Back to qualys.com
65 posts

Qualys Policy Compliance Notification: Changes Required for Oracle Assessments

We will be releasing new controls that will require some customers to make changes to their Oracle targets.

For customers that grant granular permissions to allow access to our Oracle assessment capabilities, new CID’s are being released that require additional rights to be granted.  Failure to grant the new rights will result in an error when you assess your Oracle environment.

We are providing advanced notice to give you time to implement these changes.  If you use an account with full read privileges or broader permissions than the minimum privileges recommended in the documentation, you will likely not be affected by this change.

This update will occur no earlier than August 15, 2015 to allow time for updates to your Oracle environment.

Please contact your TAM or technical support if you have any concerns or questions.

Continue reading …

BSI Top 10 in a Nutshell: Patch These Software Packages

The German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik – BSI) is responsible for IT security within the German Federal government. In addition they work on IT security standards for Germany and are moving into a national incident tracking function as well. In December 2014 they published their yearly report summarizing the IT security state in Germany as "critical", with attacks rising, German companies leaking data and exposing their infrastructure to even physical damage. Much of it is due to a 'Digitale Sorglosigkeit', a digital carelessness where the IT industry does not pay attention to avoidable threats.

Continue reading …

Patch Tuesday April 2015

April’s Patch Tuesday continues the 2015 trend of high volume patches. This month we have a full set of 11 patches from Microsoft addressing 26 vulnerabilities.The vulnerabilities affect Windows and Office on both servers and workstations. In addition, Oracle is publishing their quarterly Critical Patch Update fixing 98 vulnerabilities in over 25 software categories, including Java, Oracle RDBMS and MySQL.

Add to that the fixes in Adobe, Mozilla and Google Chrome software that were initiated by the results of the PWN2OWN competition in Vancouver, and every defensive IT security professional will have their work doubled this month.

Continue reading …

Qualys Policy Compliance Notification: Changes Required for Oracle Assessments

We will be releasing new controls that will require some customers to make changes to their Oracle targets.

For customers that grant granular permissions to allow access to our Oracle assessment capabilities, new CID’s are being released that require additional rights to be granted.  Failure to grant the new rights will result in an error when you assess your Oracle environment.

Continue reading …

Patch Tuesday January 2015, 2nd Edition

Every three months Patch Tuesday has a 2nd edition when Oracle publishes their security updates in their considerable software portfolio.

Continue reading …

Oracle CPU October 2014

In the third patch release of the day, after Adobe and Microsoft, Oracle publishes code fixes for 154 distinct vulnerabilities across a large number of product families. Many of the vulnerabilities addressed are of critical nature, allowing the attacker to achieve remote code execution. Due to the large number of patches a precise inventory will be crucial to be able to decide where to patch first.

Continue reading …

October 2014 Patch Tuesday Preview

After a small Patch Tuesday last month we are back to a normal size this month. We are getting nine bulletins with five allowing for Remote Code Execution (RCE), the category that we usually consider the most urgent. RCEs allow the attacker to take control of your machine and execute code on it, usually meaning a piece of malware, a Remote Access Trojan (RAT) or similar.

Continue reading …

Oracle Critical Patch Update July 2014

Oracle released its Critical Patch Update (CPU) for July 2014 with 115 patch updates to a variety of Oracle products. The most critical vulnerabilities fixed by these patches would allow an attacker to take control of the machine that the software is running on – workstation or server.

Continue reading …