All Posts

1480 posts

Policy Compliance Library Updates, December 2019

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS and application vendors and other industry best practices.

Continue reading …

Qualys FIM Profile Library Updates, December 2019

The library of out-of-the-box profiles in Qualys File Integrity Monitoring (FIM), with their preconfigured content, provide a scalable solution to detect and identify critical changes, incidents, and risks resulting from normal as well as malicious events. With the help of these profiles, users can easily track file changes across global systems to comply with the security standards and regulations that are most commonly used and adhered to.

Continue reading …

Announcing New Customer Support Portal and Unified Search

Update Jan 21, 2020: The deployment date has been set for January 25, 2020.

Qualys is rolling out new unified search and an improved online customer support experience, along with Support content integrated directly into Qualys Community. It’s coming on January 25, 2020.

These new features are part of our efforts to enable customer success with an integrated community environment, so you can efficiently: 

  • learn how Qualys products work,  
  • understand best practices, 
  • resolve issues, and 
  • ultimately improve your security and compliance programs.  

They are also part of an effort to improve your experience with Qualys Support, so you can more easily access technical support content, track and update your support cases and feature requests, and get faster case resolution. 

So, what’s new exactly? 

Continue reading …

OpenBSD Local Privilege Escalation Vulnerability (CVE-2019-19726)

Qualys Research Labs discovered a local privilege escalation vulnerability in OpenBSD’s dynamic loader. The vulnerability could allow local users or malicious software to gain full root privileges. OpenBSD developers have confirmed the vulnerability and released security patches in less than 3 hours.

Qualys Research Labs also provided proof-of-concept exploits in the security advisory.

Continue reading …

CVE-2019-11016: Open Redirect Vulnerability

elgg logoEarlier this year the Qualys Web Application Scanning team discovered and reported an open redirect vulnerability (CVE-2019-11016) in Elgg, an open source rapid development framework for socially aware web applications, which the Elgg team promptly fixed.

Versions of the Elgg framework before 1.12.18 and 2.3.x versions before 2.3.11 are vulnerable to open redirect via the $url parameter. An attacker could abuse the functionality by entering a particular path that triggers an open redirect to an attacker-controlled website.

Because this type of vulnerability is not uncommon, QID 150051 in Qualys Web Application Scanning (WAS) was improved to report if this type of open redirect vulnerability is found in a scanned web application.

Continue reading …

December 2019 Patch Tuesday – 36 Vulns, 7 Critical, Actively Attacked Win32k vuln, Adobe vulns

This month’s Patch Tuesday is rather light and addresses 36 vulnerabilities, with only 7 labeled as Critical. Five of the seven Critical vulns are in Git for Visual Studio. The others are for Hyper-V and Win32k. Also, there is one actively attacked “Important” vuln in Win32k. Adobe released patches today covering Acrobat/Reader, ColdFusion, Photoshop, and Brackets.

Continue reading …

OpenBSD Multiple Authentication Vulnerabilities

Multiple authentication vulnerabilities in OpenBSD have been disclosed by Qualys Research Labs. The vulnerabilities are assigned following CVEs: CVE-2019-19522, CVE-2019-19521, CVE-2019-19520, CVE-2019-19519. OpenBSD developers have confirmed the vulnerabilities and also provided a quick response with patches published in less than 40 hours.

Continue reading …

Qualys Cloud Platform 2.42 New Features

This release of the Qualys Cloud Platform version 2.42 includes updates and new features for Web Application Scanning, highlights as follows.

Continue reading …

Streamlining and Automating Compliance

There are seemingly countless regulatory and industry frameworks out there that organizations have to navigate and comply with. SOX (Sarbanes-Oxley), PCI-DSS (Payment Card Industry Data Security Standard), GDPR (General Data Protection Regulation), HIPAA (Health Insurance Portability and Accountability Act), and many others that require maintaining a specified baseline of security. Compliance is a challenge in and of itself, but it is increasingly difficult to maintain compliance with accelerated DevOps lifecycles and complex, hybrid cloud environments.

Continue reading …

Qualys Cloud Platform 8.22 New Features (VM, PC)

Update December 11, 2019: See additional details about this release.

The 8.22.0 release adds several new features in Qualys Cloud Platform, adds a new API in Policy Compliance and support for 2 new technologies for OCA.

Continue reading …