Lucene search
K
QualysblogRecent

1089 matches found

Qualys Blog
Qualys Blog
added 2024/07/09 7:9 p.m.143 views

Microsoft and Adobe Patch Tuesday, July 2024 Security Update Review

Julys Patch Tuesday brings a midsummer wave of updates, addressing critical vulnerabilities and enhancing security across the Microsoft ecosystem. Lets discover the highlights from Microsofts Patch Tuesday updates for July 2024. Microsoft Patch Tuesday for July 2024 Microsoft Patch Tuesdays July...

9.8CVSS9.8AI score0.84345EPSS
Exploits6
Qualys Blog
Qualys Blog
added 2024/07/09 3:47 p.m.15 views

Understanding the Hidden Cyber Risk from Tech Debt (EoL/EoS)

End-of-life EoL and end-of-support EoS hardware, software, and operating systems exist in every single technology environment, and they are an exponential multiplier of cyber risk. By definition, vulnerabilities with EoL/EoS technology are unpatchable. In some cases, IT teams can pay for extended...

7.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/07/08 7:0 p.m.23 views

Measuring, Communicating, and Eliminating Risk With TruRisk™ in Qualys Web Application Scanning (WAS)

In an era where cyber threats loom larger and more complex than ever, organizations demand not just defense but intelligent, cohesive strategies for managing cyber risks. With the Enterprise TruRisk Platform, Qualys reaffirmed its commitment to these needs by focusing its cybersecurity solutions ...

7.5AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/07/03 10:14 p.m.13 views

Qualys Blog

On Wednesday, July 3, 2024 at 2:45 AM EDT Qualys identified suspicious spam content posted to the Qualys blog. Qualys conducted an investigation to identify any compromise and/or impact due to this unauthorized spam blog post and found no indication that the incident had any impact on customer...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/07/03 5:50 a.m.20 views

Генерал-бас заключения банкнот во онлайн-казино

Содержание Лучший генералбас обналичить аржаны Бардепот Видимо-невидимо Временные рамки Если вы возымели доход от онлайновый-казино, вам бог велел быстро его выгнать. Посему вдолдонитесь, что вы выбрали алгорифм узкопотребительского банкинга, обеспечивающего беглое распределение. Самые быстрые...

7.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/07/01 8:23 a.m.211 views

regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server

The Qualys Threat Research Unit TRU has discovered a Remote Unauthenticated Code Execution RCE vulnerability in OpenSSH’s server sshd in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387. The vulnerability, which is a signal handler race condition in OpenSSHs server...

8.1CVSS9.6AI score0.99506EPSS
Exploits68
Qualys Blog
Qualys Blog
added 2024/06/29 1:31 a.m.55 views

Polyfill.io Supply Chain Attack

The polyfill.js is a popular open-source library that helps older browsers support functionality in newer browsers. Thousands of sites embed it using the cdn.polyfill.io domain. In February 2024, a Chinese company Funnull bought the domain and the GitHub account. The company has modified...

7.2CVSS7.4AI score0.03832EPSS
Exploits0
Qualys Blog
Qualys Blog
added 2024/06/27 9:5 p.m.12 views

Decoding OWASP – A Security Engineer’s Roadmap to Application Security

In a time where over 60% of data breaches are linked to software vulnerabilities and a single overlooked software vulnerability can expose sensitive data, the imperative of robust application security cannot be overstated. The 2023 IBM Security Cost of a Data Breach Report highlights that...

8.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/06/24 5:13 p.m.20 views

Essential Strategies to Secure Your Web Applications and APIs in a Modern Application Development World

In today’s interconnected digital world, the role of web applications and APIs has become central to business operations, acting as gateways to vast amounts of valuable data and services. However, their widespread use and accessibility make them prime targets for cybercriminals, posing substantia...

7.7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/06/20 11:6 a.m.20 views

Secure Your Containerized Environments with Qualys Containerized Scanner Appliance (QCSA)

IT has undergone a series of significant shifts over the years, from physical infrastructure to virtual, and how infrastructure was managed and maintained. This shift led IT through the digital transformation era, introducing various types of clouds and “As-a-Service” models. Although...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/06/19 3:2 p.m.20 views

TotalCloud Insights: Protect Your AWS Environment by Managing Access Keys Securely

Introduction With the average cost of a data breach coming in at $4.45M in 2023, safeguarding sensitive information and maintaining the security of cloud environments is more critical than ever. Instances of compromised access keys, not exclusive to AWS Amazon Web Services but prevalent across...

7.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/06/11 6:18 p.m.94 views

Microsoft and Adobe Patch Tuesday, June 2024 Security Update Review

Microsofts June Patch Tuesday is here, bringing fixes for vulnerabilities impacting its multiple products. This months release highlights the ongoing battle against cybersecurity threats, from critical updates to important fixes. Lets dive into the crucial insights from Microsofts Patch Tuesday...

9.8CVSS9.3AI score0.81729EPSS
Exploits18
Qualys Blog
Qualys Blog
added 2024/06/07 11:10 p.m.40 views

Check Point Security Gateway Information Disclosure Vulnerability (CVE-2024-24919)

Check Point Security Gateway is a secure web gateway that is an on-premises or cloud-delivered network security service. Check Point enforces network security policies, including firewall, VPN, and intrusion prevention capabilities. Check Point published a zero-day advisory on May 28, 2024,...

8.6CVSS8.7AI score0.99978EPSS
Exploits52
Qualys Blog
Qualys Blog
added 2024/06/04 3:0 p.m.17 views

TotalCloud Insights: Securing Your Data—The Power of Encryption in Preventing Threats

Introduction Did you know there is a 90% failure rate for encryption-related controls of MySQL Server in Microsoft Azure? The issue isnt confined to Azure; in Google Cloud Platform GCP environments there is a 98% failure rate of encryption-related controls for both compute engine and storage...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/06/03 5:41 p.m.12 views

PCI DSS 4.0: Get Audit-Ready for the New Requirements

The Payment Card Industry Data Security Standard PCI DSS originated in 2004 and is managed by the PCI Security Standards Council to ensure security for the global payment industry. This mandate applies to all entities worldwide that store, process, or transmit payment cardholder data or sensitive...

7.6AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/05/29 3:41 p.m.21 views

2024 Cybersecurity Trends: What’s Observable Already?

2024 has already witnessed a staggering number of cyber incidents, with over 29.5 billion records breached across 4,645 publicly disclosed incidents in January alone, according to the IT Governance Security Spotlight. Moreover, CVEs are growing significantly year over year, with 13% growth from...

7.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/05/22 5:53 p.m.23 views

TotalCloud Insights: Uncovering the Hidden Dangers in Google Cloud Dataproc

Summary The Apache Hadoop Distributed File System HDFS can be vulnerable to data compromise when a Compute Engine cluster is in a public-facing virtual private cloud VPC or shares the VPC with other Compute Engine instances. Google Cloud Platform GCP provides a default VPC called default. This VP...

8.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/05/17 11:45 p.m.25 views

Qualys Enterprise TruRisk™ Platform Extends FIM with Real-Time Monitoring of Unauthorized Access to Sensitive Data and Configuration Change Detection on Network Devices

Introducing FIM 4.0 with File Access Monitoring FAM and Agentless FIM to ensure compliance with the new PCI 4.0 File Integrity Monitoring FIM solutions are essential for virtually any organization to help identify suspicious activities across critical system files and registries, diagnose changes...

7.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/05/16 3:3 p.m.29 views

How the Qualys Enterprise TruRisk™ Platform Supports CISA Vulnrichment

Introduction In todays interconnected digital landscape, cybersecurity threats pose significant risks to organizations across various sectors. Recognizing the need for a structured approach to identify, prioritize, and address vulnerabilities, the Cybersecurity and Infrastructure Security Agency...

6.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/05/16 2:0 p.m.36 views

TotalCloud Container Security Best Practices

Qualys Container Security CS, an integral part of TotalCloud 2.0, provides a comprehensive view of the security posture of containerized applications. Operationalizing a new technology tool in an enterprise often presents its own challenges. This blog seeks to help the operations team familiarize...

7.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/05/14 6:40 p.m.49 views

Microsoft and Adobe Patch Tuesday, May 2024 Security Update Review

Microsoft has released its May edition of Patch Tuesday. Lets take a deep dive into the crucial insights from Microsofts Patch Tuesday updates for May 2024. Microsoft Patch Tuesday for May 2024 Microsoft Patch Tuesdays May 2024 edition addressed 67 vulnerabilities, including one critical and 59...

8.8CVSS9AI score0.8399EPSS
Exploits4
Qualys Blog
Qualys Blog
added 2024/05/11 12:1 a.m.79 views

Get Weekends Back: Put Chrome CVEs like CVE-2024-5274 on Auto-Patching

On May 9th, Google released an emergency update for its Chrome browser to patch a critical zero-day vulnerability, CVE-2024-4671. The "use after free" vulnerability affects the Visuals component of Chrome, which is responsible for rendering and displaying content. CVE-2024-4671 was identified and...

9.6CVSS9.1AI score0.15111EPSS
Exploits7
Qualys Blog
Qualys Blog
added 2024/05/09 9:5 p.m.23 views

TotalCloud Insights: A Wake-Up Call on Cloud Database Security Failure Rates

In part 1 of this two-part blog, we explored how to safeguard cloud databases from SQL Server threats and lateral movement risks. In this second part, we turn our focus to a comparative analysis of database security across three major cloud service providers CSPs, AWS, Azure, and GCP, as well as...

7.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/05/09 6:19 p.m.23 views

Elevating Security: Qualys Unveils First Solution for Scanning AWS Bottlerocket in Amazon EKS and Amazon ECS

With this new offering, Qualys establishes itself as the first and only vendor solution with the unique ability to scan AWS Bottlerocket instances directly using the Qualys Cloud Agent and TotalCloud Agent-less Snapshot-Based Scan. This innovative capability empowers organizations to...

7.6AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/05/09 4:0 p.m.20 views

How to Create Collaboration and Shared Goals with IT and Security Teams

In today’s ITSM landscape, merging IT operations and security practices is no longer “ideal”, but imperative. According to a recent Gartner® Board of Directors Survey 1, 88% of respondents indicated that their organization perceives cybersecurity as a business risk. This was up from 58% in 2016,...

7.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/05/09 12:41 a.m.29 views

Assess, Remediate, and Prevent the Top 10 MITRE ATT&CK Techniques for Ransomware, Mapped to Misconfigurations

In cybersecurity, the battle against ransomware is a pivotal challenge for organizations worldwide. Attackers are consistently refining their methods, highlighting the critical need for businesses to remain proactive in their defense strategies. To effectively address this threat, it is essential...

7.6AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/05/07 9:5 p.m.16 views

Qualys Is Proud to Sign CISA’s Secure by Design Pledge

Cybersecurity leaders in the U.S. are very familiar with the Cybersecurity and Infrastructure Security Agency CISA and their important work to keep the internet, our country, and its citizens safe from cyber threats. As part of their efforts, CISA has identified secure by design software as a key...

8.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/05/06 12:45 p.m.73 views

Introducing CyberSecurity Asset Management 3.0 with Expanded Discovery and Cyber Risk Assessment

Qualys is re-defining attack surface management with CyberSecurity Asset Management CSAM 3.0, expanding the most comprehensive attack surface coverage on the market to include patent-pending EASM discovery and scan, passive sensing for unmanaged/untrusted devices built in to the Qualys agent, and...

7.6AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/05/02 5:35 p.m.16 views

Agentless FIM for Detecting Network Configuration Changes

Dealing with multiple network administrators making frequent configuration changes with a monitoring solution that provides insights into device change without causing resource constraints. The performance and capabilities of a network device are entirely dependent upon its configuration settings...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/05/02 12:15 p.m.25 views

Qualys Launches MSSP Portal to Empower Managed Security Service Providers

In the words of Sun Tzu, In the midst of chaos, there is also opportunity. This aptly captures the essence of todays cybersecurity landscape. Managed Security Service Providers MSSPs stand at the forefront, turning chaos into opportunity by securing digital assets across the entire infrastructure...

7.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/05/01 5:46 p.m.23 views

Verizon’s 2024 DBIR Unpacked: From Ransomware Evolution to Supply Chain Vulnerabilities

As we delve into cybersecuritys complex and evolving landscape, the Verizon 2024 Data Breach Investigations Report DBIR offers crucial insights into the mechanisms and motives behind the latest wave of cyberattacks. Qualys is once again proud to contribute to the report, helping to dissect these...

7.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/04/30 6:45 p.m.50 views

CrushFTP Zero-Day Exploitation Due to CVE-2024-4040

Vulnerability Scope & Details CrushFTP disclosed a zero-day vulnerability in their software on April 19, 2024. The vulnerability is published on CVE-2024-4040. Affected versions: 9.x versions before 10.7.1 11.1.0 The CVSS score is 9.8. The vulnerability allows remote attackers to bypass the VFS...

7.5CVSS7.9AI score0.99539EPSS
Exploits22
Qualys Blog
Qualys Blog
added 2024/04/24 10:55 p.m.56 views

ArcaneDoor Unlocked: Tackling State-Sponsored Cyber Espionage in Network Perimeters

Cisco recently uncovered a sophisticated cyber espionage campaign, ArcaneDoor, targeting perimeter network devices used by government and critical infrastructure sectors. This campaign involves state-sponsored actors exploiting two zero-day vulnerabilities CVE-2024-20353 and CVE-2024-20359 aimed...

5CVSS8.4AI score0.63272EPSS
Exploits2
Qualys Blog
Qualys Blog
added 2024/04/24 8:57 p.m.13 views

Unveiling the Hidden Power of the CMDB in Cybersecurity

In the ever-evolving landscape of cybersecurity, where attacks grow increasingly sophisticated, organizations must leverage every tool at their disposal to stay one step ahead. While CISOs and SecOps teams often focus on disciplines such as vulnerability detection, attack surface management, and...

6.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/04/24 1:0 p.m.13 views

Staying Five Steps Ahead of Cyber Risk

Organizations are continuously seeking effective strategies to protect their digital environments. With over 26,000 vulnerabilities discovered last year, Qualys Vulnerability Management, Detection, and Response VMDR offers a comprehensive solution designed to meet the needs of both security and I...

7.6AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/04/22 4:11 p.m.30 views

Empowering Small Businesses in the Digital Age: A Must-Read Guide to Web Application & API Security

Small and medium-sized businesses have increasingly become reliant on web applications - whether they are developed or procured, to drive their operations, engage customers, and scale their businesses. The increasing reliance on online operations is underscored by 84% of businesses using digital...

7.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/04/22 2:0 p.m.25 views

WordPress LayerSlider Plugin: SQL Injection Vulnerability

On March 25th, 2024, a critical security vulnerability was discovered in the LayerSlider plugin for WordPress, marked as CVE-2024-2879. The plugins have more than 10 lakh active installations. This flaw, rated with a CVSS score of 7.5 out of 10.0, is identified as an SQL injection vulnerability...

5CVSS8.2AI score0.18402EPSS
Exploits1
Qualys Blog
Qualys Blog
added 2024/04/18 2:0 p.m.21 views

TotalCloud Insights: Safeguarding Your Cloud Database from SQL Server Threats and Lateral Movement Risks

Introduction In todays tech-driven world, cloud computing has completely changed how businesses store and manage their data. It offers many advantages, like flexibility, scalability, and cost savings, making it a go-to choice for organizations of all sizes. Keeping your data secure, especially in...

8.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/04/17 2:39 p.m.109 views

Oracle Patch Update, April 2024 Security Update Review

Oracle released its second quarterly edition of Critical Patch Update, which contains patches for 441 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-par...

7.5CVSS10AI score0.99615EPSS
Exploits7
Qualys Blog
Qualys Blog
added 2024/04/16 7:0 p.m.19 views

How Qualys Supports the National Cyber Security Centre (NCSC)’s Vulnerability Management Guidance

NCSC details the importance of having asset management and remediation as key requirements of a successful VM program. “A vulnerability management process shouldn’t exist in isolation. It is a cross-cutting effort and involves not just those working in IT operations, but also security and risk...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/04/15 5:37 p.m.25 views

Navigating the EU NIS2 Directive

How Qualys Cybersecurity Solutions Ensure Compliance The European Union’s revised Network and Information Security NIS2 Directive is a comprehensive cybersecurity regulation aimed at bolstering the resilience of critical entities and essential services across the EU. As organizations grapple with...

7.6AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/04/15 4:12 p.m.56 views

WordPress Remote Code Execution via Plugin Upload (CVE-2024-31210)

WordPress is a widely used open publishing platform for the web. A security vulnerability was discovered that allows administrator-level users on single-site installations and Super Admin-level users on Multisite installations to execute arbitrary PHP code. This vulnerability affects WordPress...

4.3CVSS8.2AI score0.00945EPSS
Exploits0
Qualys Blog
Qualys Blog
added 2024/04/12 3:29 p.m.28 views

De-risk the Software Supply Chain by Expanding Unparalleled Detection Coverage With Qualys VMDR and Software Composition Analysis

QIDs/CVEs When it comes to cybersecurity, speed is key in getting an edge over attackers. But when you consider that vulnerabilities weaponize 24 days faster than then they are remediated on average, cybersecurity stakeholders have a lot of catching up to do. While there are many ways defenders c...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/04/11 7:47 p.m.20 views

Qualys Endpoint Detection & Response Validated by Top Independent Testing Labs

Qualys is proud to announce that our Endpoint Detection & Response solution has earned top certifications from two of the most respected independent anti-virus testing organizations - SE Labs and AV-Test. These prestigious validations underscore Qualys mission to deliver best-in-class malware...

7.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/04/10 6:34 p.m.22 views

Real-time File Access Monitoring (FAM) with Qualys FIM

What is File Access Monitoring FAM? FAM is a security practice that involves tracking and logging access to sensitive files. FAM should be included with any File Integrity Monitoring FIM solution to trigger alerts when critical host files not intended for regular use are accessed. Importance of F...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/04/10 6:32 p.m.13 views

How to Reduce Your Risk with Proactive VM Strategies

Current cybersecurity challenges demand more than just reactive measures. A significant hurdle many organizations face is the effective remediation of vulnerabilities within their IT infrastructure. Recognizing this, security teams are increasingly turning to sophisticated vulnerability managemen...

7.6AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/04/09 7:23 p.m.81 views

Microsoft and Adobe Patch Tuesday, April 2024 Security Update Review

Welcome to another insightful dive into Microsofts Patch Tuesday! This months security updates address a vast number of vulnerabilities in multiple popular products, features, and roles. We invite you to join us to review and discuss the details of these security updates and patches. Microsoft...

6.8CVSS9.2AI score0.87784EPSS
Exploits2
Qualys Blog
Qualys Blog
added 2024/04/08 6:50 p.m.22 views

Navigating SQL Injection Vulnerabilities with DAST for Modern AppSec

The digital landscape is continuously evolving, and with it, the strategies for safeguarding our applications against vulnerabilities. In a recent advisory, CISA & the FBI have highlighted the critical importance of conducting thorough reviews of code and supply chains. The aim is to unearth any...

8.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/04/02 4:7 p.m.30 views

Key Insights from the NCSC’s Vulnerability Management Guidance

In a world increasingly surrounded by cyber threats, the UKs National Cyber Security Centre NCSC offers vital guidance on Vulnerability Management, providing clear and actionable advice for tackling cyber threats. Their recommendations are essential for organizations to understand and mitigate...

7.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/03/30 4:6 a.m.97 views

XZ Utils SSHd Backdoor

On March 29th, 2024, security researcher Andres Freund discovered a backdoor in XZ Utils versions 5.6.0 and 5.6.1. Under certain conditions, this backdoor may allow remote access to the targeted system. This disclosure was posted to the Openwall mailing list. The security researcher mentions that...

7.5CVSS9.9AI score0.85974EPSS
Exploits40
Total number of security vulnerabilities1089