The security landscape is constantly changing, and you need to adopt proactive measures to stay ahead of security breaches by being extremely vigilant about every little change in your environment. In our previous blog, we discussed how you can leverage the ready-to-use monitoring profiles in your CI/CD pipeline to start monitoring your critical system and application files. However, just setting files to monitor isn’t sufficient. You need a layer of ‘real-time detection’ to eliminate all blind spots in your network. Hence, once you are done configuring the “what to monitor” part in your environment, the next step is to configure the correlation rules to generate real-time alerts for changes and create authorized or unauthorized incidents automatically. Receiving instant alerts upon file changes in your network is the next line of defense mechanism for you to mitigate impending loss of data.
In this era of Digital Transformation, microservices are rapidly gaining popularity within continuously deployed systems. Organizations have moved away from the rigid monolithic architectures to more flexible ones that are based on microservices. Lots of organizations handling large amounts of real-time data use microservices such as Kafka and ElasticSearch, mainly due to the operational simplicity and speed of performance that they provide. However, this substantially increases the attack surface because of the exposed APIs and open ports.
Automatically Discover, Prioritize and Remediate Windows Adobe Type Manager Library Remote Code Execution Vulnerability (ADV200006) using Qualys VMDR®
On March 23, Microsoft released zero day advisory ADV200006 to address two critical remote code execution vulnerabilities in Adobe Type Manager Library that affects multiple versions of Windows and Windows Server.
The vulnerabilities exist within the way that Windows parses OpenType fonts. For example, an attacker could convince a user to open a specially crafted document or view it in the Windows Preview pane. Windows Preview pane is used by the Windows Explorer (which is called File Explorer in Windows 10) file manager application to preview pictures, video, and other content. Successful exploitation would require an attacker to convince a user to open a malicious document or visit a malicious page that exploits the WebClient service which is normally listening for WebDAV file shares.
Qualys released a blog post earlier on how to identify ADV200006 in your environment:
Microsoft Released Out-of-Band Advisory – Windows Adobe Type Manager Library Remote Code Execution Vulnerability (ADV200006)
Here we describe how to resolve it with Qualys VMDR®.
The Qualys Cloud Agent can be automatically deployed using any third-party software deployment tools including Microsoft SCCM, Microsoft Intune, Microsoft GPO, HCL BigFix, Dell KACE, and others.
For remote or roaming users, deploying packages using software deployment tools requires that the target system must be able to connect to the deployment management console while on the network or, if remote, using cloud-based console, using a VPN connection, or to allow remote users to access on-premises management console through DMZ or other inbound rules.
This post describes common deployment models and best practices to deploy the Cloud Agent for remote workforce.
IT organizations around the world are responding to the challenge posed by COVID-19 by ensuring that employees are able to work productively from remote locations. As we are experiencing a never–before–seen explosion of remote endpoints connecting to critical assets of the organization, security of these endpoints is on top of the mind of all IT and Security professionals. As we look for ways to secure these endpoints, it is becoming immediately clear that traditional enterprise security solutions deployed inside the organization’s network are completely ineffective in protecting these remote endpoints. The sheer volume of remote endpoints connecting over VPN gateways is already creating a lot of bandwidth pressure, adding large security updates delivered to thousands of endpoints is becoming impractical.
Cyber criminals have been leveraging trending cultural and viral news items that drive interest from millions of individuals as mechanisms to target and distribute malware easily and effectively. In the past, cyber criminals have used topics including international sports championships, celebrity divorces, and political elections to spread their malware.
The Coronavirus (COVID-19) pandemic is the latest vehicle for these types of attacks. The conditions of this pandemic are ripe for wide-scale malware distribution: large geographic base affecting both businesses and consumers, fear and uncertainty on the impact of the virus, and the increased use of social media and person-to-person electronic communications to spread news, information, and opinions.
Last week, a new malware attack focused on these effects. A cyber criminal group created a fake Corona Map application for Windows embedded with information stealing malware that once downloaded and installed by the user starts collecting and sending sensitive data like passwords, credit card numbers, bank accounts, and other sensitive data.
I would like to share Qualys’ response to the heightening coronavirus (COVID-19) outbreak and outline the steps we are taking to ensure continuity of service for our customers and also ensure the health and well-being of our employees.
Qualys has a comprehensive business continuity and emergency response plan in place that is regularly updated and reviewed by executive management. We have conducted a detailed risk assessment of the impact of COVID-19 on our employees and business operations, and at this time we believe that we have the necessary processes in place to continue to effectively deliver on all aspects of our business, including product development, operations and support services.
Continue reading …
Automatically Discover, Prioritize and Remediate Microsoft SMBv3 RCE Vulnerability (CVE-2020-0796) using Qualys VMDR
This month’s Patch Tuesday, Microsoft disclosed a critical “wormable” remote code execution (RCE) vulnerability in Microsoft Server Message Block 3.1.1 (SMBv3) protocol. The exploitation of this vulnerability opens systems up to a ‘wormable’ attack, which means it would be easy to move from victim to victim.
Qualys released a blog post earlier on how to identify SMBv3 vulnerability in your environment:
Microsoft Windows SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796)
Here we describe how to resolve it with Qualys VMDR®.
Risk and compliance management is a multi-faceted domain with concentrated endeavors towards reducing unacceptable risk potential that could disrupt business, or otherwise negatively impact business performance. IT GRC (Governance, Risk and Compliance) comprises many tasks related to business and IT across an entire enterprise. The compliance laws and requirements are put in place to not only protect your business, but also your customers.
The Qualys Cloud Platform, with its expansive solutions, helps you to conform to various regulatory mandates such as HIPAA, SOX, PCI-DSS, Sarbanes-Oxley and so on.