This month’s Microsoft Patch Tuesday included a very high-risk vulnerability (CVE-2019-0708, aka BlueKeep) in Remote Desktop that impacts Windows XP, Windows 7, Server 2003, Server 2008, and Server 2008 R2. This vulnerability allows an unauthenticated attacker (or malware) to execute code on the vulnerable system. It is very likely that PoC code will be published soon, and this may result in a WannaCry-style attack.

Microsoft has not only released patches for Windows 7, Server 2008 & R2, but also has taken the extra step to issue patches for Windows XP and Server 2003. Patch now!

UPDATE: Network Level Authentication (NLA) partially mitigates this vulnerability. QID 90788 (Microsoft Windows Network Level Authentication Disabled) can be used to find hosts that have NLA disabled. This forces the attacker to have valid credentials in order to perform RCE.

Continue reading …

It’s that time of the year when Verizon updates us on the latest trends in the global threat landscape with its Data Breach Investigations Report (DBIR). The findings in this year’s report are based on data provided by more than 70 sources (including Qualys) about more than 41,000 security incidents, including more than 2,000 confirmed data breaches, across a variety of geographies (over 80 countries) and industries. A privileged observation point indeed.

While the very informative 78-page report touches on a wide range of areas,  I’ll focus on three that are particularly relevant for Qualys customers:

• Who are hackers’ preferred targets, and why
• The importance of reducing both the time it takes to discover security problems, such as vulnerabilities or breaches, and the time it takes to fix them
• How lack of visibility, human error and careless misconfigurations heighten organizations’ security risks

Read on to learn more about the evolution (or is it “EVILution”) of the threat landscape in the past year, and find out about recommended actions.

Continue reading …

This month’s Microsoft Patch Tuesday addresses 79 vulnerabilities with 22 of them labeled as Critical. Of the 22 Critical vulns, 18 are for scripting engines and browsers. The remaining 4 are remote code execution (RCE) in Remote Desktop, DHCP Server, GDI+, and Word. Microsoft also released guidance on the recently disclosed Microarchitectural Data Sampling (MDS) techniques, known as ZombieLoad, Fallout, and RIDL. Adobe’s Patch Tuesday includes patches for vulnerabilities in Flash, Acrobat/Reader (83 vulnerabilities!) and Media Encoder.

UPDATE May 15: Microsoft has also issued Remote Desktop patches for Windows XP and Server 2003.

Continue reading …

This new release of the Qualys Cloud Platform (VM, PC), version 8.19, contains several new features and improvements in Qualys Vulnerability Management and Policy Compliance, which include an improved display of deadlines for remediation policies in VM; additional support for MS Exchange Server authentication, and default selection of layout options in policy report templates in PC; 2 new options for Sybase authentication, support for Microsoft Azure Key Vault in Qualys Cloud Platform, as well as a change in an existing option name (“Scan agent hosts in my target”) in the Launch Vulnerability Scan page.

Continue reading …

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS and application vendors and other industry best practices.

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library every month.

The March release includes the following new policy and updates:

• New Industry and Best Practice policies for Microsoft Windows 10 Release 1809
• New CIS Benchmark policies for Amazon Linux 2 v1.0.0, VMware ESXi 6.5 v1.0.0, Debian Linux 9 v1.0.0, and Microsoft Windows 10 Enterprise Release 1803 v1.5.0

Continue reading …

This new release of the Qualys Cloud Platform, version 8.18.2.0, includes the new look for the App Picker, new technology support for Unix UDCs, and error code/text for errors that occur during control evaluation.

Continue reading …

Tell your security story to your peers at Black Hat USA 2019!

Qualys is looking for customers excited to share your security story, for example:

• How you integrate security into DevOps
• Best practices for building security into modern enterprises
• Case studies leveraging the use of the Qualys Cloud Platform

Take the stage in the Qualys booth to share your experience with Black Hat USA attendees two or three times total during exhibit hall hours on August 7 and 8.

If you would like to be considered as a presenter, please send a title and short abstract for a 20-minute presentation to Victoria Venturi at vventuri@qualys.com. The call for presenters is open through Thursday, June 6, 2019.

Black Hat USA is held at Mandalay Bay Resort and Casino in Las Vegas. Qualys will provide accepted presenters with a full conference pass, and pay your airfare plus hotel expenses for the conference.

Looking for inspiration? See what customers presented in the Qualys booth last year.

Recently new vulnerabilities like Zombie POODLE, GOLDENDOODLE, 0-Length OpenSSL and Sleeping POODLE were published for websites that use CBC (Cipher Block Chaining) block cipher modes. These vulnerabilities are applicable only if the server uses TLS 1.2 or TLS 1.1 or TLS 1.0 with CBC cipher modes.

Continue reading …

The Qualys Training team has expanded the AssetView & Threat Protection course, and added two new training series: CertView and Troubleshooting Scanner Appliance Error Codes.

These new additions build on last month’s update, when we introduced the new Vulnerability Management learning path, which takes you from the fundamentals through advanced topics, and ensures you have a complete foundation in Qualys technology.

The Qualys Training team brings you these updates to help you learn quickly how to get the most value from your Qualys subscription. Read on for more detail on what’s new this month.

Continue reading …

If your company uses Slack and is looking for ways to easily monitor activities in its AWS Golden AMI Pipeline, you can use AWS native services to send messages into a Slack channel. This can give your teams better visibility into the approval process for the candidate AMIs that they submit, as opposed to handling this via email. As we all know, email messages can get lost, overlooked or dumped in spam folders, which doesn’t happen with Slack messages. Moreover, Slack channels can have multiple subscribers so a single message can be seen by multiple people or other bots. Handling approval requests within a Slack channel also simplifies the management of the process.

Read on for a detailed, step-by-step explanation.

Continue reading …