The upcoming release of the Qualys Cloud Platform (VM, PC), version 8.21.7, will include new features in Qualys Cloud Platform and Qualys Policy Compliance. This release will also add new technology support for Riverbed SteelHead RiOS in Qualys Policy Compliance via Qualys Out-of-Band Configuration Assessment (OCA).
This release is scheduled to go live across the shared platforms starting November 26, 2019.
The BlueKeep vulnerability, initially released in May 2019, is currently being exploited in the wild. Cybersecurity researchers have spotted initial attacks of Bluekeep RDP vulnerability. Here’s a reminder about BlueKeep and instructions for using Qualys to identify attacks and remediate this vulnerability.
Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS and application vendors and other industry best practices.
In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library every month.
The October release includes the following new policy and updates:
Qualys’ Certification Page at CIS has been updated.
The upcoming release of the Qualys Cloud Platform (VM, PC), version 8.21.6, will include several new features in Qualys Cloud Platform, Vulnerability Management, and Policy Compliance. 8.21.6 will also add support for multiple technologies in Qualys Policy Compliance.
This release is scheduled to go live across the shared platforms starting November 15, 2019.
Qualys is a leader in cybersecurity and one of the more recognizable and respected names in the industry. It should be. The company has been around for 20 years, and it continues to innovate and push the envelope.
Later this month, Qualys will take over Bellagio Hotel in Las Vegas for the Qualys Security Conference 2019 (QSC). I realize there are a lot of cybersecurity vendors and an overwhelming number of cybersecurity conferences you could choose to attend, but here are 5 reasons you should seriously consider going to Qualys Security Conference.
Certain versions of PHP 7 running on NGINX with php-fpm enabled can be vulnerable to the remote code execution vulnerability CVE-2019-11043.
Given the simplicity of the exploit, all web servers using the vulnerable version of PHP should be upgraded to non-vulnerable PHP versions as soon as possible. Because the vulnerability is limited to specific configurations, the number of vulnerable installations is smaller than it might be.
Qualys Web Application Scanning (WAS) will test for this vulnerability as long as QID 150270 is included in your scan. We recommend organizations immediately remediate all systems that are vulnerable. While you are getting ready to patch, you can easily deploy a virtual patch via pre-built templates in Qualys Web Application Firewall.
Remediation instructions are included below.
Last year we released the initial version of the Qualys WAS Burp extension to positive reviews. Customers welcomed the ability to send Burp-identified issues into Qualys Web Application Scanning (WAS) for centralized viewing and reporting of automated scanner findings plus manual pen-test issues from Burp.
Now we are pleased to announce the release of version 2 of the Qualys WAS Burp extension. In addition to the previous functionality, this version allows you to import a WAS finding directly into Burp Repeater to manually validate the vulnerability. Even better is that this new capability works with both Burp Suite Professional and Burp Suite Community Edition.
This week saw news of self-propagating worms in the container landscape to perform unsanctioned computation tasks such as cryptojacking. This blog post is intended for Qualys customers and partners to understand how such container attacks work, provide security best practice recommendations & walkthrough related Qualys product portfolio functionality.
The release of the Qualys Vulnerability Signature, version 2.4.722-4, includes changes for Oracle Database signatures. The 2.4.722-4 release is live as of October 11, 2019.
This month’s Microsoft Patch Tuesday addresses 59 vulnerabilities with only 9 of them labeled as Critical. Of the 9 Critical vulns, 7 of them are for browsers and scripting engines. The remaining 2 are for Azure App Service and Remote Desktop Client. In addition, PoC code has been published for an Important Windows Error Reporting vulnerability. Adobe has not posted any patches for Patch Tuesday, but did issue out-of-band patches for ColdFusion on September 24th.
