All Posts

1491 posts

Detect Unauthorized Processes Making Changes in Your Environment with Qualys File Integrity Monitoring

With the average cost of a data breach exceeding $3.5 million as per Cost of a Data Breach Report, almost all organizations these days adopt stringent policies in order to safeguard their confidential business and customer information. Strong RBAC-driven systems have certainly made it difficult for attackers to gain unauthorized access. However, malicious programs masked as genuine ones can compromise your environment, sneak their way into your databases, and can even allow unauthorized parties to access and/or view information.

Continue reading …

LibMiner: Container-Based Cryptocurrency Miner Targeting Unprotected Redis Servers

Qualys is actively tracking threats which target containers. In our recent analysis, we have identified a few docker instances executing a malware which we term as “LibMiner”. This malware has the capability to deploy and execute Cryptominer. It uses a unique technique for lateral movement across the containers as well as Linux systems, executing on unprotected Redis servers and initiating mining on them. The malware has the ability to protect its termination, thus making it impossible to gain control over it. This blog post uncovers the unique techniques and tactics used by LibMiner.

Continue reading …

Policy Compliance Library Updates, January 2020

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS and application vendors and other industry best practices.Policy Library

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library every month.

The January release includes 5 CIS Benchmark policies, 4 Qualys Security Configuration and Compliance policies, and 1 DISA STIG policy. Apart from adding a new technology support, it also provides updates to several existing policies in the Qualys Content Library.

Qualys’ Certification Page at CIS has been updated.

Continue reading …

Introducing Periscope: Out-of-Band Vulnerability Detection Mechanism in Qualys WAS

Web applications and REST APIs can be susceptible to a certain class of vulnerabilities that can’t be detected by a traditional HTTP request-response interaction.  These vulnerabilities are challenging to find but provide a way for attackers to target otherwise inaccessible, internal systems.  An attacker can potentially use this to their advantage.  Essentially, a vulnerable application (or API) can be used as a proxy for an attack against a separate internal application, a cloud service, or other protected system.

Continue reading …

Microsoft Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601) – How to Detect and Remediate

Update January 31, 2020: Client testing is now available at clienttest.ssllabs.com.

Update January 15, 2020: Detection dashboard now available.

Today, Microsoft released patch for CVE-2020-0601, aka Curveball, a vulnerability in windows “crypt32.dll” component that could allow attackers to perform spoofing attacks. This was discovered and reported by National Security Agency (NSA) Researchers. The vulnerability affects Windows 10 and Windows Server 2016/2019 systems.

This is a serious vulnerability and patches should be applied immediately. An attacker could exploit this vulnerability by using a spoofed code-signing certificate, meaning an attacker could let you download and install malware that pretended to be something legit, such as software updates, due to the spoofed digital signature. Examples where validation of trust may be impacted include:

  • HTTPS connections
  • Signed files and emails
  • Signed executable code launched as user-mode processes
Exploits/PoC:

There are no reports of active exploitation or PoC available in public domain at this point of time. However, per NSA advisory “Remote exploitation tools will likely be made quickly and widely available.”

Continue reading …

January 2020 Patch Tuesday – 50 Vulns, 8 Critical, Adobe Vulns

This month’s Microsoft Patch Tuesday addresses 50 vulnerabilities with only 8 of them labeled as Critical. Of the 8 Critical vulns, one is for browser and scripting engines, 3 are for .NET Framework and one for ASP.NET. In addition, Microsoft has patched 3 critical RCEs in Remote Desktop Gateway and Remote Desktop Client. Adobe issued patches today for Illustrator CC and Experience Manager.

Continue reading …

Citrix ADC and Gateway Remote Code Execution Vulnerability (CVE-2019-19781)

Update January 17, 2020: A new detection in Qualys Web Application Scanning was added. See “Detecting with Qualys WAS” below.

Citrix released a security advisory (CVE-2019-19781) for a remote code execution vulnerability in Citrix Application Delivery Controller (ADC) and Citrix Gateway products. The vulnerability allows an unauthenticated remote attacker to execute arbitrary code on the system. Once exploited, remote attackers could obtain access to private network resources without requiring authentication.

During the week of January 13, attacks on Citrix appliances have intensified. Because of the active attacks and the ease of exploitation, organizations are advised to pay close attention.

Continue reading …

The New Year Calls for a Change in the OT Industry’s State of Security

In 2014, a Western European steel mill suffered serious damage from a phishing attack that penetrated its IT and Operational Technology (OT) networks (the software and hardware dedicated to monitoring and controlling physical devices) where attackers gained control of plant equipment. In 2018, 74% of OT organizations experienced a data breach. OT is deployed in critical industries like energy, utilities, and oil, and these vulnerabilities can cause ecological damage, negatively impact productivity, and compromise human safety.

Continue reading …

Securing Databases with Qualys Policy Compliance

Data is the most valuable asset that an organization holds, and the most common target for malicious attackers. According to Forbes, in the first six months of 2019, data breach incidents exposed an astounding 4.1 billion records worldwide. Hackers successfully attacked government agencies as well as private corporations, keeping everyone under a constant threat of exploit. Although data breaches are not a new phenomenon anymore, what stood out in this year’s attacks was the sophistication in which these attacks were carried out. Learned users as well as experienced officials fell prey to the traps, resulting in massive information leakage.

Continue reading …

Top 19+ Vulnerability CVEs in Santa’s Dashboard Tracking

A recent report identified 19+ vulnerabilities that should be mitigated by end of year 2019. These are a range of top vulnerabilities attacked and leveraged by Advance Persistent Threat (APT) actors from all parts of the world.

Continue reading …