All Posts

76 posts

Qualys Cloud Platform (VM, PC) 8.20 New Features

This new release of the Qualys Cloud Platform (VM, PC), version 8.20, includes several new features in Qualys Cloud Platform and additional support for multiple technologies in Qualys Policy Compliance.

Continue reading …

Qualys Cloud Platform 2.39 New Features

This release of the Qualys Cloud Platform version 2.39 includes updates and new features for Out-of-Band Configuration Assessment (OCA), Vulnerability Management, and Web Application Scanning, highlights as follows.

Continue reading …

Exim MTA Vulnerability (The Return of the WIZard – CVE-2019-10149)

Last week, Qualys issued a security advisory for a vulnerability we discovered during a code review of Exim. This vulnerability can lead to Remote Command Injection, and is currently being actively attacked in the wild. This blog will show you how to quickly identify assets that are impacted by this vulnerability.

Continue reading …

June 2019 Patch Tuesday – 88 Vulns, 21 Critical, Hyper-V Escape, Adobe Vulns

This month’s Microsoft Patch Tuesday addresses 88 vulnerabilities with 21 of them labeled as Critical. Of the 21 Critical vulns, 17 are for scripting engines and browsers, and 3 are potential hypervisor escapes in Hyper-V. The remaining vulnerability is an RCE in the Microsoft Speech API. Microsoft also issued guidance on Bluetooth Low Energy FIDO keys, HoloLens, and Microsoft Exchange. Adobe issues patches today for Flash, ColdFusion, and Campaign.

Continue reading …

Integrating Threat and Vulnerability Management with Patch Management: The (Feasible) Quantum Leap

The rise of sophisticated attacks combined with the security-skills shortage have driven many organizations to go back to basics and review their processes for vulnerability and patch management. The approach is definitely a winning one, given that shrinking and managing the vulnerability surface makes it harder to target and compromise.

Assessing the attack surface requires strengthening key capabilities, such as increasing visibility across the IT landscape and improving the detection, prioritization and remediation of vulnerabilities at scale. Qualys has been boosting these capabilities for its customers over the last two decades.

Read on to learn how Qualys is addressing enterprises’ patch management challenges with integrated breach prevention that includes its new Patch Management cloud application.

Continue reading …

Boost Security with These Gartner-Recommended Projects

Is your security team struggling to decide which projects will slash risk the most without breaking the bank? If so, we believe your security leaders can end analysis paralysis by perusing Gartner’s “Top 10 Security Projects for 2019” report. As its title states, the report recommends ten security projects for 2019, and the projects selected are supported by technologies available today, address the changing needs of cybersecurity and support what Gartner calls a CARTA (Continuous Adaptive Risk and Trust Assessment) strategic approach through risk prioritization.

Below we highlight five of the projects, provide Gartner’s take, offer our opinion, and explain how Qualys can help you implement them.

Continue reading …

Windows RDP Remote Code Execution Vulnerability (BlueKeep) – How to Detect and Patch

This month’s Microsoft Patch Tuesday included a very high-risk vulnerability (CVE-2019-0708, aka BlueKeep) in Remote Desktop that impacts Windows XP, Windows 7, Server 2003, Server 2008, and Server 2008 R2. This vulnerability allows an unauthenticated attacker (or malware) to execute code on the vulnerable system. It is very likely that PoC code will be published soon, and this may result in a WannaCry-style attack.

Microsoft has not only released patches for Windows 7, Server 2008 & R2, but also has taken the extra step to issue patches for Windows XP and Server 2003. Patch now!

UPDATE: Network Level Authentication (NLA) partially mitigates this vulnerability. QID 90788 (Microsoft Windows Network Level Authentication Disabled) can be used to find hosts that have NLA disabled. This forces the attacker to have valid credentials in order to perform RCE.

UPDATE: A new remote (unauthenticated) check was released under QID 91541. See below for details.

Continue reading …

Verizon’s DBIR Highlights Key Drivers of Security Risk

It’s that time of the year when Verizon updates us on the latest trends in the global threat landscape with its Data Breach Investigations Report (DBIR). The findings in this year’s report are based on data provided by more than 70 sources (including Qualys) about more than 41,000 security incidents, including more than 2,000 confirmed data breaches, across a variety of geographies (over 80 countries) and industries. A privileged observation point indeed.

While the very informative 78-page report touches on a wide range of areas,  I’ll focus on three that are particularly relevant for Qualys customers:

  • Who are hackers’ preferred targets, and why
  • The importance of reducing both the time it takes to discover security problems, such as vulnerabilities or breaches, and the time it takes to fix them
  • How lack of visibility, human error and careless misconfigurations heighten organizations’ security risks

Read on to learn more about the evolution (or is it “EVILution”) of the threat landscape in the past year, and find out about recommended actions.

Continue reading …

May 2019 Patch Tuesday – 79 Vulns, 22 Critical, RDP RCE, MDS Attacks, Adobe Vulns

This month’s Microsoft Patch Tuesday addresses 79 vulnerabilities with 22 of them labeled as Critical. Of the 22 Critical vulns, 18 are for scripting engines and browsers. The remaining 4 are remote code execution (RCE) in Remote Desktop, DHCP Server, GDI+, and Word. Microsoft also released guidance on the recently disclosed Microarchitectural Data Sampling (MDS) techniques, known as ZombieLoad, Fallout, and RIDL. Adobe’s Patch Tuesday includes patches for vulnerabilities in Flash, Acrobat/Reader (83 vulnerabilities!) and Media Encoder.

UPDATE May 15: Microsoft has also issued Remote Desktop patches for Windows XP and Server 2003.

Continue reading …

Ancestry: On the Vanguard of DevOps Security

Grant Johnson, Ancestry’s Director, Risk & Compliance

(This is a guest post by Grant Johnson, Director, Risk & Compliance at Ancestry)

Over the past two years, Ancestry moved its entire applications and data infrastructure from local data centers to Amazon’s cloud, and this required a new approach for managing vulnerabilities in our DevOps pipeline. In the hopes that our insights will help security teams embarking on this path, this article details the challenges we faced and the best practices that helped us succeed, including:

  • the benefits of replacing production AMIs with new ones instead of patching them;
  • the importance of making security an enabler of agile, cloud processes like DevOps;
  • and effective ways to get DevOps team members and senior leaders to buy into your risk reduction strategy.

Read on to learn how, with Qualys’ help, we streamlined and automated vulnerability fixes, resulting in a steep drop in the number of high severity bugs in our production applications.

Continue reading …