Qualys Blog

On Wednesday, the Samba Team patched a vulnerability that exists in all versions of Samba including and after version 3.5.0. Exploitation of this vulnerability could result in remote code execution on the affected host.

Samba is used to provide SMB and CIFS services for Linux systems, and is pervasive in both enterprise and consumer products. While the Samba Team is providing patches for the latest versions (4.4.x and higher), some Linux vendors, such as RedHat and Ubuntu, are providing patches for older versions of Samba if they are used in a supported version of the OS. The Samba Team may also release patches for older versions of Samba.

Continue reading …

On Friday, a hacker group known as The Shadow Brokers publicly released a large number of functional exploit tools. Several of these tools make use of zero-day vulnerabilities, most of which are in Microsoft Windows. Exploiting these vulnerabilities in many cases leads to remote code execution and full system access.

Both end-of-support and current Windows versions are impacted, including Windows 2003, XP, Vista, 7, 2008, 8, and 2012. Microsoft has released patches for each vulnerability across all supported platforms, but will not be releasing patches for end-of-support versions of Windows. It is highly recommended that any end-of-support Windows systems be replaced or isolated, as these systems will often be impacted by new vulnerabilities, without the availability of a patch.

For zero-day vulnerabilities in Operating Systems, you can use your existing asset inventory information from Qualys AssetView, and search for any OS to determine how many vulnerable assets are deployed. This can be done without additional scanning if the data is relatively fresh.

Continue reading …

A new zero-day vulnerability (CVE-2017-7269) impacting Microsoft IIS 6.0 has been announced with proof-of-concept code. This vulnerability can only be exploited if WebDAV is enabled. IIS 6.0 is a component of Microsoft Windows Server 2003 (including R2.) Microsoft has ended support for Server 2003 on July 14, 2015, which means that this vulnerability will most likely not be patched. It is recommended that these systems be upgraded to a supported platform. The current workaround is to disable the WebDAV Web Service Extension if it is not needed by any web applications.

The Qualys Cloud Platform can help you detect the vulnerability, track and manage Server 2003 Assets, as well as block exploits against web-based vulnerabilities like this one.

Continue reading …

A number of security researchers recently discovered that Dell laptops come pre-installed with an additional root certificate call eDellRoot. Since the private key is also available on the machine this exposes their customers to the risk of a Man-in-the-Middle (MITM) attack. In a MITM attack, the attacker sits on the network between server and client and uses the eDellRoot certificate to intercept and manipulate HTTPS connections. This vulnerability leaves anyone using these Dell laptops at risk for sensitive data exposure and even infections with malicious payload, all under the cover of a trusted connection.

Continue reading …

Here’s a short story about a simple vulnerability that was easy to fix, but nonetheless could have had serious consequences.

Imagine an attacker, who doesn’t even have root access, being able to:

-  Get source code from the community of Pebble watch developers

-  Replace their binaries with malicious ones

-  Deploy the malicious binaries to the developers’ watches when they click the ‘Remote Deployment’ button.

Continue reading …

Would you buy a cellphone with a hardcoded password? Definitely not. I wouldn’t either.

But as is sometimes the case with non-mass-market devices, security can be overlooked in favor of convenience, even if in retrospect it’s clearly a mistake to do so. Fortunately, this story has a happy ending, thanks to responsible disclosure and quick vendor response.

Continue reading …

Cross-Site Request Forgery (CSRF) is an attack that tricks the victim’s browser into executing malicious requests designed by the attacker.  A successful CSRF attack can force the victim’s browser to perform state-changing requests like transferring funds or changing his email address. Clearly these are attacks that need to be prevented.

Continue reading …

Black Hat USA 2014 is one of the most widely attended security conferences of the year and this year there were a number of interesting briefings on a variety of topics such as automotive attack surfaces, POS malware, cloudbots and more. Qualys presented two pieces of research surrounding TSA vulnerabilities as well as hacking physical devices such as keyless cars and home alarm systems.

Continue reading …

Qualys announced today that it has received the Frost & Sullivan Global Market Leadership Award in Vulnerability Management for the third consecutive year. The award is based on independent analysis of the global vulnerability management market, including in-depth interviews with customers, partners and vendors.

“Ultimately, vulnerability management solutions must become as dynamic as the threat environment that they are designed to protect against,” stated Chris Kissel, industry analyst for Frost & Sullivan, in the report. He continued, “Qualys maintains its market leadership because of its strong technology cloud platform, ability to scale, and ease of use and deployment. Also, the company has successfully shown that it can rapidly innovate and deliver new capabilities suitable for customers of all sizes across vertical industries. This adaptability has allowed Qualys to consistently stay ahead in the innovation curve.”

Read the full report or the news release.

Last week, the PostgreSQL Project advised its users of an upcoming security patch for a critical security vulnerability in their database server software. All currently supported versions are affected and the patch will be released on Thursday, April 4th. To our knowledge this is the first time that an Open Source project has pre announced a vulnerability and upcoming patch. We expect the release to fix a Remote Code Execution vulnerability in this popular database engine and recommend all PostgreSQL users to upgrade to a secure version as soon as possible, especially if your database server is connected directly to the Internet. The Shodan search engine currently lists over 30,000 systems that have an accessible PostgreSQL server on the Internet.

Underscoring the severity of the vulnerability is an announcement by Heroku, a popular cloud application platform, that has started forcibly upgrading all of customers’ PostgreSQL installations with the patch.

We will update this post as soon as more information becomes available.