Lucene search
K
QualysblogRecent

1089 matches found

Qualys Blog
Qualys Blog
added 2024/03/26 2:0 p.m.22 views

Meeting FISMA (M-24-04) Requirements with a Unified Attack Surface Management Strategy

At the end of 2023, the Office of Management and Budget OMB released the FY24 FISMA Guidance M-24-04 with a broad focus on securing the entire attack surface and specific action items for agencies pertaining to High Value Assets, IoT/OT devices, and internet-connected assets. In reference to rece...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/03/25 3:44 p.m.60 views

Combine Qualys TruRisk™ and MITRE ATT&CK to Adopt Threat-Informed Defense to Reduce Risk

There are so many vulnerabilities disclosed daily that no one can patch all of them. Unfortunately, attackers can exploit them while you are still in the process of reviewing, prioritizing, and patching. Effective risk-based prioritization focuses your limited resources and remediation efforts...

7.5CVSS10AI score0.99999EPSS
Exploits58
Qualys Blog
Qualys Blog
added 2024/03/19 5:26 p.m.20 views

Navigating Evolving Cybersecurity: Recent Trends and Future Outlook

“Those who fail to learn from history are doomed to repeat it." - Winston Churchill While Churchill may not have been the first person to use a variation of this quote, the essence of its meaning rang true then and still does today. In this spirit, and so that we may collectively learn and evolve...

7.5AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/03/13 5:17 p.m.20 views

De-risking Your Organization in Spite of NVD Delays

In the face of recent struggles with the National Vulnerability Database NVD, causing delays in analyzing Common Vulnerabilities and Exposures CVEs since February 12, 2024, a significant number of CVEs lacked essential metadata including severity scores and affected product details. Qualys remain...

7.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/03/12 8:45 p.m.34 views

Top MITRE ATT&CK Tactics and Techniques Leveraged in 2023

The Qualys Threat Research Unit has mapped vulnerabilities and misconfigurations to the MITRE ATT&CK framework tactics and techniques to help you get the attacker’s view. They have also analyzed vulnerabilities and misconfigurations across all our customers to find the top tactics and techniques...

9.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/03/12 6:37 p.m.48 views

Microsoft and Adobe Patch Tuesday, March 2024 Security Update Review

Welcome to another insightful dive into Microsofts Patch Tuesday! This months security updates address a significant number of CVEs, underscoring the ongoing battle against digital vulnerabilities. We invite you to join us to review and discuss the details of these security updates and patches...

5.1CVSS9AI score0.30504EPSS
Exploits0
Qualys Blog
Qualys Blog
added 2024/03/07 5:10 p.m.19 views

Qualys Updates Login Page to Improve User Experience and Highlight Latest Qualys News

With an eye to updating the overall user experience UI, continuing to fortify security, and keeping you informed of the latest Qualys news, were optimizing our login at the end of May 2024. This UI overhaul of sorts aims not only to refresh the aesthetic appeal but also to integrate robust...

7.5AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/03/05 7:29 p.m.22 views

Achieving NIST CSF 2.0 Top Tier Adaptable Status

An Overview of NIST CSF 2.0 The National Institute of Standards and Technology NIST recently updated its popular Cybersecurity Framework CSF to version 2.0 to help organizations reduce cybersecurity risks. Designed for virtually all industry sectors, from small to medium businesses SMBs to larger...

7.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/02/26 5:28 p.m.14 views

A Comprehensive Assessment of the General Personal Data Protection Law (LGPD)

Most nations need to protect sensitive data for any number of reasons. Assuring legal compliance, protecting national security, preventing abuse and prejudice, improving global competitiveness, and upholding ethical standards are all vital requirements. Data privacy enhances the safety, security,...

6.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/02/22 11:5 p.m.48 views

TruRisk™️ Insights – The Story Behind a TruRisk Score

In the world of cloud and SaaS security, where risks arise not only from vulnerabilities but also from misconfigurations and various threats, the task of prioritizing and managing them becomes increasingly complex. Its not just about identifying vulnerabilities; its also crucial to recognize and...

7.7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/02/15 4:36 p.m.20 views

Ransomware Reality Check: Deciphering Priorities in a Sea of Cyber Extortion

Welcome to a critical exploration of the 2023 Cyber Vulnerability Landscape, with a specific focus on the escalating threat of ransomware. I have previously shared the broader results we found in evaluating the 2023 threat landscape; this is now a deeper dive into what the data reveals specifical...

8.5AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/02/13 8:3 p.m.51 views

Microsoft and Adobe Patch Tuesday, February 2024 Security Update Review

The new Microsoft Patch Tuesday Edition for February 2024 is now live! We invite you to join us to review and discuss the details of these security updates and patches. Microsoft Patch Tuesday for February 2024 Microsoft Patch Tuesdays February 2024 edition addressed 79 vulnerabilities, including...

7.5CVSS10AI score0.95443EPSS
Exploits38
Qualys Blog
Qualys Blog
added 2024/02/12 3:0 p.m.17 views

CSAM Drives Accurate TruRisk Scoring with EoL/EoS, Unauthorized Software, and Missing Security Agents

With the release of the Enterprise TruRisk Platform, Qualys is focusing each of its cyber security solutions on the more holistic goals of measuring, communicating, and eliminating cyber risk across the extended enterprise. Each offering within the platform works together, driving toward these...

7.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/02/07 1:55 p.m.44 views

Announcing TotalCloud™ 2.0 with TruRisk™ Insights: The Future of Cloud and SaaS Security

Rapid cloud and SaaS adoption is driving digital transformation thats reshaping business agility and scalability, making cloud and SaaS security more critical than ever. Recognizing this shift, in November 2022, Qualys launched TotalCloud – an AI-powered cloud-native application protection platfo...

7.5CVSS7.1AI score0.80819EPSS
Exploits15
Qualys Blog
Qualys Blog
added 2024/02/05 11:33 p.m.18 views

CSAM Strengthens Attack Surface Coverage and Risk Assessment With Third-Party Connectors

Organizations using Qualys CyberSecurity Asset Management CSAM can now import asset data from any external system into the Enterprise TruRisk Platform. With third-party connectors, you will identify any existing coverage gaps and add business context to your unified inventory, helping you...

6.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/02/01 12:0 a.m.36 views

Identify and De-risk Unmanaged, Unauthorized Devices With Qualys CyberSecurity Asset Management (CSAM)

69% of organizations said they experienced at least one cyberattack resulting from an exploit of an unknown or unmanaged asset such as software, cloud-based workloads user accounts, and IoT devices. Ultimately, these attacks stem from visibility gaps in the attack surface. Bringing these assets...

7.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/01/31 3:32 p.m.17 views

Qualys Patch Management: A Review of New Features in 2023 for Faster Elimination of Cyber Risk

The recent debut of Qualys’ Enterprise TruRisk Platform promises three key benefits: measuring, communicating, and eliminating cyber risk across the extended enterprise. Qualys Patch Management plays a pivotal role in this process towards the rapid elimination of cyber risk. Our focus during 2023...

7.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/01/30 6:31 p.m.101 views

Qualys TRU Discovers Important Vulnerabilities in GNU C Library’s syslog()

The Qualys Threat Research Unit TRU has recently unearthed four significant vulnerabilities in the GNU C Library, a cornerstone for countless applications in the Linux environment. Before diving into the specific details of the vulnerabilities discovered by the Qualys Threat Research Unit in the...

5CVSS7.6AI score0.04794EPSS
Exploits10
Qualys Blog
Qualys Blog
added 2024/01/30 5:12 p.m.10 views

Advancing Cybersecurity Management With Qualys Cloud Agent

In the first part of our series, we discussed the significant enhancements in Reduced Activity Periods RAP and Enhanced Capabilities for VDI in the Qualys Cloud Agent. In this second part of the series, we continue our exploration into the other two pivotal enhancements of this upgrade: 1. Agent...

7.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/01/29 5:1 p.m.14 views

Cybersecurity Must De-Risk the Business

The Catalyst for My Return to Qualys “Necessity is the mother of all invention.” – Plato Introduction Cybersecurity as a problem and practice is evolving. This evolution is driven by business risk. Does this sound obvious? For far too long, we in security have put the technology cart way ahead of...

7.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/01/24 4:25 p.m.20 views

Upgrade to New UI of Qualys Web Application Scanning (WAS): Bringing You Enhanced Web Application Security

In the dynamic world of cybersecurity, staying ahead means constantly evolving. At Qualys, we understand that the bedrock of outstanding security is continuous improvement and innovation. Thats why were thrilled to announce the latest launch of the new User Interface UI for Qualys Web Application...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/01/24 3:51 p.m.23 views

Qualys WAS Unveils New Features in an Upgraded User Interface

Qualys Web Application Scanning WAS has been at the forefront of web application and API security innovation, and today, were excited to announce a significant leap - the launch of our New User Interface UI. From improved performance and reliability to cutting-edge technology adoption and enhance...

7.5AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/01/23 10:15 p.m.14 views

Announcing the Newest Game-Changing Upgrades of Qualys Cloud Agent

Qualys Cloud Agent Gets Powerful Enhancements for Boosting User Flexibility, Improved Control & Efficiency in VDI Environments, Seamless Updates, and More! We are excited to unveil a major upgrade to the Qualys Cloud Agent, marking a significant stride in cybersecurity management. The four update...

7.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/01/22 4:48 p.m.21 views

Reduce Risk Faster With the Qualys Risk Reduction Recommendation Report

New vulnerabilities are found almost daily. However, most organizations struggle to identify, prioritize, and remediate vulnerabilities efficiently—making their environments vulnerable to risk. Last year, Qualys introduced Qualys VMDR with TruRiskTM, which helps organizations quantify cyber risk ...

7.6AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/01/17 3:29 p.m.90 views

Oracle Patch Update, January 2024 Security Update Review

Oracle has released its first quarterly edition of Critical Patch Update, which contains patches for 389 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in a wide range of product families, includin...

10CVSS10AI score0.99654EPSS
Exploits69
Qualys Blog
Qualys Blog
added 2024/01/12 10:44 p.m.62 views

Detect and Manage the Risk of Apache Struts (CVE-2023-50164) Comprehensively

Introduction In the vast landscape of cybersecurity, staying vigilant against potential threats is crucial. A critical vulnerability that surfaced recently is CVE-2023-50164, affecting Apache Struts 2, a widely used open-source framework for Java development. This path traversal vulnerability,...

7.5CVSS10AI score0.80819EPSS
Exploits15
Qualys Blog
Qualys Blog
added 2024/01/11 11:1 p.m.17 views

TotalCloud Insights: Crafting Effective Indicators of Compromise (IoCs) for Sub-domain Takeover Risk Detection

Subdomain takeover poses a significant security threat in cloud environments. It occurs when a subdomain of a domain e.g., subdomain.example.com inadvertently resolves to an external service no longer under the organizations control. These orphaned subdomains provide attackers with a foothold for...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/01/11 9:54 p.m.67 views

Dual Zero-Day Threats in Ivanti Connect Secure and Policy Secure Gateways – CVE-2023-46805 and CVE-2024-21887

In recent and alarming cybersecurity developments, Volexity researchers have discovered that attackers are exploiting two distinct zero-day vulnerabilities in a coordinated manner to enable unauthenticated remote code execution RCE. These vulnerabilities are identified as CVE-2023-46805 and...

6.4CVSS9.4AI score0.99999EPSS
Exploits23
Qualys Blog
Qualys Blog
added 2024/01/10 8:41 p.m.16 views

Facebook Job Scam

Qualys has confirmed ongoing attacks against multiple brands offering work-from-home remote job offers, advertised through Facebook. Unfortunately, these scams typically see a rise in prevalence following the holidays. Qualys has confirmed cyber criminals are advertising jobs within Facebook to...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/01/09 8:39 p.m.43 views

Microsoft and Adobe Patch Tuesday, January 2024 Security Update Review

The first edition of the Microsoft Patch Tuesday for 2024 is now live! Microsoft has released fewer than usual security fixes in this months update. We invite you to join us to review and discuss the details of these security updates and patches. Microsoft Patch Tuesday for January 2024 Microsoft...

6.8CVSS9AI score0.30801EPSS
Exploits3
Qualys Blog
Qualys Blog
added 2024/01/09 1:41 p.m.21 views

Qualys and Microsoft Sunset Embedded Integration of Qualys Solutions for Microsoft Defender for Cloud

Qualys offers a holistic risk-based approach to securing modern cloud workloads Over the past three years, Qualys has had a strong collaboration with Microsoft, with Qualys providing the vulnerability assessment engine for Microsoft Defender for Cloud, covering infrastructure and container...

7.6AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/12/26 2:6 p.m.36 views

Yet Another Apache Struts 2 Vulnerability – CVE-2023-50164

Apache Struts is a popular open-source web application framework used to develop MVC-based web applications. The widespread adoption of the Apache Struts framework has resulted in the related applications being targeted by malicious actors over the years. The popularity of the framework results i...

7.5CVSS8.1AI score0.80819EPSS
Exploits15
Qualys Blog
Qualys Blog
added 2023/12/22 2:17 a.m.118 views

SSH Attack Surface (CVE-2023-48795): Find and Patch With CyberSecurity Asset Management Before the Grinch Arrives

Secure Shell Protocol SSH has been a cornerstone of cryptography and security since it was developed in early 1995. Organizations rely on SSH for secure communications within several popular software products. The recent Terrapin Attack highlights the importance of maintaining full visibility of...

2.6CVSS7.1AI score0.93305EPSS
Exploits4
Qualys Blog
Qualys Blog
added 2023/12/19 3:0 p.m.59 views

2023 Threat Landscape Year in Review: If Everything Is Critical, Nothing Is

As 2023 nears its end, its time to pause and reflect. It’s time to assess what worked and what didnt, what caught our attention and caused disruption, and what went unnoticed. More importantly, we need to know what lessons we learned from 2023 so that we can do a better job of managing risk in th...

7.5CVSS10AI score0.99999EPSS
Exploits94
Qualys Blog
Qualys Blog
added 2023/12/18 11:1 p.m.9 views

TotalCloud Insights: Hidden Risks of Amazon S3 Misconfigurations

Misconfiguring Amazon S3 Buckets Can Pose Major Risks Amazon Web Services AWS is the world’s largest cloud security provider, and it provides the ability to store massive amounts of cloud-resident data with the Amazon Simple Storage Service S3 bucket. Amazon S3 is an object storage solution known...

7.6AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/12/12 8:1 p.m.51 views

Microsoft and Adobe Patch Tuesday, December 2023 Security Update Review

Microsoft has wrapped up the year with fewer security updates released in its Patch Tuesday, December 2023 edition. We invite you to join us to review and discuss the details of these security updates and patches. Microsoft Patch Tuesday for December 2023 In this months Patch Tuesday edition,...

5.8CVSS8.9AI score0.92817EPSS
Exploits0
Qualys Blog
Qualys Blog
added 2023/12/12 6:21 p.m.20 views

Building an AppSec Program with Qualys WAS – Additional Configurations and Review & Confirm

Part 4 - Configuring a Web Application or API: Additional Configurations Now that we have completed the basic information, crawl settings, and default scan configurations, we can shift our attention to additional configurations designed to optimize scanning and provide granular control over how...

8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/12/12 3:59 p.m.13 views

An Easy and Effective Strategy To Shield Your Business From Ransomware

Ransomware continues to make headlines and remains a top concern 2022 was a breakout year for ransomware as it wreaked havoc on individuals and organizations around the world. The numbers are staggering: Ransomware attacks surged dramatically in 2022 and were involved in 25% of all breaches,...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/12/08 1:25 p.m.29 views

OpenCMS Unauthenticated XXE Vulnerability (CVE-2023-42344)

OpenCms is a popular open-source Java framework developed by Alkacon Software. OpenCms provides a platform for users to design and develop web applications. The latest version of the framework is 16.0. About CVE-2023-42344 CVE-2023-42344 is a critical vulnerability where users can execute code...

8.1AI score0.02231EPSS
Exploits0
Qualys Blog
Qualys Blog
added 2023/12/05 6:39 a.m.15 views

Building an AppSec Program with Qualys WAS -Introduction and Configuring a Web Application or API: Default Scan Settings

Qualys WAS Web Application Scanning tools stand out as The Leading Dynamic Application Security Testing DAST solutions in the industry. Since it comes with default scan settings, understanding these settings in detail is critical to uncover vulnerabilities effectively. Scan performance and covera...

7.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/11/27 7:15 a.m.11 views

Closing the Visibility Gap: How Qualys Cloud Agent Passive Sensor (CAPS) Eliminates Blind Spots Without the Hassle

In modern networks, the most significant risks come from systems that fall through the cracks. Modern networks are full of unknown and unmanaged assets. Some are seemingly benign devices introduced by well-meaning employees or contractors that can turn rogue. While some of these may be genuinely...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/11/23 9:53 a.m.28 views

Unveiling the Deceptive Dance: Phobos Ransomware Masquerading As VX-Underground

During a recent hunt, Qualys Threat Research has come across a ransomware family known as Phobos, impersonating VX-Underground. Phobos ransomware has been knocking on our door since early 2019 and is often seen being distributed via stolen Remote Desktop Protocol RDP connections. Strongly believe...

7.7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/11/15 11:57 a.m.61 views

Atlassian Confluence Broken Access Control Vulnerability (CVE-2023-22515)

Atlassian issued an Advisory on October 4, 2023, for CVE-2023-22515, a critical severity vulnerability affecting Confluence Server and Data Center. According to the advisory, the vulnerability was initially published as a Privilege Escalation vulnerability but was later updated to a Broken Access...

7.5CVSS7.7AI score0.99156EPSS
Exploits39
Qualys Blog
Qualys Blog
added 2023/11/14 8:29 p.m.79 views

Microsoft and Adobe Patch Tuesday, November 2023 Security Update Review

Microsoft released its second last Patch Tuesday edition of the year. We invite you to join us to review and discuss the details of these security updates and patches. Microsoft Patch Tuesday for November 2023 In this months Patch Tuesday edition, Microsoft has addressed a total of 75...

7.5CVSS9.8AI score0.88196EPSS
Exploits4
Qualys Blog
Qualys Blog
added 2023/11/09 10:0 p.m.30 views

QSC23 – Qualys Announces a Directional Shift to Measure, Communicate, and Eliminate Cyber Risk with New Platform and Solutions

The 2023 Qualys Security Conference QSC started wrapping up on Thursday, November 9th, with two days of new technology announcements, impactful customer use cases, and thought-provoking talks from a host of engaging speakers, including Rachel Wilson, Managing Director at Morgan Stanley and Frank...

7.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/11/09 7:14 p.m.19 views

De-risking in Practice: How Qualys Customers are Driving Value in Their Organizations

As the threat landscape continues to grow in complexity, it has become more important than ever for the modern enterprise to measure, communicate, and eliminate cyber risk with efficiency. What does that mean in practice? Over the last two days, during the 2023 Qualys Security Conference QSC taki...

7.6AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/11/09 12:31 p.m.26 views

Leveraging AI-informed Cybersecurity to Measure, Communicate, and Eliminate Cyber Risk

Dilip Bachwani, Qualys CTO, shares the Qualys AI strategy with TruRisk AI at QSC 2023. The threat landscape is constantly evolving, and so are the implications of cyber risk across any organization. As attacker tactics become more sophisticated and persistent, cybersecurity strategies must grow...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/11/08 7:30 p.m.20 views

Effectively Measure, Communicate, and Eliminate Cloud Risks with TotalCloud

Cloud is a dynamic and ever-evolving environment characterized by transient workloads and an expansive attack surface. This inherent nature of cloud infrastructure contributes to the ongoing complexity and challenges in maintaining robust security measures. According to the 2023 Qualys TotalCloud...

7.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/11/08 3:33 p.m.12 views

Cybersecurity at a Crossroads: New Implications on Business Risk

During our 2023 Qualys Security Conference QSC taking place in Orlando, Florida, November 6-9, 2023, I unveiled an exciting new milestone for the company – the release of our new Qualys Enterprise TruRisk Platform, marking a seismic shift for the future of Qualys as a leader in managing and...

7.5AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/11/02 9:53 p.m.38 views

CVSS v4 Is Now Live and What You Need To Know About It

On November 1st, 2023, the Common Vulnerability Scoring System version 4 CVSS v4 was officially launched in General Availability GA following a period of public preview and feedback collection. This launch was orchestrated by the Forum of Incident Response and Security Teams FIRST, marking a...

7.4AI score
Exploits0
Total number of security vulnerabilities1089