Qualys Community

1096 posts

Emergency Flash Player 0-day update released by Adobe

Adobe released APSB16-36 today to fix one 0-day vulnerability in Flash.  The vulnerability is currently being used in active attacks and therefore Adobe released this emergency fix. If left un-patched, attackers can remotely take complete control of the machine. The vulnerability (CVE-2016-7855) is triggered when the victim views malicious Adobe flash content. Usually innocent users end up with malicious flash content by clicking on bad links from e-mails, blogs, bulletin boards and other sources.

Continue reading …

Video: Pulitzer Prize Winner Kaplan Talks about Cyber War in our Unsafe Internet

Qualys Security Conference 2016 ended with a bang thanks to Fred Kaplan, a Pulitzer Prize winner whose keynote “Cyber Conflict: Prevention, Stability and Control” gave hundreds of attendees plenty of food for thought as they got ready to head back home.

Kaplan offered an unsettling overview of crucial security compromises made by architects, custodians and operators of the Internet from its genesis as Arpanet in the late 1960s to today.

Continue reading …

Agility and Flexibility Needed To Manage Risk Throughout Vendor Relationship Lifecycle

We conclude our series on assessing third-party risk, where we’ve described scenarios in which an automated, cloud-based system can help you identify security and compliance gaps among vendors, partners and employees.

As we have outlined in this blog series, CISOs and their infosec teams need clarity and visibility not only into their IT environments, but also across their roster of trusted vendors. Organizations that don’t properly assess and manage the risk of doing business with their vendors, partners, suppliers, contractors and other third parties make their IT network and data vulnerable to hackers.

Continue reading …

Oracle October 2016 Critical Patch Update

Oracle released another massive patch update today which fixed 253 security flaws across hundreds of Oracle products.  This year we have seen the updates getting bigger as compared to an average of 161 vulnerabilities 2015 and 128 vulnerabilities in 2014. Many components fixed in today’s release are remotely exploitable. Since most organizations have different teams to patch databases, networking components, operating systems, applications server and ERP systems, I have broken down the massive update in these categories. Other than the exception of Java there are no consumer products and administrators should focus on their individual patching domains.

Continue reading …

My Life as a Chief Security Officer

Gerhard Eschelbeck, Google’s VP of security and privacy engineering, worked at Qualys in the early- to mid-2000s and remembers it as a then-fledgling company brimming with passion and energy about its mission to change vulnerability management.

“It’s amazing to see the growth of the company, and the success and the trust you all have given to a technology that started about 15 years ago,” Eschelbeck said Wednesday at his keynote titled “My Life as a Chief Security Officer” during the Qualys Security Conference in Las Vegas.

Continue reading …

Security Is Tough, but Infosec Pros Can Find Joy in the Work

Anger. Frustration. Despondency. Hopelessness. Capitulation.

These are typical feelings experienced by infosec pros, as they deal with careless end users, impatient executives, emerging technology, budget constraints and understaffing.

“It’s tough out there,” said Mike Rothman, president of Securosis, an information security and analysis firm.

Continue reading …

Infosec Teams Need More Collaboration and Automation to Defend Their Organizations and Help Them Succeed

Infosec teams are under a figurative DDoS (distributed denial of service) attack caused by a variety of business and operational factors that overwhelm them and keep them from crafting strategies to address long-term challenges.

Instead, infosec pros spend most of their time at work doing “day-to-day” tasks due to issues like understaffing and an overload of security alerts, according to Joseph Blankenship, a Senior Analyst at Forrester Research.

Continue reading …

The Big Year: 2016 Product Advances Highlighted at QSC

Several product management leaders took the stage at Qualys Security Conference 2016 in Las Vegas on Wednesday to outline major recent improvements to Qualys products, including Cloud Agent, AssetView, ThreatPROTECT, Vulnerability Management, Policy Compliance and Web Application Scanning.

Continue reading …

As Traditional Network Perimeters Dissolve, Qualys Cloud Platform Provides Global Security and Compliance Visibility

Every day, a large bank scans 1.4 million devices, a home improvement chain scans 2,200 stores and a major cloud infrastructure provider scans 2 million devices.

What do these three big companies have in common? They all rely on the Qualys Cloud Platform for these critical security scans, Qualys Chief Product Officer Sumedh Thakar said at the company’s annual conference.

Continue reading …

Qualys CEO Philippe Courtot Kicks Off QSC16 with Call for Organizations to Secure Their Digital Transformations

As organizations pursue digital transformation efforts, traditional security solutions are falling short, reducing CISOs’ visibility into the increasingly complex IT environments of cloud computing and interconnected business, and creating infosec challenges hackers are eager to exploit.

CEOs are under business pressure to adopt new, emerging technologies that can improve their businesses by gathering and analyzing more data about their products and customers, but security can’t be overlooked.

“Bad guys have taken advantage of the fact that digital transformation forces us to open our networks and interconnect many things,” Philippe Courtot, Qualys’ chairman and CEO, said during the opening keynote of this year’s Qualys Security Conference.

Continue reading …