Lucene search
K
QualysblogRecent

1089 matches found

Qualys Blog
Qualys Blog
added 2023/11/01 1:0 p.m.19 views

Explaining the Business Value of Qualys Enterprise TruRisk Platform to Your Leadership

New IDC White Paper Reports Findings by Qualys Customers As a cybersecurity leader, you may struggle to help your C-suite see the business value of what your team does. Forget “speeds and feeds”; key decision-makers are solely focused on The Numbers. While reports from most security tools excel a...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/10/31 10:58 a.m.63 views

Qualys API Best Practices: Policy Compliance – Posture Streaming (PCRS) API

This API Best Practices Series is designed for Qualys customer programmers or stakeholders with a general knowledge of programming who want to implement best practices for improving the development, design, and performance of their programs that use the Qualys API. For non-customers, the Qualys A...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/10/30 5:19 p.m.19 views

PCI DSS 4.0: How to Ensure Full Compliance with New Requirements

The Payment Card Industry Data Security Standard PCI DSS is one of the oldest mainstream requirements for compliance, originating in 2004. The PCI Security Standards Council manages the standard to ensure security for the global payment system. It globally applies to all entities that store,...

7.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/10/26 4:24 p.m.52 views

Qualys API Best Practices: Web Application Scanning API

This API Best Practices Series is designed for Qualys customer programmers or stakeholders with a general knowledge of programming who want to implement best practices for improving the development, design, and performance of their programs that use the Qualys API. For non-customers, the Qualys A...

7.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/10/26 1:4 p.m.90 views

Safeguard Your Organization this Holiday Season with Endpoint Security from Qualys

The holiday season is approaching, bringing joy, family gatherings, and celebrations. As we dust off the decorations and begin drafting shopping lists, security professionals must grapple with an underlying concern: the increased risk of cyberattacks. Year-end festivities bring a rise in online...

6.5CVSS9.6AI score0.99964EPSS
Exploits11
Qualys Blog
Qualys Blog
added 2023/10/25 6:34 p.m.29 views

Building an AppSec Program with Qualys WAS – Configuring a Web Application or API: Crawl Settings

Qualys Web Application Scanning WAS stands out as the industrys leading Dynamic Application Security Testing DAST solution. Delving deeper into these settings is crucial for effectively harnessing its potential to uncover vulnerabilities. Scan coverage is greatly influenced by the crawl settings,...

6.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/10/24 1:0 p.m.21 views

Qualys Named a Leader in KuppingerCole CSPM Report

Cloud Security Posture Management CSPM is a crucial requirement in cloud security. CSPM is all about identifying misconfiguration issues and compliance risks in cloud environments. Since cloud misconfigurations are the leading cause of data breaches, you want an excellent CSPM solution on your...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/10/18 5:11 p.m.85 views

Oracle Patch Tuesday, October 2023 Security Update Review

Oracle has released its fourth quarterly edition of Critical Patch Update, which contains a group of patches for 387 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in Oracle code and third-party...

7.5CVSS9.1AI score0.99615EPSS
Exploits29
Qualys Blog
Qualys Blog
added 2023/10/17 9:9 p.m.37 views

Critical Cisco 0day Exploited – Do you have Blind Spots in your Risk Management?

In the dynamic realm of cybersecurity, the importance of exhaustive vulnerability management and robust risk assessment is paramount. While agent-based solutions have garnered favor among organizations bolstering their cyber protections, it prompts the question: "Is an agent-only strategy truly...

7.5CVSS6.9AI score0.99571EPSS
Exploits26
Qualys Blog
Qualys Blog
added 2023/10/17 5:5 p.m.16 views

Building an AppSec Program with Qualys WAS – Introduction

Part 1 - Introduction and Configuring a Web Application or API: Basic Information Welcome to our introductory series of blogs where we will take you step-by-step through your application security journey with Qualys Web Application Scanning WAS to build and deploy secure web applications and APIs...

6.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/10/17 6:46 a.m.24 views

Discover and Assess the Risk of Embedded Open-Source Software (OSS) Vulnerabilities

Runtime Software Composition Analysis with the Qualys Cloud Agent In a blog post published last week, we discussed the importance of managing risk across software developed in-house. A great deal of that risk is introduced by vulnerabilities in open-source packages like Log4Shell, OpenSSL, etc...

7.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/10/13 11:1 a.m.19 views

Qualys FIM Playbook for PCI 4.0

This File Integrity Monitoring FIM playbook is your comprehensive guide to establishing and maintaining an effective FIM program aligned with the latest PCI DSS 4.0 standards. By meticulously monitoring and ensuring the integrity of vital files and configurations, your organization can bolster it...

7.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/10/11 1:59 p.m.21 views

How does Qualys TotalCloud prevent secret leaks for Containers?

This blog post introduces new product capabilities to help prevent container secret leaks. Discover how Qualys TotalCloud can provide a unified view of secrets-related risks. Why is Secret Detection Needed for Container Security? A recent study by researchers at the RWTH Aachen University in...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/10/10 10:1 p.m.68 views

CVE-2023-44487 HTTP/2 Rapid Reset Attack

Today, Amazon Web Services, Cloudflare, and Google, in a coordinated announcement, reveal their experiences mitigating powerful HTTP/2-based DDoS attacks utilizing a zero-day technique referred to as Rapid Reset, documented under the vulnerability identifier CVE-2023-44487. The attack magnitudes...

5CVSS7.6AI score0.99999EPSS
Exploits21
Qualys Blog
Qualys Blog
added 2023/10/10 7:44 p.m.103 views

Microsoft and Adobe Patch Tuesday, October 2023 Security Update Review

Microsoft released its October edition of Patch Tuesday! In this months updates, Microsoft has addressed 105 vulnerabilities in different products, features, and roles. Lets take a look at the updates in detail. Microsoft Patch Tuesday for October 2023 Microsoft has addressed three zero-day...

7.5CVSS9.6AI score0.99999EPSS
Exploits20
Qualys Blog
Qualys Blog
added 2023/10/09 5:47 p.m.17 views

The Qualys Security Conference Mumbai: That’s a Wrap!

In recent years, the world of cybersecurity has experienced a dramatic transformation. The threat landscape has erupted, creating a host of complex challenges, with malicious actors continuously upping their game. In this high-stakes environment, the need for robust cloud security platforms...

7.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/10/06 12:14 a.m.411 views

Curl 8.4.0 – Proactively Identifying Potential Vulnerable Assets

On Wednesday, October 4, 2023, the curl project maintainers announced pre-notification for curl version 8.4.0 to be released on October 11. This version will fix two new vulnerabilities with one high and one low-severity CVE. The prenotification stated that the high-severity issue is arguably the...

8.1AI score0.78483EPSS
Exploits6
Qualys Blog
Qualys Blog
added 2023/10/05 10:31 p.m.39 views

Achieving DORA Compliance with Qualys: A Comprehensive Approach

In the ever-changing landscape of finance and technology, it is crucial to have robust operational resilience and compliance frameworks. The Digital Operational Resilience Act DORA framework is a significant step in this direction, as it is intended to strengthen the resilience of financial...

6.7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/10/04 11:10 p.m.35 views

PCI DSS 4.0 FIM Requirements Simplified with Qualys File Integrity Monitoring

File Integrity Monitoring FIM is one of the essential requirements under PCI DSS 4.0. It helps organizations detect and respond to unauthorized changes in critical system files, configuration files, or content files, which is crucial for maintaining the security of cardholder data. Organizations...

6.7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/10/03 5:21 p.m.184 views

CVE-2023-4911: Looney Tunables – Local Privilege Escalation in the glibc’s ld.so

The Qualys Threat Research Unit TRU has discovered a buffer overflow vulnerability in GNU C Librarys dynamic loaders processing of the GLIBCTUNABLES environment variable. We have successfully identified and exploited this vulnerability a local privilege escalation that grants full root privileges...

4.3CVSS7.8AI score0.81422EPSS
Exploits26
Qualys Blog
Qualys Blog
added 2023/09/29 5:43 p.m.35 views

Latest Trend in Mac Vulnerabilities and How to Efficiently Address Them

Usually, every September/October, Apple releases its updated OSes and, with them, a set of new CVEs. This month was no different. In fact, if we look at 2023, Qualys released on average 32 new QIDs every month for MacOs and its 3rd-party products see figure below: Fig 1. Mac Vulns 2023 In the pas...

6.8CVSS6.7AI score0.18185EPSS
Exploits1
Qualys Blog
Qualys Blog
added 2023/09/28 5:10 p.m.21 views

Qualys Named a Market Leader in GigaOm Radar Report for Application Security Testing

Qualys Web Application Scanning WAS has been named a leader in the GigaOm Radar Report for Application Security Testing, 2023. Web app security is critical for every organization, for attacks on this vector caused 25% of breaches, according to the Verizon 2023 Data Breach Investigations Report. T...

6.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/09/27 5:20 p.m.26 views

Mitigating Risk with Custom First-Party Software and Application Components: A CISOs’ Guide

What is First-Party Software Anyway? First-party software, unlike off-the-shelf ‘Third-Party’ software, is custom open-source software OSS and applications created by organizations to stitch together existing software to meet custom business needs. Nearly every company today uses some form of...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/09/26 1:4 p.m.163 views

Qualys Survey of Top 10 Exploited Vulnerabilities in 2023

The Qualys Threat Research Unit TRU has thoroughly analyzed vulnerabilities reported in 2023. Our comprehensive study assesses factors including weaponization status, existence in the CISA KEV, instances or usage of malware and ransomware, trending vulnerabilities, various scoring metrics, and...

7.5CVSS9.8AI score0.99999EPSS
Exploits94
Qualys Blog
Qualys Blog
added 2023/09/18 4:26 p.m.19 views

The MGM Cybersecurity Breach: Learnings and Prevention Measures

As many are aware, the systems of the $14 billion dollar gaming and hospitality giant MGM have been brought to a halt for nearly 5 days due to a multi-vector attack that has come to affect Caesars Entertainment as well. While the culprits of the attack are not confirmed, hacking group Scattered...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/09/18 3:17 p.m.14 views

Qualys Is the Outperformer in the New GigaOm Radar Report for Continuous Vulnerability Management

GigaOm has unveiled its third-annual Radar for Continuous Vulnerability Management featuring Qualys. In this Report, GigaOm provides a detailed analysis of the value and progression of vulnerability management VM capabilities to help organizations build the best security and vulnerability...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/09/12 7:20 p.m.81 views

Microsoft and Adobe Patch Tuesday, September 2023 Security Update Review

Microsoft has released the Patch Tuesday edition for September. This months updates have addressed 66 security vulnerabilities including Edge Chromium-based in multiple products, features, and roles. Microsoft Patch Tuesday for September 2023 Microsoft has addressed two zero-day publicly exploite...

7.5CVSS9.1AI score0.81713EPSS
Exploits5
Qualys Blog
Qualys Blog
added 2023/09/12 3:56 p.m.23 views

Risk Fact #5: Keeping the Pace of Remediation at Cloud Scale Requires Automation

Qualys Blog Series – 2023 TotalCloud Security Insights by the Threat Research Unit The 2023 TotalCloud Security Insights report from the Qualys Threat Research Unit TRU provides research insights, best practices, and detailed recommendations organized by five separate Risk Facts. The insights wil...

6.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/09/04 2:0 p.m.135 views

Qualys Top 20 Most Exploited Vulnerabilities

The earlier blog posts showcased an overview of the vulnerability threat landscape that is either remotely exploited or most targeted by attackers. A quick recap – We focused on high-risk vulnerabilities that can be remotely exploited with or without authentication, and with the view on the time ...

10CVSS10.8AI score0.99999EPSS
Exploits997
Qualys Blog
Qualys Blog
added 2023/08/30 8:47 p.m.21 views

Elevate Your Security Posture: Implementing CIS Top 18 Controls Through Qualys Cloud Platform

The Center for Internet Security CIS is a 501c3 nonprofit organization originally formed in October 2000. CIS has created what is considered one of the industry’s “gold standard” security frameworks based on its mission to “help people, businesses, and governments protect themselves against...

7.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/08/29 8:2 a.m.90 views

Risk Fact #4: Malware in your Cloud means Exploitation is underway

Qualys Blog Series – 2023 TotalCloud Security Insights by the Threat Research Unit The 2023 TotalCloud Security Insights report from the Qualys Threat Research Unit TRU provides research insights, best practices, and detailed recommendations organized by five separate Risk Facts. The insights wil...

7.5CVSS9.5AI score0.99999EPSS
Exploits19
Qualys Blog
Qualys Blog
added 2023/08/24 7:7 p.m.132 views

Qualys Tackles 2022’s Top Routinely Exploited Cyber Vulnerabilities

A unified front against malicious cyber actors is climactic in the ever-evolving cybersecurity landscape. The joint Cybersecurity Advisory CSA, a collaboration between leading cybersecurity agencies from the United States, Canada, United Kingdom, Australia, and New Zealand, is a critical guide to...

10CVSS8.6AI score0.99999EPSS
Exploits660
Qualys Blog
Qualys Blog
added 2023/08/18 5:39 a.m.34 views

Risk Fact #3: External-Facing Vulnerabilities Cloud Security Research Risk Fact

Qualys Blog Series – 2023 TotalCloud Security Insights by the Threat Research Unit The 2023 TotalCloud Security Insights report from the Qualys Threat Research Unit TRU provides research insights, best practices, and detailed recommendations organized by five separate Risk Facts. The insights wil...

7.6AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/08/17 4:59 p.m.30 views

Part III: Implementing Effective Cyber Security Metrics that Reduce Risk Realistically

We outlined some critical cybersecurity metrics in Part I of this three-part blog series. In the final blog post, we will delve into three crucial aspects outlined in Josh’s article: tactical metrics for operational teams, strategic metrics for leadership, and the metrics addressing the...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/08/09 5:9 p.m.7 views

Risk Fact #2: Weaponized Vulnerabilities Cloud Security Research Risk Fact

Qualys Blog Series – 2023 TotalCloud Security Insights by the Threat Research Unit The 2023 TotalCloud Security Insights report from the Qualys Threat Research Unit TRU provides research insights, best practices, and detailed recommendations organized by five separate Risk Facts. The insights wil...

7.5AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/08/08 8:35 p.m.65 views

Microsoft and Adobe Patch Tuesday, August 2023 Security Update Review

Microsoft has released its August edition of Patch Tuesday. This months updates have addressed 89 security vulnerabilities in multiple products, features, and roles. Microsoft Patch Tuesday for August 2023 Microsoft has addressed two zero-day vulnerabilities known to be publicly exploited in this...

7.5CVSS9.5AI score0.99083EPSS
Exploits4
Qualys Blog
Qualys Blog
added 2023/08/08 3:41 p.m.19 views

Ensuring Compliance with DORA: How Qualys Solutions Can Help

Introduction The Digital Operational Resilience Act DORA is a new regulation implemented by the European Union to ensure the stability and security of the financial sector. Coming into effect in 2022, DORA mandates enhanced cybersecurity and operational resilience standards for financial...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/08/03 12:55 p.m.12 views

Qualys Expands Cloud Platform for First-Party Application Risk Detection and Remediation

Have you faced the need to identify & respond to open-source package vulnerabilities like log4shell, openSSL, etc, in production from Day Zero? Are you using first-party, homegrown applications and are worried the risk introduced by those applications is not seen or addressed? Qualys new...

6.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/08/01 12:55 p.m.19 views

Beating the Challenge of Cloud Detection and Response with Qualys TotalCloud Deep Learning AI

Lets go beyond the limitations of configuration management-only, non-cloud-native EDR tools for threat detection & response using deep learning AI. The global adoption of cloud technology has supercharged agile innovation in virtually every business sector. As a result, organizations are now...

7.5AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/08/01 12:55 p.m.19 views

Risk Fact #1: Cloud Migration Exploitation Cloud Security Research Risk Fact

Qualys Blog Series – 2023 TotalCloud Security Insights by the Threat Research Unit The 2023 TotalCloud Security Insights report from the Qualys Threat Research Unit TRU provides research insights, best practices, and detailed recommendations organized by five separate Risk Facts. The insights wil...

7.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/07/27 3:25 p.m.22 views

Part II: Implementing Effective Cyber Security Metrics that Reduce Risk Realistically

In Part I of this three-part blog series, we discussed building a cyber risk metrics program from the ground up. We also discovered how to implement effective strategies for holistically articulating your cyber risk posture across your organization. In our second installment, we’ll delve deeper...

7.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/07/27 1:41 p.m.15 views

Who Protects PII – Consumers or Companies?

Introduction Did you know that as a consumer, 25% of the apps you engage with are collecting your Personally Identifiable Information PII? Do you know why they are collecting it or where they are storing it? Also, do you realize as a company, General Data Protection Regulation GDPR fines can reac...

7.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/07/21 5:0 p.m.83 views

Add Unique Asset Context with Custom Attributes in CSAM

There is no such thing as “too much context” when it comes to asset management. Continuous discovery and comprehensive, normalized asset data create the foundation for streamlined risk detection and response. The more reliable asset data a security team has, the better it can operationalize an...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/07/20 2:45 p.m.16 views

Part I: Implementing Effective Cyber Security Metrics That Reduce Risk Realistically

As a CISO or business leader, some burning questions that often come to your mind are: How vulnerable is our cybersecurity posture? Are we better protected than we were three months or a year ago? Have our investments improved the cybersecurity posture and yielded any tangible benefits? Are my...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/07/19 3:56 p.m.98 views

Oracle Patch Tuesday, July 2023 Security Update Review

Oracle has released its third quarterly edition of Critical Patch Update, which contains a group of patches for 508 security vulnerabilities. Some of the vulnerabilities addressed this month impact more than one product. These patches address vulnerabilities in Oracle code and third-party...

7.5CVSS9.6AI score0.99615EPSS
Exploits32
Qualys Blog
Qualys Blog
added 2023/07/19 3:53 p.m.327 views

CVE-2023-38408: Remote Code Execution in OpenSSH’s forwarded ssh-agent

The Qualys Threat Research Unit TRU has discovered a remote code execution vulnerability in OpenSSHs forwarded ssh-agent. This vulnerability allows a remote attacker to potentially execute arbitrary commands on vulnerable OpenSSH’s forwarded ssh-agent. Given the widespread use of OpenSSH’s...

7.5CVSS9.1AI score0.76768EPSS
Exploits10
Qualys Blog
Qualys Blog
added 2023/07/18 1:38 p.m.110 views

Part 2: An In-Depth Look at the Latest Vulnerability Threat Landscape (Attackers’ Edition)

The previous blog from this three-part series showcased an overview of the vulnerability threat landscape. To summarize quickly, it illustrated the popular methods of exploiting vulnerabilities and the tactical techniques employed by threat actors, malware, and ransomware groups. Perhaps more...

10CVSS9.3AI score0.99999EPSS
Exploits741
Qualys Blog
Qualys Blog
added 2023/07/14 8:55 p.m.126 views

Evaluate Your Windows Endpoints for Storm-0978 Activity With Qualys Endpoint Security

Summary: On July 11, Microsoft released security bulletins to fix 132 vulnerabilities. With the July Patch Tuesday, Microsoft also remediated six zero-day vulnerabilities. For your quick reference, the following are the zero-day vulnerabilities: 1. CVE-2023-32046 - Windows MSHTML Platform Elevati...

9.3CVSS8.6AI score0.99374EPSS
Exploits70
Qualys Blog
Qualys Blog
added 2023/07/11 8:30 p.m.120 views

Microsoft and Adobe Patch Tuesday, July 2023 Security Update Review

Microsoft has released Julys edition of Patch Tuesday! This installment of security updates addressed 132 security vulnerabilities in various products, features, and roles. Microsoft Patch Tuesday for July 2023 This months Patch Tuesday edition has fixed six zero-day vulnerabilities known to be...

7.5CVSS9.7AI score0.99083EPSS
Exploits8
Qualys Blog
Qualys Blog
added 2023/07/11 2:1 p.m.42 views

Part 1: An In-Depth Look at the Latest Vulnerability Threat Landscape

The number of vulnerabilities is steadily increasing over the years, as evidenced by the 206,000 vulnerabilities reported and still counting in the National Vulnerability Database NVD. With each subsequent year, this trend has persisted since 2016, surpassing the previous vulnerability count. In...

9.3CVSS9.7AI score0.32724EPSS
Exploits2
Total number of security vulnerabilities1089