All Posts

57 posts

Alpine Docker Image Vulnerability (CVE-2019-5021): How to Detect and Fix

A vulnerability affecting the official Alpine Docker images version >=3.3 contains a null password for the root user. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux container that utilize Linux PAM, or some other mechanism that uses the system shadow file as an authentication database, may accept a NULL password for the root user.

Continue reading …

Qualys Cloud Platform (VM, PC) 8.18.2 New Features

This new release of the Qualys Cloud Platform, version 8.18.2.0, includes the new look for the App Picker, new technology support for Unix UDCs, and error code/text for errors that occur during control evaluation.

Continue reading …

Qualys Training Update, April 2019

The Qualys Training team has expanded the AssetView & Threat Protection course, and added two new training series: CertView and Troubleshooting Scanner Appliance Error Codes.

These new additions build on last month’s update, when we introduced the new Vulnerability Management learning path, which takes you from the fundamentals through advanced topics, and ensures you have a complete foundation in Qualys technology.

The Qualys Training team brings you these updates to help you learn quickly how to get the most value from your Qualys subscription. Read on for more detail on what’s new this month.

Continue reading …

Qualys Cloud Platform (VM, PC) 8.18 New Features

This new release of the Qualys Cloud Platform (VM, PC), version 8.18 contains several new features and improvements in Qualys Vulnerability Management and Policy Compliance, which include CertView Vulnerability Scan for EC2 Assets, support for new authentication types to filter vulnerabilities, support for InformixDB authentication and IBM Web Application Server, and 2 new technologies in Policy Compliance.

Continue reading …

Free Training: New Certified Learning Paths

The Qualys Training team is eager to share all of the recent additions to our free training program, as well as provide insight into what is coming in 2019. You can expect to see regular updates as we continue to improve our training offerings!

It is our mission to help Qualys customers and partners become more familiar with the entire portfolio of Qualys Cloud Apps, learn key workflows and adopt best practices. To help guide you, we are creating Learning Paths which take you from fundamentals through advanced topics, and ensure you have a complete foundation in Qualys technology.

Continue reading …

Assess Vulnerabilities, Misconfigurations in AWS Golden AMI Pipelines

Today we’re starting a blog series focused on how to integrate Qualys solutions into DevSecOps for securing cloud infrastructures. In this initial post, we’ll discuss the importance of assessing vulnerabilities and misconfigurations on AWS pipelines.

When developing golden Amazon Machine Images (AMIs), DevOps teams should run continuous and automated checks to eliminate vulnerabilities and misconfigurations in them. It’s a critical security and compliance practice that Qualys recommends its customers adopt. 

To that end, Qualys partnered with Amazon to integrate the AWS Golden Amazon Machine Image Pipeline reference architecture with Qualys scanners for vulnerability and configuration compliance assessment.

The result: Qualys has just published a GitHub repository and documentation for implementing Qualys scanning of instances in a golden AMI pipeline. This will help customers detect and fix critical vulnerabilities and compliance issues in the image creation pipeline, before they reach production environments.

Continue reading …

Qualys Cloud Platform (VM, PC) 8.17 New Features

Qualys Cloud Platform (VM, PC) version 8.17 contains various feature enhancements in Qualys Vulnerability Management and Qualys Policy Compliance. In addition, this release also lowers the time required before pausing or canceling an ongoing scan. Previously, scheduled scans could be cancelled or paused after a minimum of one hour from its start time.

Continue reading …

Qualys Cloud Platform (VM, PC) 8.16 New Features

This new release of the Qualys Cloud Platform (VM, PC), version 8.16, contains several new improvements in Qualys Vulnerability Management and Qualys Policy Compliance, which includes new password security option, increased limit for virtual hosts that can be added to a subscription, added support for Scanning ESXi Hosts on vCenter, and more.

Read on for release highlights.

Continue reading …

Qualys Cloud Platform 8.15.2 New Features

Patch release of Qualys Cloud Platform, version 8.15.2, includes new support for Apache instance auto-discovery in Qualys Policy Compliance.

Policy Compliance

  • Apache Instance Auto-Discovery – This new feature in Qualys PC enables automatic discovery of Apache during compliance scans.  Once one or more apache instances are discovered, the required authentication records are automatically created. We’ve also simplified authentication records for Apache allowing multiple instances to share a single authentication record.  In cases where multiple Apache instances are found, users no longer need to provide separate authentication records for each instance.

Continue reading …

Qualys Cloud Platform 8.15.1 New Features

This new patch release of the Qualys Cloud Platform, version 8.15.1, includes updates to Qualys Vulnerability Management.

Vulnerability Management

  • IP Update Handling for Agents – External IP address for Agents will no longer overwrite previous internal IP address when an internal address is not available during inventory data collection. The previous internal IP will remain as the Agent’s IP until the Agent recollects inventory data.

For more details about the above feature – please review the release notes. Release notes will be posted as soon as they are available on the Qualys Cloud Platform Release Notes page.

Platform release dates will be published on the Qualys Status page when available.