All Posts

58 posts

Qualys Cloud Platform 8.21.6 New Features

The upcoming release of the Qualys Cloud Platform (VM, PC), version 8.21.6, will include several new features in Qualys Cloud Platform, Vulnerability Management, and Policy Compliance. 8.21.6 will also add support for multiple technologies in Qualys Policy Compliance.

This release is scheduled to go live across the shared platforms starting November 15, 2019.

Continue reading …

Graboid: Revenge of the Worms

This week saw news of self-propagating worms in the container landscape to perform unsanctioned computation tasks such as cryptojacking. This blog post is intended for Qualys customers and partners to understand how such container attacks work, provide security best practice recommendations & walkthrough related Qualys product portfolio functionality.

Continue reading …

Qualys Cloud Platform 8.21.2 New Features

This new release of the Qualys Cloud Platform (VM, PC), version 8.21.2, includes Virtual Scanner Appliance support for Alibaba Cloud Compute, scheduling of EC2 scans with no scannable EC2 assets in Asset Tags in Qualys Vulnerability Management, expanded support for instance discovery and auto record creation in Qualys Policy Compliance, compliance support for Oracle 19c, and more.

Continue reading …

Assess Vulnerabilities, Misconfigurations in CI/CD Pipeline

After the publication of Golden AMI Pipeline integration with Qualys, some Qualys customers reached out asking how to integrate Qualys Vulnerability Management scanning into other types of CI/CD Pipelines. To answer these questions, we’ve published the new guide, Assess Vulnerabilities and Misconfiguration in CI/CD Pipelines.

Continue reading …

Qualys Cloud Platform 8.21.2 New Features

The upcoming release of the Qualys Cloud Platform (VM, PC), version 8.21.2, includes several new features in Qualys Cloud Platform and support for multiple technologies in Qualys Policy Compliance. The 8.21.2 release is scheduled to go live on 16th Sept, 2019.

See full 8.21.2 new features blog post for additional details on this release.

Continue reading …

September 2019 Patch Tuesday – 79 Vulns, 17 Critical, Remote Desktop Client, SharePoint, Exploited PrivEsc

This month’s Microsoft Patch Tuesday addresses 79 vulnerabilities with 17 of them labeled as Critical. Of the 17 Critical vulns, 8 are for scripting engines and browsers, 4 are for the Remote Desktop Client, and 3 are for SharePoint. In addition, Microsoft has again patched a critical vulnerability in LNK files, along with a vuln in Azure DevOps / TFS. Adobe has also released patches for Flash and Application Manager.

Update: Following Patch Tuesday, Microsoft updated the entries for CVE-2019-1214 and CVE-2019-1215 to remove the “exploited” label.

Continue reading …

Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability – (CVE-2019-12643)

Cisco published an update for Cisco IOS XE operating system to patch a critical vulnerability that could allow a remote attacker to bypass authentication on devices running an outdated version of Cisco REST API virtual service container.

The security issue is tracked as CVE-2019-12643 and has received a maximum severity rating score of 10 based on CVSS v3 Scoring system.

Continue reading …

Qualys Cloud Platform (VM, PC) 8.21 New Features

This new release of the Qualys Cloud Platform (VM, PC), version 8.21, adds new technologies and platforms, and support for scanning ESXi hosts on vCenter for vulnerabilities.

Continue reading …

Qualys Cloud Platform (VM, PC) 8.20.1 New Features

This new release of the Qualys Cloud Platform (VM, PC), version 8.20.1, includes support for new technologies and platforms, addition of new technology for Windows UDCs as well as an update in an existing option name (“Scan agent hosts in my target”) in the Launch Vulnerability Scan page.

Continue reading …

Qualys Cloud Platform (VM, PC) 8.20 New Features

This new release of the Qualys Cloud Platform (VM, PC), version 8.20, includes several new features in Qualys Cloud Platform and additional support for multiple technologies in Qualys Policy Compliance.

Continue reading …