This release of the Qualys Cloud Platform version 2.28 includes updates and new features for Cloud Agent, AssetView, ThreatPROTECT, Security Assessment Questionnaire and Web Application Scanning, highlights as follows:
First discussed in the 1990s and turned into law last year, the EU’s General Data Protection Regulation (GDPR) finally goes into effect in May 2018, imposing strict requirements on millions of businesses and subjecting violators to severe penalties.
The complex regulation is of concern not just to European businesses. It applies to any organization worldwide that controls and processes the data of EU citizens, whose privacy the GDPR is meant to protect.
A recent PwC survey found that more than half of U.S. multinationals say GDPR is their main data-protection priority, with 77% of them planning to spend $1 million or more on GDPR readiness and compliance.
“The GDPR is putting data protection practices at the forefront of business agendas worldwide,” Steve Durbin, Information Security Forum’s managing director, wrote recently.
In other words, it’s crunch time for companies that fall within the GDPR’s broad scope and that haven’t completed their preparations to comply with this regulation. Gartner estimates that about half of organizations subject to the GDPR will be non-compliant by the end of 2018. You don’t want to be in this group of laggards.
This release of the Qualys Cloud Platform version 2.27 includes updates and new features for Cloud Agent and AssetView as follows:
Security teams should apply vendor patches immediately to protect their Linux, OpenBSD, NetBSD, FreeBSD and Solaris infrastructure from The Stack Clash vulnerability (also see the security advisory). To help in that effort, this blog post describes a new built-in Qualys AssetView dashboard to visualize The Stack Clash and quickly identify vulnerable assets in your organization.
The Stack Clash is a vulnerability in the memory management of several operating systems. It affects Linux, OpenBSD, NetBSD, FreeBSD and Solaris, on i386 and amd64. It can be exploited by attackers to corrupt memory and execute arbitrary code.
Qualys researchers discovered this vulnerability and developed seven exploits and seven proofs of concept for this weakness, then worked closely with vendors to develop patches. As a result we are releasing this advisory today as a coordinated effort, and patches for all distributions are available June 19, 2017. We strongly recommend that users place a high priority on patching these vulnerabilities immediately.
Today Microsoft released patches to fix 94 vulnerabilities out of which 27 fix remote code execution issues which can allow an attackers to remotely take control of victim machines. This is a massive update and fixes more than double the number of vulnerabilities as compared to the last two months.
As you roll out Security Assessment Questionnaire to your vendors and internal stakeholders, it is necessary to avoid lengthy questionnaires containing many sections with questions that are not relevant to their area of work. It is important that respondents don’t get overwhelmed and spend a lot of time and effort in sifting through all the questions deciding for themselves whether a section or a question is relevant or applicable to them. Invariably, this results in delays in getting their responses back to you.
The latest version of Security Assessment Questionnaire enables you to use a gating mechanism for controlling the flow of your questionnaire. You can now decide which questions or sections a respondent can see, based on his response to a question or a combination of questions. This makes it easier for respondents to see and respond to only relevant sections and questions thereby making the entire exercise more time-efficient for them. It is also easier for you to analyze all the consolidated responses.
The Joomla community recently patched a SQL injection vulnerability introduced in Joomla 3.7.0. The article reporting this vulnerability explains how to identify the vulnerability (which was discovered via static code analysis) and how to craft an attack, e.g.
http://example.com/joomla/index.php?option=com_fields&view=fields&layout=modal& list[fullordering]=exploitation_code
After reviewing the description of the vulnerability, I wondered whether an automated web application scanner, known as a DAST (Dynamic Application Security Testing) tool, could identify an instance of this vulnerability without digging into the source code.
On Wednesday, the Samba Team patched a vulnerability that exists in all versions of Samba including and after version 3.5.0. Exploitation of this vulnerability could result in remote code execution on the affected host.
Samba is used to provide SMB and CIFS services for Linux systems, and is pervasive in both enterprise and consumer products. While the Samba Team is providing patches for the latest versions (4.4.x and higher), some Linux vendors, such as RedHat and Ubuntu, are providing patches for older versions of Samba if they are used in a supported version of the OS. The Samba Team may also release patches for older versions of Samba.
The WannaCry ransomware attack spread so quickly and has been so disruptive that IT departments can’t get enough information about what caused it, how it can be remediated and what can be done to protect their organizations from similar threats. This thirst for insights, explanations and best practices was evident during the Q&A portion of our recent webcast “How to Rapidly Identify Assets at Risk to WannaCry Ransomware.”
Below is a transcript of 20 questions asked by participants, and the answers provided by our experts, Qualys CISO Mark Butler and Qualys Product Management Director Jimmy Graham. Continue reading …