failed Over Half of the Jailbreak Tests by Qualys TotalAI

A comprehensive security analysis of DeepSeek 's flagship reasoning model reveals significant concerns for enterprise adoption. Introduction DeepSeek-R1, a groundbreaking Large Language Model recently released by a Chinese startup, DeepSeek, has captured the AI industry’s attention. The model...

7.7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/01/28 6:38 p.m.10 views

Securing AI Innovation: Enterprise Strategies for LLM and Generative AI Security

The adoption of Large Language Models LLMs and Generative AI is revolutionizing enterprise operations, delivering unmatched innovation, efficiency, and competitive advantage. However, this rapid integration brings significant AI security challenges that organizations must address. Insights from...

7.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/01/27 6:2 p.m.9 views

Unlock the Boardroom with Cyber Risk: How the Qualys Enterprise TruRisk™ Platform Empowers CISOs

The Changing Landscape for CISOs " If you can't measure it, you can't manage it." - Peter Drucker This timeless adage by Drucker resonates deeply in today's digital era, where managing cyber risks has become a business-critical priority. According to a recent survey from Splunk, Today, nearly 50%...

7.6AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/01/23 5:17 a.m.66 views

Oracle Critical Patch Update, January 2025 Security Update Review

Oracle released its first quarterly edition of this year’s Critical Patch Update, which received patches for 318 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, includin...

9.5CVSS9.4AI score0.99957EPSS
Exploits70
Qualys Blog
Qualys Blog
added 2025/01/21 4:5 p.m.25 views

Mass Campaign of Murdoc Botnet Mirai: A New Variant of Corona Mirai

The Qualys Threat Research Unit has uncovered a large-scale, ongoing operation within the Mirai campaign, dubbed Murdoc Botnet. This variant exploits vulnerabilities targeting AVTECH Cameras and Huawei HG532 routers. It demonstrates enhanced capabilities, exploiting vulnerabilities to compromise...

8.7CVSS10AI score0.7861EPSS
Exploits7
Qualys Blog
Qualys Blog
added 2025/01/17 8:19 p.m.53 views

How to Address CVE-2025-21307 Without a Patch Before the Weekend

Microsoft’s January 2025 Patch Tuesday release addresses a critical vulnerability—CVE-2025-21307—in the Windows Reliable Multicast Transport Driver RMCAST. With a CVSS score of 9.8, this vulnerability poses a severe threat and is highly susceptible to exploitation. What is CVE-2025-21307? RMCAST ...

9.8CVSS10AI score0.0184EPSS
Exploits0
Qualys Blog
Qualys Blog
added 2025/01/16 9:35 p.m.14 views

Cybersecurity 2025: Qualys’ Predictions for Navigating the Evolving Threat Landscape

Cybersecurity in 2024 was a year of contrasts—marked by rising threats and groundbreaking innovations. The surge in ransomware attacks and exploitation of vulnerabilities exposed weaknesses in core systems and software, while the rapid adoption of AI tools brought both risks and opportunities to...

7.6AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/01/15 4:2 p.m.9 views

Certificate Awareness & Automated Renewal with Qualys CertView

The Challenges of Managing Digital Certificates Everything we do in the digital world relies on certificates. Whether this is accessing services using our computer or phone, for work or for leisure—certificates are ubiquitous. However, for many organizations, managing digital certificates can pos...

7.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/01/14 8:40 p.m.55 views

Microsoft and Adobe Patch Tuesday, January 2025 Security Update Review

Happy New Year! As the calendar turns to January 2025, Microsoft's first Patch Tuesday of 2025 has arrived. From zero-days to critical vulnerabilities, here's what deserves your attention. Here's a breakdown of what's been patched. Microsoft Patch Tuesday for January 2025 Microsoft Patch's Tuesda...

9.8CVSS9.7AI score0.80912EPSS
Exploits11
Qualys Blog
Qualys Blog
added 2025/01/07 5:1 p.m.15 views

Secure, Efficient, Cost-Effective: How Qualys Patch Management Delivers ROI

As demonstrated by real user reviews from PeerSpot Organizations face increasing challenges in managing cyber threats and deploying the tools necessary to detect, protect, and mitigate vulnerabilities. Patch management, a critical component of cybersecurity, often falls victim to resource...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/12/19 6:2 p.m.11 views

Securing Cloud Environments Against Potential Extortion Threats

Introduction With the growing reliance on cloud infrastructure, organizations must be vigilant against potential extortion threats targeting misconfigurations and weak access controls. Unfortunately, extortion threats are a huge problem. According to the Verizon 2024 Data Breach Investigations...

8.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/12/18 11:53 p.m.11 views

Steps to TruRisk—Insight to Action with VMDR

Shifting from Vulnerability Management to Business-Focused Risk Reduction In cybersecurity, numbers can be deceptive. The sheer volume of vulnerabilities does not equate to risk. Instead, resilience depends on understanding which vulnerabilities pose the greatest threat to your business—and actin...

7.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/12/18 4:14 p.m.10 views

NotLockBit: A Deep Dive Into the New Ransomware Threat

Overview NotLockBit is a new and emerging ransomware family that actively mimics the behavior and tactics of the well-known LockBit ransomware. It distinguishes itself by being one of the first fully functional ransomware strains to target macOS and Windows systems. Distributed as an x8664 golang...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/12/17 9:17 p.m.52 views

What’s New in Qualys VMDR: 2024 Edition

Let us quickly recap the features released in Qualys Vulnerability Management, Detection & Response VMDR in 2024 and understand their use cases and benefits. Every quarter, the Qualys Product Management team collaborates with multiple customers worldwide, develops innovative solutions that addres...

7.3AI score
Exploits0
Total number of security vulnerabilities1089