Update January 17, 2020: A new detection in Qualys Web Application Scanning was added. See “Detecting with Qualys WAS” below.

Citrix released a security advisory (CVE-2019-19781) for a remote code execution vulnerability in Citrix Application Delivery Controller (ADC) and Citrix Gateway products. The vulnerability allows an unauthenticated remote attacker to execute arbitrary code on the system. Once exploited, remote attackers could obtain access to private network resources without requiring authentication.

During the week of January 13, attacks on Citrix appliances have intensified. Because of the active attacks and the ease of exploitation, organizations are advised to pay close attention.

Continue reading …

The Qualys Training team is eager to share all of the recent additions to our free training program, as well as provide insight into what is coming in 2019. You can expect to see regular updates as we continue to improve our training offerings!

It is our mission to help Qualys customers and partners become more familiar with the entire portfolio of Qualys Cloud Apps, learn key workflows and adopt best practices. To help guide you, we are creating Learning Paths which take you from fundamentals through advanced topics, and ensure you have a complete foundation in Qualys technology.

Continue reading …