Qualys Community

998 posts

Newest Java addresses Binary planting vulnerability.

Oracle published a new version of Java 8,7 and 6 to address a vulnerability in the installer. CVE-2016-0603 addresses a flaw where the attacker would seed the system with malicious DLLs that the installer would use instead of the DLLs included in the package itself. This type of vulnerability is generally known as binary planting.

As Oracle points out existing installations are not at risk. New installations should use the latest fixed packages to address the case where and enduser might have visited a malicious site which could have prepared the machine for the attack by downloading altered versions of one of the DLLs involved. Fixed versions of Java are 6 update 113, 7 update 97 and 8 update 73.

 

What is the Apex Predator Doing to Get Your Information?

This week at the USENIX Enigma 2016 Security conference the final talk was given by Rob Joyce, Chief of the NSA’s Tailored Access Operations (TAO). TAO is the offensive unit of the NSA that got much coverage following the public disclosure of internal NSA documents by Edward Snowden, with some of their arsenal of exploitation tools documented.

Continue reading …

Oracle Critical Patch Update January 2016

Oracle has published their Critical Patch Update (CPU) for January 2016. The Oracle CPU is quarterly and addresses the flaws in large Oracle’s product line, including their core product the relational database, but also in a large number of acquisitions like Solaris, MySQL, Java and many of the end-user products, such as JDEdwards ERP, Peoplesoft and CRM.

Continue reading …

Hunting For Vulnerable Functions In Microsoft Silverlight MS16-006

This week Microsoft released a patch for a critical Silverlight issue, MS16-006, and since I worked on Silverlight signatures in the past it caught my eye. It’s a Remote Code Execution vulnerability which allows attackers to run code of his or her choice on the victim machine. I had a hunch that something more was hiding. I started to analyze it as soon as I finished writing signatures for the existing patch. When I was working on the analysis Kaspersky Lab published a great blog post about the story of this vulnerability.

In this blog, I’m presenting analysis of a different function that was also fixed in the same patch.

Continue reading …

Update: Patch Tuesday January 2016

Update: Kaspersky who is credited with finding MS16-006,the critical Silverlight vulnerability just published their story on how the bug was found. Very interesting, has to do with the Hacking Team breach and coding "standards" – take a look at their blog post for more info. They also made clear that this vulnerability is under attack in the wild and that we are looking at a true 0-day here. This changes our priorities – we now put MS16-006 at the top of our list. Take a look at your installations, see if you have Silverlight installed and address the flaw as soon as possible.

Original: The first Patch Tuesday of 2016 turns out to be low in numbers, but broad and packing quite a punch: six of the nine bulletins are rated critical, including the Windows Kernel and Office bulletins. In addition some rather important products are going End-of-Life and get their last patch update today. Microsoft is retiring support for all older browsers on each platform and will from here on only maintain the newest browser on each version of the OS.

Continue reading …

Call For Customer Presentations at RSA Conference 2016!

RSA Conference Presentation in Qualys BoothTell your security story to your peers at RSA Conference 2016 San Francisco!

Qualys is looking for customers excited to talk on security, best practices and case studies leveraging the use of Qualys technologies. Take the stage in the Qualys booth to share your experience with RSA Conference attendees two or three times total during exhibit hall hours on March 1, 2, or 3.

If you would like to be considered as a presenter, please send a title and short abstract for a 20-30 minute presentation to Victoria Venturi at vventuri@qualys.com. The call for presenters is open until January 29, 2016.

RSA Conference 2016 is held at Moscone Convention Center in San Francisco. Qualys will provide accepted presenters with a full conference pass, and pay your airfare and hotel expenses for the conference.

Qualys AssetView New Features

This release of the Qualys Cloud Platform 2.11 includes new features for the Qualys AssetView Service – a service that lets your company search for information across your entire environment, scaling to millions of assets for organizations of all sizes. Qualys AssetView provides search capabilities for multiple data sources in your environment, including data from: Free Inventory with Qualys Cloud Agent, optional VM or PC features of Cloud Agent, and also agentless scan sources.  This feature replaces the Asset Management module in your account once enabled, and can be activated by contacting your Technical Account Manager or Technical Support.

Continue reading …

Qualys WAS 4.5 New Features

As a follow-up to our recent major release Qualys Web Application Scanning (WAS) 4.3 and our last release of WAS 4.4, we have added a few new features, tweaks and clarifications in WAS 4.5 to allow further optimizations of scans as well as deliver some optimizations to Progressive Scanning in particular. Customers can also now receive more comprehensive CSV reporting on their scans. This allows customers to continue to deliver targeted web application security metrics to all the stakeholders while ensuring a successful web application security program meets the protection of all organizational demands.

Continue reading …

Qualys MD 2.8 New Features

Qualys Malware Detection (MD) provides detailed malware infection reports provided along with infected code for remediation on your web applications. The new Qualys MD 2.8 release now allows customers the flexibility of having scans run hourly!

Continue reading …