Lucene search
K
QualysblogRecent

1089 matches found

Qualys Blog
Qualys Blog
added 2023/07/06 10:26 p.m.11 views

How Qualys Drives PCI DSS 4.0 Compliance for File Integrity Monitoring

The Payment Card Industry Data Security Standard PCI DSS is a well-known rule for compliance by merchants and entities involved in payment card processing. The new PCI DSS 4.0 standard specifies a broad range of technical and process requirements to ensure the safety of payment cardholder data or...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/07/06 7:31 p.m.21 views

Qualys Performance Tuning Series: Qualys Cloud Agent Configuration Best Practice

The following blog is part of our Qualys Performance Tuning Series. The first blog covered the topic of optimizing performance through the removal of stale assets. This series aims to provide you with comprehensive guidance on how to enhance the efficiency and effectiveness of your Qualys...

7.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/06/26 8:14 a.m.21 views

Supporting Our U.S. Federal Customers for BOD 23–02 by Mitigating the Risk From Internet-Exposed Management Interfaces

On June 13, 2023, the U.S. Cybersecurity & Infrastructure Security Agency CISA released Binding Operational Directive BOD 23-02: Mitigating the Risk from Internet-Exposed Management Interfaces. The directive requires federal civilian executive-branch agencies to adhere to two primary actions:...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/06/14 7:58 p.m.17 views

Qualys Responds to CISA Alert: Binding Operational Directive 23-02

The latest Binding Operational Directive from the Cybersecurity and Infrastructure Security Agency CISA BOD 23-02 requires agencies to take steps to reduce the attack surface created by insecure or misconfigured management interfaces across certain classes of devices. While this new mandate impac...

6.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/06/14 3:0 p.m.11 views

CVSSv4 Public Preview Announcement

On June 8, 2023, at the 35th Annual FIRST Conference in Montreal, the public preview of CVSSv4 was announced. The Common Vulnerability Scoring System CVSS is an open framework for communicating the characteristics and severity of software vulnerabilities. Since its initial release in 2004, CVSS h...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/06/13 7:58 p.m.68 views

Microsoft and Adobe Patch Tuesday, June 2023 Security Update Review

Microsoft has released Junes edition of Patch Tuesday! This installment of security updates addressed 94 security vulnerabilities in various products, features, and roles. Microsoft Patch Tuesday for June 2023 No zero-day vulnerabilities known to be exploited in the wild have been fixed in this...

7.5CVSS9.8AI score0.99618EPSS
Exploits12
Qualys Blog
Qualys Blog
added 2023/06/08 9:12 p.m.18 views

Empower Your Security Team With Our Robust Script Library

Introduction Qualys Custom Assessment and Remediation CAR lets you leverage your same Qualys Cloud Agent for custom detection and remediation measures. Yes, the same agent you rely on for VMDR, Patch Management, Policy Compliance, EDR, or FIM can now be used for custom detection and response...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/06/07 5:28 p.m.48 views

Progress MOVEit Transfer Vulnerability Being Actively Exploited

On June 2nd, CVE-2023-34362 was published against the Progress MOVEit Transfer product and was quickly added to CISA’s Known Exploited Vulnerabilities Catalog. MOVEit Transfer is a managed file transfer solution available as an on-premise solution that enables file transfer between business...

7.5CVSS10.5AI score0.99934EPSS
Exploits15
Qualys Blog
Qualys Blog
added 2023/06/06 5:1 p.m.36 views

Behind the Screen: Three Vulnerabilities in RenderDoc

The Qualys Threat Research Unit TRU has discovered three vulnerabilities in RenderDoc. This blog will delve into the details of these three newly discovered vulnerabilities found within RenderDocs implementation. As part of our ongoing commitment to safeguard digital assets and strengthen...

7.5CVSS8.6AI score0.03648EPSS
Exploits5
Qualys Blog
Qualys Blog
added 2023/06/01 4:10 a.m.25 views

TotalCloud Empowered with CloudView Integration

Qualys, a leading provider of cloud-based security and compliance solutions, offers Qualys TotalCloud - a unified vulnerability, threat, and posture management solution. This solution simplifies cloud infrastructure security by combining essential components such as Cloud Workload Protection, Clo...

6.7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/05/30 8:36 a.m.22 views

Qualys Gateway Service now available in AWS, Azure, and Google Cloud Marketplaces

Why are customers moving to the Cloud? Cloud computing adoption has been increasing, with cloud-specific spending expected to grow at more than five times the rate of general IT spending through 2023. Many organizations are working to move their enterprise systems to the cloud, with those migrati...

6.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/05/18 4:3 a.m.22 views

New Strain of Sotdas Malware Discovered

Introduction There are numerous malicious codes that are currently active on smart devices, such as Ddosf, Dofloo, Gafgyt, MrBlack, Persirai, Sotdas, Tsunami, Triddy, Mirai, Moose, and Satori, among others. These malicious codes and their variants can intrude into and control smart devices throug...

7.6AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/05/10 7:11 p.m.15 views

Adopting an Effective and Easy To Implement Zero Trust Architecture

Security professionals employed by a federal agency, supplier, or regulated private sector firm are often challenged by long lists of required cybersecurity rules that can seem endless and unchanging. White House Executive Orders, FedRAMP requirements, CISA Binding Operational Directives, NIST...

6.7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/05/10 7:9 p.m.17 views

New TSA Cybersecurity Emergency Action Rule Impacts Cybersecurity and Compliance

On March 7, 2023, in the wake of President Joe Biden’s National Cybersecurity Strategy announcement, the U.S. Transportation Security Administration TSA issued a cybersecurity emergency action amendment for certain regulated airport and aircraft operators. The new Action Rule can have significant...

7.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/05/09 9:24 p.m.219 views

Microsoft and Adobe Patch Tuesday, May 2023 Security Update Review

Microsoft has addressed 49 vulnerabilities in its May Patch Tuesday edition. The security advisories cover various vulnerabilities in different products, features, and roles. Lets guide you through this months Patch Tuesday details. Microsoft Patch Tuesday for May 2023 Microsoft has also addresse...

7.6CVSS9.6AI score0.94683EPSS
Exploits11
Qualys Blog
Qualys Blog
added 2023/04/27 1:30 p.m.17 views

Qualys Virtual Cyber Risk Summit: That’s a Wrap!

Over the last few years, the volume of software developed and the surge in vulnerabilities has been staggering. Combine this with a shortage of cybersecurity professionals, and organizations are left with the daunting challenge of keeping up with the sheer volume of information coming at them. At...

6.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/04/24 10:26 p.m.11 views

Qualys Launches Inaugural Cyber Risk Summit to Share Expert Insights

Cybersecurity professionals from all over are making their way to RSA’s annual conference this week in search of inspiration and expert advice on bolstering their security postures. But for those who could not disrupt their schedules to make the trip, Qualys is providing IT and security...

6.7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/04/24 9:40 a.m.22 views

Qualys Security Solutions Now Support Alibaba Cloud

Enterprise IT environments are getting exponentially more complex with the booming adoption of cloud computing, upping the ante for InfoSec teams, which must protect these new environments. As the foundation for modern IT innovations that propel digital transformation, public cloud platforms are...

6.7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/04/19 11:47 a.m.391 views

Oracle Patch Tuesday April 2023 Security Update Review

Oracle has released the second quarterly edition of Critical Patch Update, which contains a group of patches for 433 security vulnerabilities. Some of the vulnerabilities addressed this month impact various products. These patches address vulnerabilities in Oracle code and third-party components...

7.5CVSS9.5AI score0.99677EPSS
Exploits125
Qualys Blog
Qualys Blog
added 2023/04/18 4:21 p.m.52 views

Qualys Security Updates: Cloud Agent for Windows and Mac

As part of our commitment to transparency and keeping customers and the community informed, Qualys is publicly disclosing three CVEs pertaining to the Qualys Cloud Agent for Windows and one CVE on the Qualys Cloud Agent for Mac. Qualys has confirmed there is no impact on the Qualys production...

3.7CVSS7.7AI score0.00219EPSS
Exploits0
Qualys Blog
Qualys Blog
added 2023/04/12 12:16 a.m.74 views

Microsoft and Adobe Patch Tuesday April 2023 Security Update Review

Microsoft released security updates to address 114 vulnerabilities in the April Patch Tuesday edition. The security advisories cover various vulnerabilities in different products, features, and roles. Lets know more about this months Patch Tuesday details. Microsoft Patch Tuesday for April 2023...

7.5CVSS10.2AI score0.95454EPSS
Exploits17
Qualys Blog
Qualys Blog
added 2023/04/04 12:16 a.m.51 views

3CXDesktopApp Backdoored in a Suspected Lazarus Campaign

Introduction The attack involved a compromised version of the 3CX VoIP desktop client, which was used to target 3CXs customers. The compromised 3CX application is a private automatic branch exchange PABX software and is available for Windows, macOS, Linux, Android, IOS and Chrome. Currently, ther...

8AI score0.04373EPSS
Exploits1
Qualys Blog
Qualys Blog
added 2023/04/03 10:41 p.m.44 views

Augment Security Asset Tagging with Custom Assessment and Remediation (CAR)

Security asset tagging provides a flexible and scalable way to organize the assets in your environment based on specific requirements. It enables you to create tags and assign them to your assets, which can improve your cybersecurity maturity and reduce risks for breaches and audit failures. Qual...

6.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/04/03 10:7 p.m.22 views

Risk Fact #5: Infrastructure Misconfigurations Open the Door to Ransomware

Qualys Blog Series – Threat Research Unit Report In this last blog of our series describing the top Risk Facts discovered in the 2023 Qualys TruRisk Research Report, we go under the hood to better understand Risk Fact 5: Infrastructure misconfigurations open the door to ransomware Misconfiguratio...

6.7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/03/31 5:17 p.m.59 views

Risk Fact #4: Misconfigurations Still Prevalent in Web Applications

Qualys Blog Series – Threat Research Unit Report The Open Web Application Security Project OWASP Top 10 is a list of the most common and most critical vulnerabilities that can impact a web application. Security experts rely on the OWASP Top 10 when talking about web app security. The list helps...

8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/03/31 5:12 a.m.26 views

Risk-based Vulnerability Management Combined With A Cyber Risk Management Platform

Recent insights from IDCs recent report, Worldwide Device Vulnerability Management Forecast, 2023–2027: Evolving Beyond Scanning Feb. 2023, provide a sobering look at the future of what cybersecurity stacks may look like in a few years. As the name suggests, this report took a deep dive into the...

6.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/03/30 5:3 p.m.17 views

Risk Fact #3: Initial Access Brokers Attack What Organizations Ignore

Qualys Blog Series – Threat Research Unit Report “Divide and Conquer” is an emerging and winning strategy for cyber criminals who split responsibilities to improve execution of the attack process. Some threat actors specialize in the back end, which often is ransomware deployed at scale. The fron...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/03/29 5:59 p.m.18 views

Risk Fact #2: Automation Is the Difference Between Success and Failure

Qualys Blog Series – Threat Research Unit Report Organizational leaders dread the consequences of a successful cyber-attack, which can be devastating due to data loss, reputational damage, and legal repercussions. Under the hood, security professionals are acutely focused on finding technical mea...

6.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/03/28 12:49 p.m.21 views

Risk Fact #1: Speed Is the Key to Out-Maneuvering Adversaries

Qualys Blog Series – Threat Research Unit Report The 2023 Qualys TruRisk Research Report from the Qualys Threat Research Unit TRU provides detailed research insights that are organized into five separate Risk Facts. In this blog, we look at Risk Fact 1 - Speed is the key to out-maneuvering...

6.5AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/03/21 5:14 p.m.23 views

ACSC Essential 8 Cybersecurity Strategies, Maturity Levels, and Best Practices

Originally published in 2017 as an evolution of the Australian Signals Directorate’s Strategies to Mitigate Cyber Security Incidents, the Australian Cyber Security Centre ACSC Essential 8 E8 consists of a set of strategies that can make it harder for threat actors to compromise a firm’s...

6.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/03/16 2:16 p.m.28 views

A New Approach to Discover, Monitor, and Reduce Your Modern Web Attack Surface

Web applications reign the internet universe, but also bring new risks that let attackers poke holes in an ever-expanding attack surface. Stolen credentials have been the historical culprit. Recent analysis saw a spike in exploits targeting web applications directly through specially-crafted...

0.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/03/15 6:23 a.m.15 views

Staying Ahead of Ransomware Threats

Ransomware attacks have become a growing threat to organizations of all sizes and sectors. Many of these attacks exploit known vulnerabilities, making organizations need to quickly identify and fix these weaknesses to prevent a potential ransomware incident. This is where the Ransomware...

1.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/03/15 12:8 a.m.147 views

The March 2023 Patch Tuesday Security Update Review

Microsoft has released its monthly security update for March 2023. This months updates addressed various vulnerabilities in different products. Lets go through this months Patch Tuesday details and discuss the security updates. Microsoft Patches for March 2023 Microsoft has addressed 101...

0.5AI score0.97408EPSS
Exploits33
Qualys Blog
Qualys Blog
added 2023/03/02 12:5 p.m.36 views

Qualys VMDR & Jira Integration Now Available

The increasing number of vulnerabilities poses a significant challenge for most organizations trying to effectively manage and mitigate Cyber risks. According to NVD, the number of vulnerabilities in 2022 increased by approximately 25% as compared to 2021. As we are in start of March the...

0.6AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/02/22 3:36 a.m.157 views

What’s Next After Log4Shell?

How To Deal With the Next Open-Source Vulnerability Using Custom Scripts A critical vulnerability in Apache’s Log4j Java-based logging utility CVE-2021-44228 was previously referred to as the “most critical vulnerability of the last decade.” In the wake of Log4Shell exploits, many security...

9.3CVSS9.7AI score0.99999EPSS
Exploits347
Qualys Blog
Qualys Blog
added 2023/02/16 9:54 p.m.35 views

Automating Vulnerability Management with Qualys VMDR & ServiceNow

With a growing number of cyber-attacks and the push to stay ahead of adversaries, the Vulnerability Management lifecycle has become necessary for ensuring enterprise-grade cyber resiliency. For many organizations, there is a persistent challenge in supporting vulnerability assessment and...

1.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/02/15 11:34 p.m.68 views

Forta GoAnywhere Zero-Day Exploited By Threat Actors

On February 1st, 2023, Forta released an advisory behind an auth wall notifying their customers of a remote code execution zero-day exploit affecting their GoAnywhere Managed File Transfer MFT application. This was picked up by Brian Krebs, an investigative journalist who published this on his...

0.5AI score0.99999EPSS
Exploits12
Qualys Blog
Qualys Blog
added 2023/02/15 12:56 a.m.103 views

The February 2023 Patch Tuesday Security Update Review

Microsoft and Adobe have released several monthly security fixes and updates for their products. Let’s take a look at the highlights of this month’s Patch Tuesday as we review and discuss the security updates. Microsoft Patches for February 2023 Microsoft has patched 79 vulnerabilities this month...

0.6AI score0.82302EPSS
Exploits11
Qualys Blog
Qualys Blog
added 2023/02/14 5:12 p.m.12 views

Don’t forget about risk remediation of your macOS assets

Employees love for Macs has propelled tremendous growth for Apple. According to a recent study by Parallels, 55% of businesses use Mac devices themselves or explicitly approve of their use within the company. It is hard to believe Macs have been around for almost 4 decades. Largely introduced to...

0.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/02/09 7:52 p.m.33 views

Real-Time Defense of Multi-Cloud Environments From Malicious Attacks and Threats

Organizations today cannot detect real-time threats at runtime due to the multi-cloud infrastructure, resulting in the possibility of malicious actors exploiting the environment. It is imperative for the modern organization to have a solution to detect advanced run-time threats in real-time to...

8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/02/09 7:51 p.m.27 views

Announcing General Availability of Qualys TotalCloud

Qualys TotalCloud is a CNAPP solution based on Qualys Cloud Platform that provides multi-cloud vulnerability detection and misconfiguration response, and today we are pleased to announce that TotalCloud is now generally available. TotalCloud Home Page Unified View of Multi-Cloud Risk Posture...

0.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/02/09 9:55 a.m.30 views

Blind SQL Injection – Content-Based, Time-Based Approaches

Blind SQL Injection Overview Blind SQL InjectionBSQL is a type of SQL Injection SQLI vulnerability, where an attacker exploits the application to extract information from the database. An application vulnerable to SQLI displays application-specific information in the response when it is exploited...

8.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/02/08 4:35 p.m.17 views

Introducing Enterprise TruRisk Management from Qualys

Since the release of Qualys VMDR 2.0 with TruRisk last year, our customers have quickly adopted it to perform cyber risk assessments across the entire enterprise. With detail-rich cyber risk visualization, customers can now pinpoint the areas of their business exposed to elevated levels of cyber...

Exploits0
Qualys Blog
Qualys Blog
added 2023/02/08 1:50 p.m.127 views

Launching Qualys Cloud Threat Database

We are proud to announce the release of the Qualys Cloud Threat Database which correlates more than 25 different threat intelligence feeds into a single source for all Qualys products to leverage. This comprehensive vulnerability and threat intelligence database pulls from trusted sources such as...

9.3CVSS0.99374EPSS
Exploits62
Qualys Blog
Qualys Blog
added 2023/02/08 12:39 a.m.126 views

Ransomware Targets Outdated VMware ESXi Hypervisors: Protect Your Systems Now!

Updated on February 8, 2023 at 2:40 PM Pacific Standard Time: This article has been updated with EVALUATE Vendor-Suggested Mitigation with Policy Compliance PC Updated on February 7, 2023 at 9:05 PM Pacific Standard Time: This article has been updated with the latest information on the...

10CVSS1.4AI score0.83015EPSS
Exploits8
Qualys Blog
Qualys Blog
added 2023/02/06 2:0 p.m.24 views

macOS Patching Is Here!

In the past few years, many of our customers have seen a sharp increase in the number of Mac devices introduced to their environment. All those new Mac devices introduce new vulnerabilities that must be remediated. To keep up with the new volume of vulnerabilities, organizations had to opt-in, bu...

1.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/02/03 10:22 p.m.25 views

Is your FIM Solution Cost and Time Efficient?

Virtually every security professional and corporate executive is painfully aware of recent escalations in cybersecurity threats. No one wants to be a headline or get hit with the typical $4.5 million price tag to remediate an incident IBM Study. Almost every security team will agree that file...

Exploits0
Qualys Blog
Qualys Blog
added 2023/02/03 7:37 p.m.185 views

CVE-2023-25136: Pre-Auth Double Free Vulnerability in OpenSSH Server 9.1

OpenSSH, the widely used open-source implementation of the Secure Shell SSH protocol, recently released version 9.2 on 2023-02-02 to address a pre-authentication vulnerability in the OpenSSH server version 9.1. This specific version of the OpenSSH server, which was released in October 2022, was...

0.7AI score0.89955EPSS
Exploits12
Qualys Blog
Qualys Blog
added 2023/01/31 1:55 p.m.19 views

Why FedRAMP High Authorization Can Ensure High Cybersecurity Maturity

The Federal Risk and Authorization Management Program FedRAMP is a U.S. government initiative that promotes the adoption of secure cloud services across the U.S. federal government by providing a standardized approach to security and risk assessment for cloud technologies. FedRAMP reduces...

0.7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/01/30 8:54 a.m.20 views

Managing Security Configuration Risk with the Most Comprehensive Configuration Compliance Solution!

Qualys leads the industry with 850 policies, 19000 controls, 350 technologies, and 100 frameworks Remote and hybrid work, digital transformation, and customer experience initiatives require rapid and continuous technology additions and changes. This requires continual additions of and deployments...

Exploits0
Total number of security vulnerabilities1089