Back to qualys.com
430 posts

QSC18 Day 1 Takeaway: Continuous Transformation Demands Continuous Security

The first day of Qualys Security Conference 2018 was a big one. Both CEO Philippe Courtot and Qualys chief product officer Sumedh Thakar detailed the challenges faced by many of today’s enterprises when it comes to the growth of cloud and the complexity of their hybrid environments. And they shared their visions of the road ahead on how enterprises can find ways to effectively manage their cloud environments and digital transformation efforts ahead.

A big theme of the day was how cloud security brings complexity and lack of visibility into modern environments.

Additionally, Qualys VP of engineering Dilip Bachwani provided a look at how the Qualys Cloud Platform is built to scale and perform; Jimmy Graham spoke on obtaining real-time vulnerability management, and attendees learned how to better secure their cloud deployments, containers, and web applications.

Continue reading …

QSC18: The Need for Security Visibility in the Age of Digital Transformation

Enterprises are moving full steam ahead when it comes to their digital transformation efforts. They’ve aggressively adopted cloud infrastructure and other cloud services, IoT, application containers, serverless functionality, and other technologies that are helping their organization to drive forward.

Those organizations that are way down the road in their digital transformation efforts say that they’ve witnessed improved business decision-making – both when it comes to making better decisions and when it comes to making those decisions more rapidly. They also say that they’ve improved their customer relationships by delivering an improved customer digital experience.

So it’s time to celebrate and declare digital victory, right?

Hold off before we book the band and order the champagne for the big party. In fact, those who want to move forward securely and confidently in their risk and regulatory compliance postures have some challenges ahead.

Continue reading …

Bluetooth Chip Bugs Affect Enterprise Wi-Fi, as Hackers Exploit Cisco 0-Day

In this latest roundup of cyber security news, we look at serious Bluetooth chip-level bugs, a zero-day vulnerability on Cisco software, a raft of Apple security fixes, and a massive customer data breach at Cathay Pacific.

Enterprise Wi-Fi access points vulnerable to Bluetooth bug

A pair of critical Bluetooth bugs could make popular wireless access points used in many enterprises vulnerable to breaches.

The critical vulnerabilities reside in Bluetooth Low Energy (BLE) chips from Texas Instruments which are present in Wi-Fi access points from Cisco, Cisco Meraki and Aruba.

Dubbed Bleedingbit, the bugs were discovered by researchers from Armis and disclosed last week.

If exploited, the vulnerabilities could allow unauthenticated attackers to stealthily break into enterprise networks, take over access points, spread malware, and move laterally across network segments.

The first vulnerability affects TI BLE chips cc2640 and cc2650, used in Cisco and Cisco Meraki Wi-Fi access points. The second bug impacts the Aruba Wi-Fi access point Series 300 with TI BLE chip cc2540 and its use of TI’s over-the-air firmware download (OAD) feature.

“These vulnerabilities are a sharp reminder that we need to ensure the security of the infrastructure we employ to support IoT devices is not undermined by those IoT devices or the protocols that support them,” Brian Honan, CEO at BH Consulting, told Help Net Security.

To exploit either vulnerability, an attacker would have to physically be within Bluetooth range of the targeted access point. TI, Cisco, Cisco Meraki and Aruba have all responded with patches, mitigations and information.

Continue reading …

Don’t Overlook Qualys Malware Detection

Cyber criminals are constantly looking for opportunities to infect legitimate websites with malware.  They can use infected websites to cryptomine, steal data, hijack systems, deface pages, and do other damage to harm a company’s reputation and impact their users. This can result in lost revenue, and regulatory fines, and potentially drive customers away.

SiteLock researchers recently reported that a website is attacked on average almost 60 times per day, and that 1% of all websites — about 19 million globally — carry malware at any point in time.  Those often include websites from large, well-known companies. For example, Newegg, British Airways and Ticketmaster all recently fell prey to the Magecart credit card skimming malware.

It’s clear that anti-virus software, firewalls, and other prevention tools are not enough to defend against the steady stream of ever-evolving malware.  Even if a company’s website is secure from external attackers, this does not mean the website is safe from infection from third-party content providers or advertising used on the website.

Firewalls aren’t infallible, and neither are AV products.  Perhaps most frustrating of all is that despite years of awareness training, employees still inadvertently click on malicious links and attachments, John Delaroderie, a Qualys Security Solutions Architect, said recently at Microsoft Ignite 2018.

“That’s why you need a superhero sidekick on your team — to find this malware, root it out at the source, and keep your website safe,” he said.

Continue reading …

Threat Hunting: Adoption, Expertise Grow, but Work Remains

Threat hunting, an often misunderstood but powerful security practice, is gaining traction, as more organizations reap benefits from it and get better at it. However, there is still a lot of room for adoption to increase and for practices to improve.

Those were key findings from the SANS Institute’s 2018 threat hunting study, which experts from SANS, Qualys and other companies discussed recently in the two-part webcast “Threat Hunting Is a Process, Not a Thing.”

“Over the past two to three years, threat hunting has been moving from a ‘What is it?’ discussion into a more formal mentality of: ‘This is what it is. Am I doing it right?’,” said Rob Lee, a SANS instructor. “But we’re still in a transition.”

For starters, there’s still considerable confusion about what threat hunting is. For example, it’s very common for many to equate it with reactive practices such as incident response. Rather, threat hunting is by definition proactive. It assumes that the organization’s prevention defenses have been bypassed, and the IT environment breached, without any alerts being triggered.

Using threat intelligence analysis and other tactics, hunters formulate and act on a hypothesis about where the intruders are likely to be lurking in silence while pursuing their nefarious goals.

Continue reading …

Apple, Amazon in a Tussle with Bloomberg over Spy Chips Report

In our latest security news digest, we delve into the brouhaha over Chinese spy chips, check out the latest in Facebook’s investigation of its recent hack, and look at Google’s controversial decision to delay disclosing a potential data breach.

Bloomberg’s spy chip report stuns tech industry, then draws skepticism

The hyperactive cyber security news cycle reached another intensity level when Bloomberg reported the presence of Chinese spy chips in servers used by Apple, Amazon and other major U.S. companies. But did the global news agency get the story right?

Citing numerous anonymous sources, Bloomberg stated that China surreptitiously modified server hardware and embedded tiny chips in motherboards to snoop on about 30 large American businesses.

The Chinese government reportedly did this by tampering with parts built in China by suppliers of Supermicro, a U.S.-based Fortune 1000 designer and maker of servers.

“In Supermicro, China’s spies appear to have found a perfect conduit for what U.S. officials now describe as the most significant supply chain attack known to have been carried out against American companies,” Bloomberg’s article reads.

But Bloomberg, which doubled-down on the original article with a follow-up, has become part of the story, as more and more parties question the accuracy of its bombshell reports.

Continue reading …

Qualys Broadens Security Offerings for Azure

Qualys is expanding its security and compliance capabilities for Microsoft Azure, by adding protection for the on-premises Azure Stack and extending capabilities for public cloud deployments.

By using Qualys’ platform to defend hybrid IT environments, organizations get a unified view of their security posture, and can apply the same standards and processes on premises and in clouds.

“The advantages of doing so all within a single pane of glass is to reduce your total cost of ownership, and to have all the data in one place,” Hari Srinivasan, a Qualys Director of Product Management, said during a presentation at Microsoft’s Ignite 2018 conference.

That way, when a major attack like WannaCry is unleashed, organizations can quickly assess their risk and take action from a single console, instead of scrambling to assemble fragmented information from siloed tools.

Read on to learn more about Qualys’ comprehensive offerings for Azure.

Continue reading …

Stronger Security with Global IT Asset Inventory

On a Friday afternoon before a long holiday weekend, a company’s security operations center receives a potentially serious alert: It appears that a domain controller has been tampered with. After examining event logs and overlaying network traffic, a SOC analyst confirms that a suspicious system did in fact connect to the controller, extracted credentials, and performed other actions. 

Worried this could be a hacker, the SOC team spends hours doing network analysis. Eventually they determine it’s a false alarm: An administrator had logged into the network to check his email with his personal laptop, whose use the company had authorized a month before.

Why did it take the SOC team so long to solve this mystery? They lacked a comprehensive IT asset inventory that would have allowed them to either quickly find that laptop on a list of devices owned by employees and approved for work use, or else determine it was a rogue device.

This hypothetical incident shows the importance of a continuously updated IT asset inventory, which would have slashed the SOC’s investigation time, and made a big difference if instead there had been an attack, according to security experts from SANS Institute and from Qualys.

Continue reading …

Hackers Exploit Facebook Bug, As Twitter DMs (Maybe) Got Misrouted

In our latest security news digest, we check out the Facebook hack heard ’round the world, a Twitter bug that rattled users but may not amount to much, and a pair of serious Linux kernel vulnerabilities.

Facebook scrambles to investigate major breach affecting tens of millions of users

The cyber security world shook on Friday upon learning that attackers exploited a software flaw on Facebook that allowed them to obtain access tokens for 50 million accounts, with another 40 million accounts possibly also affected.

Equally or even more concerning: The purloined tokens could have been used to access accounts in other websites into which their users log in with their Facebook credentials, such as Spotify and AirBnB.

Facebook inadvertently introduced the bug in July of last year. After investigating unusual activity detected in mid-September of this year, Facebook discovered the attack last week.

The attack has made global headlines since its disclosure on Sept. 28, and has naturally drawn scrutiny from security experts, government regulators, Facebook users, and industry observers.

“It’s surprising to me that as popular as Facebook is, no white hat hacker ever discovered and reported this flaw in the past, neither an external pen tester nor Facebook’s internal IT security team,” Paul Bischoff, privacy advocate with Comparitech, told Dark Reading.

Continue reading …

Qualys Helps Consultants, MSPs Deliver World-Class Security Services To Mid-Size Customers

With the newly available Qualys Consulting Edition, consultants and MSPs can now individually manage their mid-market client networks, keeping data separate and organized. This lets them offer their clients tailored, personalized services, with valuable insights and recommendations for threat prevention, detection, and response.

The solution’s flexibility allows consultants to customize the deployment and setup for each client’s unique environment. It’s all based on the highly-scalable Qualys Cloud Platform, which is trusted by many of the world’s largest businesses and service providers.

Continue reading …