Lucene search
K
QualysblogRecent

1089 matches found

Qualys Blog
Qualys Blog
added 2024/12/17 1:40 a.m.28 views

Critical Apache Struts File Upload Vulnerability (CVE-2024-53677)—Risks, Implications, and Enterprise Countermeasures

Apache has announced a critical vulnerability affecting Apache Struts CVE-2024-53677, a widely used Java-based web application framework. Struts is integral to many enterprise environments due to its robust architecture, extensive data validation capabilities, and seamless integration with other...

9.5CVSS10AI score0.78198EPSS
Exploits15
Qualys Blog
Qualys Blog
added 2024/12/12 5:48 p.m.9 views

Qualys Performance Tuning Series: Remove Stale Compliance Data for the Best Performance

In our first post in the Performance Tuning Series, we talked about removing stale assets to improve performance. In this installment, we will address the benefits of removing data once it becomes stale. Why does data become stale? The IT environment of any enterprise is very dynamic, and more so...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/12/11 3:1 p.m.21 views

Qualys Achieves 100% Major Step Detection in the 2024 MITRE ATT&CK Evaluations, Enterprise

How Qualys Transformed from Risk Leader to EDR Powerhouse In today’s rapidly evolving threat landscape, ransomware continues to dominate as one of the most significant cybersecurity challenges. To help organizations evaluate their defenses against these sophisticated threats, the MITRE ATT&CK...

9.8CVSS7.6AI score0.99999EPSS
Exploits54
Qualys Blog
Qualys Blog
added 2024/12/10 7:43 p.m.36 views

Microsoft and Adobe Patch Tuesday, December 2024 Security Update Review

Closing out 2024, Microsoft’s December Patch Tuesday highlights the importance of year-end maintenance with updates tackling critical vulnerabilities. As cyber threats remain persistent, these patches serve as a vital reminder of the ongoing need for robust system security. Microsoft Patch Tuesda...

9.8CVSS9.7AI score0.70906EPSS
Exploits7
Qualys Blog
Qualys Blog
added 2024/12/06 12:56 a.m.23 views

Qualys TotalAI: The Journey from LLM Scanner to Comprehensive AI Security Solution

Embarking on the AI/ML Journey The launch of Qualys TotalAI marks a significant milestone in our journey with AI/ML. It all began in March 2024 when we ventured into the rapidly evolving AI/ML landscape and the emerging LLM ecosystem. Recognizing the potential of these technologies to revolutioni...

7.5AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/12/05 5:10 p.m.11 views

Secure Your Generative Investments: Qualys Advances Enterprise TruRisk Platform with Qualys TotalAI to Protect Your LLM Investments

Artificial intelligence AI and large language models LLMs are reshaping industries, streamlining enterprise operations, and fueling unprecedented innovation. However, as adoption accelerates, so do the associated risks. While 70% of enterprises plan to deploy LLMs in production within the next 12...

7.6AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/12/04 4:13 p.m.39 views

Proactively Managing High-Risk Vulnerabilities with TruRisk Mitigate™

In late 2024, organizations faced over 65 million detections from three critical vulnerabilities—CVE-2013-2900, CVE-2024-38122, and CVE-2024-30078—underscoring the urgent need for proactive vulnerability management. Adding to these challenges, the Qualys Threat Research Unit TRU uncovered five...

8.8CVSS9.2AI score0.19924EPSS
Exploits16
Qualys Blog
Qualys Blog
added 2024/11/26 7:17 p.m.11 views

Elevate Cyber Defense with Qualys Advanced Hunting

Introduction In today’s cyber threat landscape, proactive approaches such as threat hunting have become key in any organization’s defense strategy, identifying and tackling threats before they become an incident. That is why Qualys is delighted to introduce Advanced Hunting , our threat-hunting...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/11/25 11:22 p.m.9 views

AI Under the Microscope—What’s Changed in the OWASP Top 10 for LLMs 2025

As AI continues to evolve, so do the threats and vulnerabilities that surround Large Language Models LLMs. The OWASP Top 10 for LLM Applications 2025 introduces critical updates that reflect the rapid changes in how these models are applied in real-world scenarios. While the list includes...

7.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/11/19 4:12 p.m.68 views

Qualys TRU Uncovers Five Local Privilege Escalation Vulnerabilities in needrestart

The Qualys Threat Research Unit TRU has identified five Local Privilege Escalation LPE vulnerabilities within the needrestart component, which is installed by default on Ubuntu Server. These vulnerabilities can be exploited by any unprivileged user to gain full root access without requiring user...

7.8CVSS8AI score0.19924EPSS
Exploits16
Qualys Blog
Qualys Blog
added 2024/11/14 7:33 p.m.6 views

Best Practices for Cloud Compliance

Introduction In today’s data-driven landscape, businesses are embracing cloud computing technology for its efficiency and scalability. A Cloud Security Alliance CSA report revealed that 98% of organizations worldwide use cloud services. Yet, more than 1/3rd of those organizations may not be using...

6.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/11/12 7:59 p.m.37 views

Microsoft and Adobe Patch Tuesday, November 2024 Security Update Review

Microsoft has released its November 2024 Patch Tuesday updates, targeting various vulnerabilities that could impact users and organizations worldwide. From zero-day threats to key product patches, here’s what’s crucial to apply this month. Here’s a breakdown of the updates and how they impact you...

9.8CVSS9.2AI score0.81817EPSS
Exploits3
Qualys Blog
Qualys Blog
added 2024/11/07 5:53 p.m.13 views

Elevate Your Container Security with QScanner in 2025

Securing container images is more important than ever in the dynamic world of cloud-native technologies. Organizations have long utilized reliable solutions from Qualys to scan their images, ensuring applications run smoothly and securely. These tools have played a crucial role in maintaining the...

7.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/11/05 7:59 p.m.7 views

Qualys Web Application Scanning (WAS) Recognized as a Leader in 2024 GigaOm Radar Report for Application Security Testing (AST)

In the ever-evolving cybersecurity landscape, securing web applications and APIs is no longer an option—it’s a necessity. As organizations face increasingly complex threats, ensuring the integrity of these digital assets has become paramount. However, it’s easy to feel overwhelmed by the sheer...

7.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/10/31 4:1 p.m.21 views

Announcing TotalCloud Attack Path, Cloud Workflow Automation, and 3-Step Simplified User Onboarding for Qualys TotalCloud CNAPP

The shift of business applications and infrastructure to the cloud has heightened the need for security teams to manage cyber risks comprehensively, ensuring visibility and control across diverse cloud environments. As organizations increasingly adopt multi-cloud environments, they often find...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/10/29 2:29 p.m.13 views

Qualys VMDR & Core Apps Revamped: Ultimate Cyber Defense Partnership for Streamlined Vulnerability Management with ITSM

Introducing the Revamped VMDR & Core Apps Qualys has the dynamic duo of ServiceNow Apps – The Qualys Core App and Qualys VMDR App – that help you close the gap between IT and Security teams, making vulnerability management and ticketing workflows seamless and eliminating manual spreadsheet-based...

7.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/10/21 4:49 a.m.34 views

Unmasking Lumma Stealer: Analyzing Deceptive Tactics with Fake CAPTCHA

Summary Lumma Stealer is an information-stealing malware available through a Malware-as-a-Service MaaS. It specializes in stealing sensitive data such as passwords, browser information, and cryptocurrency wallet details. The attacker has advanced its tactics, moving from traditional phishing to...

7.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/10/16 2:19 p.m.51 views

Oracle Critical Patch Update, October 2024 Security Update Review

Oracle released the last quarterly edition of this year’s Critical Patch Update. The update contains patches for 334 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families,...

9.8CVSS10AI score0.99987EPSS
Exploits83
Qualys Blog
Qualys Blog
added 2024/10/15 5:42 p.m.11 views

The Spanish National Security Framework (ENS) is Now Part of the Qualys Enterprise TruRisk™ Platform

The Spanish National Security Framework ENS, regulated by Royal Decree 311/2022 , is a mandatory framework designed to ensure an optimal level of security for the digital infrastructure of companies in the Spanish public sector and critical infrastructures. Its main objective is to establish a...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/10/10 2:0 p.m.10 views

Introducing the Enhanced User Interface of the Qualys Enterprise TruRisk™ Platform

Launching the Enhanced User Interface The Qualys Product Team is excited to announce upcoming enhancements to the Qualys User Interface. These User Experience UX enhancements will make your platform experience faster, smoother, and more immersive. We continuously leverage insights from channels...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/10/09 5:48 p.m.14 views

Announcing TruRisk™ 2.0: Unleashing Next-Level Precision in Cyber Risk Management

In cybersecurity, quantifying risk with precision is essential for robust security posture management. At Qualys, we continuously refine our methodologies to meet and exceed the evolving demands of vulnerability management and risk management. In October 2024, the launch of Qualys Enterprise...

7.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/10/09 5:47 p.m.14 views

Qualys Launches Enterprise TruRisk™ Management: The Industry’s First Cloud-Based Risk Operations Center

In today’s complex cybersecurity landscape, Chief Information Security Officers CISOs and business leaders require more than just a collection of disconnected tools to manage risks effectively—they need a unified, integrated approach. Today, we proudly announce the launch of Qualys Enterprise...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/10/09 5:46 p.m.8 views

The Future of Cybersecurity Risk Management: Risk Operations Center (ROC) delivered by Qualys Enterprise TruRisk™ Management (ETM)

" A problem well defined is a problem half solved." – Charles Kettering In today’s digital landscape, organizations are overwhelmed with risk signals from all directions—cloud vulnerabilities, misconfigurations in custom code, operational technology OT gaps, and third-party integrations, to name ...

7.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/10/08 7:20 p.m.57 views

Microsoft and Adobe Patch Tuesday, October 2024 Security Update Review

Microsoft has rolled out its October 2024 Patch Tuesday updates, offering vital security fixes for IT professionals to implement. With several critical vulnerabilities patched, this release highlights the ongoing need for regular maintenance and attention to security. Microsoft Patch Tuesday for...

9.8CVSS9.3AI score0.60954EPSS
Exploits5
Qualys Blog
Qualys Blog
added 2024/10/07 7:57 p.m.12 views

Qualys VMDR Rated as the Only Leader and Outperformer by Independent Analyst Firm for the Second Consecutive Year

Qualys VMDR received the highest possible scores for risk-based assessment, cloud-native and serverless function scanning, and flexibility of deployment, among 20 vendors evaluated in this report. As the threat landscape evolves, vulnerability management remains a cornerstone of security...

7.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/10/02 5:37 p.m.57 views

Threat Brief: Understanding Akira Ransomware

Overview Akira is a prolific ransomware that has been operating since March 2023 and has targeted multiple industries, primarily in North America, the UK, and Australia. It functions as a Ransomware as a Service RaaS and exfiltrates data prior to encryption, achieving double extortion. According ...

9.8CVSS10AI score0.99984EPSS
Exploits73
Qualys Blog
Qualys Blog
added 2024/09/27 4:47 p.m.22 views

Qualys Ranked as a “Strong Performer” Among Top Vendors in Forrester Wave™ for Attack Surface Management

As the threat landscape evolves and presents new risks to security teams, the bar for attack surface management solutions is higher than ever. When Qualys introduced CyberSecurity Asset Management in 2021, the goal was to provide a unified view of the entire attack surface with visibility into...

7.5AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/09/26 10:45 p.m.29 views

Critical Unauthenticated RCE Flaws in CUPS Printing Systems

A criticalset of unauthenticated Remote Code Execution RCE vulnerabilities in CUPS, affecting all GNU/Linux systems and potentially others, was disclosed today. These vulnerabilities allow a remote attacker to execute arbitrary code on a target system without valid credentials or prior access...

9CVSS9.1AI score0.8344EPSS
Exploits17
Qualys Blog
Qualys Blog
added 2024/09/25 3:20 p.m.9 views

Addressing Cloud Identity Risks With TotalCloud CIEM

As organizations continue to embrace multi-cloud environments, leveraging platforms such as Amazon Web Services AWS, Microsoft Azure, Google Cloud Platform GCP, and Oracle Cloud Infrastructure OCI, the complexity of cloud security has increased exponentially. In cloud environments, machines are...

7.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/09/24 3:0 p.m.13 views

Enhancing Cloud-Native Security: Qualys Introduces Scanning for Container-Optimized OS in Google Kubernetes Engine

As organizations move from traditional workloads to containerized environments, they encounter new security challenges. Containers bring added complexity that traditional security tools often struggle to manage, largely because of their transient nature and the shared responsibility between the...

7.5AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/09/19 3:1 p.m.45 views

Black Basta Ransomware: What You Need to Know

Overview Black Basta is a ransomware group operating as ransomware-as-a-service RaaS, first spotted in April 2022. It is known to use double extortion techniques where the group demands payment for the decryption and non-release of stolen data. Earlier versions of Black Basta share many...

10CVSS8.9AI score0.99959EPSS
Exploits129
Qualys Blog
Qualys Blog
added 2024/09/12 3:0 p.m.12 views

TotalCloud Insights: Unmasking AWS Instance Metadata Service v1 (IMDSv1)-The Hidden Flaw in AWS Security

Introduction Imagine a breach that cost a company over $150 million in fines, remediation, and lost trust. In 2019, this was an all-too-real situation for one business when vulnerabilities in AWS Instance Metadata Service v1 IMDSv1 were exploited. A single Server-Side Request Forgery SSRF attack,...

7.7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/09/10 7:31 p.m.36 views

Microsoft and Adobe Patch Tuesday, September 2024 Security Update Review

Microsoft's September Patch Tuesday updates are out, addressing a range of vulnerabilities across multiple products. Let's dive into the key updates and their implications. Microsoft Patch Tuesday for September 2024 Microsoft Patch's Tuesday, September 2024 edition addressed 79 vulnerabilities,...

9.9CVSS9.2AI score0.51461EPSS
Exploits3
Qualys Blog
Qualys Blog
added 2024/09/09 4:0 p.m.9 views

Partnering for Security: Qualys Solutions for Microsoft Azure Linux in AKS

As customers transition from traditional workloads to containerized environments, they face significant challenges. Containers introduce a level of complexity that traditional security measures often fail to address, primarily due to their ephemeral nature and the shared responsibility model...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/09/05 6:10 p.m.17 views

Simplifying Azure Cloud Security with Snapshot-Based Scans

As organizations increasingly move to the cloud, securing these dynamic and transient environments has become a critical challenge for security teams. Cloud deployments are inherently more fluid than traditional infrastructure, with resources constantly being spun up, modified, or decommissioned...

7.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/09/03 6:45 p.m.17 views

Secure Your Business with Qualys’ New Cloud Agent Deployment using Qualys Scanner

The significance of cybersecurity in today’s world cannot be understated. Businesses are constantly exposed to evolving threats that challenge their infrastructure. Organizations deploy various security solutions to combat these risks, including agents installed on their servers, endpoints, and...

7.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/08/22 5:55 p.m.7 views

TotalCloud Insights: When Multi-Factor Authentication Turns Into Single-Factor Authentication

Introduction Multi-factor authentication MFA failures have fuelled a 500% surge in ransomware losses, as noted in an article published by "The Hacker News"—from an average ransom payment of $400,000 in 2023 to $2 million in 2024. And attacks exploiting an MFA failure are getting increasingly...

7.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/08/15 3:0 p.m.12 views

HHS OIG Report Underscores Challenges of Securing the Cloud

On July 22, 2024, HHS Health and Human Services OIG published a report identifying a need for the Department of Health and Human Services, Office of the Secretary HHS OS to improve key security controls to better protect cloud information systems. The report, while focused on HHS OS, underscores...

7.7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/08/14 10:50 p.m.22 views

Our Takeaways From 2024 Gartner Market Guide for Cloud-Native Application Protection Platforms (CNAPP): Insights and Market Evolution

Are your cloud-native applications and multi-cloud infrastructure adequately protected against evolving threats? How confident are you in your current security measures for cloud workloads and containerized environments? The recent Gartner Market Guide for Cloud-Native Application Protection...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/08/13 8:31 p.m.67 views

Microsoft and Adobe Patch Tuesday, August 2024 Security Update Review

Microsoft’s August Patch Tuesday updates are out, and they address a range of vulnerabilities across multiple products. Let’s dive into the key updates and their implications. Microsoft Patch Tuesday for August 2024 Microsoft Patchs Tuesday, August 2024 edition addressed 102 vulnerabilities,...

9.8CVSS10AI score0.70564EPSS
Exploits31
Qualys Blog
Qualys Blog
added 2024/08/13 12:31 a.m.103 views

Understanding the New Windows Secure Kernel Mode Elevation of Privilege Vulnerability (CVE-2024-21302)

On August 7, 2024, Microsoft disclosed a significant security vulnerability affecting Windows-based systems, known as CVE-2024-21302. This zero-day vulnerability allows attackers with administrator privileges to elevate their access by replacing current versions of Windows system files with...

6.7CVSS8.9AI score0.01559EPSS
Exploits0
Qualys Blog
Qualys Blog
added 2024/08/09 7:44 p.m.16 views

Subscription Health Dashboard Update: Optimize Deployments and Identify Issues

For VM teams navigating the complex realm of cybersecurity tools, ensuring deployment health is paramount. Swift methods are required to pinpoint issues amidst complexity. Challenges such as duplicate entries, ghost hosts, and decommissioned devices can obstruct these views, hindering data...

7.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/08/06 1:0 p.m.82 views

2024 Midyear Threat Landscape Review

As we navigate the complexities of 2024, its crucial to pause and reflect on the evolving threat landscape that surrounds us. This moment offers a unique opportunity to scrutinize our triumphs and missteps, understand the events that have decisively shaped our environment, and consider those that...

10CVSS9.1AI score0.99999EPSS
Exploits241
Qualys Blog
Qualys Blog
added 2024/08/05 12:50 p.m.9 views

De-risk Generative AI: Enterprise TruRisk Platform Advances to Secure AI and LLM Workloads

As we stand at the frontier of technological innovation, artificial intelligence AI and large language models LLMs are reshaping industries, driving automation, enhancing customer experiences, optimizing processes, and unlocking business opportunities for modern enterprises. However, this rapid...

7.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/08/02 11:51 a.m.14 views

Enhance Your Cybersecurity Posture: Qualys Tackles CISA & NSA’s Top 10 Misconfigurations

The National Security Agency NSA alongside the Cybersecurity and Infrastructure Security Agency CISA have pinpointed the most critical misconfigurations that present substantial dangers to organizations. In particular, the advisory calls out the tactics, techniques, and procedures TTPs actors use...

8.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/07/30 12:50 p.m.39 views

Qualys Announces TruRisk Eliminate to Augment Patching

About 5 years ago, we launched Qualys Patch Management to empower our customers to not just detect and prioritize vulnerabilities but also effectively remediate them. Since then, we have assisted our customers in addressing hundreds of millions of vulnerabilities, significantly enhancing the...

8.8CVSS9AI score0.99759EPSS
Exploits57
Qualys Blog
Qualys Blog
added 2024/07/25 4:0 a.m.25 views

Secure Your APIs and Reduce Your Attack Surface With Modern, AI-powered API Security in Qualys Web Application Scanning (WAS)

The rise of APIs presents both opportunities and challenges in today’s hyperconnected digital world. APIs are integral to digital transformation initiatives across industries. The latest data indicates that over 83% of web traffic now comprises API traffic, highlighting their critical role in...

7.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/07/19 11:58 a.m.18 views

Global Outage Alert: Windows BSOD Crisis Following CrowdStrike Update – Recovery Steps & Qualys Assurance

On Friday, July 19, 2024, morning, reports surfaced globally of Microsoft Windows operating system users encountering the infamous Blue Screen of Death BSOD following the latest update from CrowdStrike. This widespread issue has severely impacted critical services, including telecommunications,...

7.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/07/17 2:34 p.m.95 views

Oracle Critical Patch Update, July 2024 Security Update Review

Oracle released its third quarterly edition of Critical Patch Update, which contains patches for 386 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-part...

9.8CVSS8.7AI score0.99999EPSS
Exploits51
Qualys Blog
Qualys Blog
added 2024/07/12 4:13 p.m.19 views

How to Detect Issuer Certificates and Comply with Google Chrome’s New Entrust Certificate Policy Using Qualys Certificate View

Google has announced that Chrome 127 and higher will no longer trust certain TLS certificates issued by Entrust, effective November 1, 2024. This change is significant and could potentially disrupt businesses relying on Entrust-issued certificates. Google stated that "publicly disclosed incident...

7.2AI score
Exploits0
Total number of security vulnerabilities1089