All Posts

14 posts

WordPress Database Reset Plugin Vulnerability (CVE-2020-7047, CVE-2020-7048)

A vulnerability recently disclosed by Wordfence and published as CVE-2020-7047 and CVE-2020-7048 allows an attacker to take over vulnerable WordPress-based websites.

Functionality in the WP Database Reset plugin introduced the vulnerability, which allows any unauthenticated user to reset any table in the database to its initial state when it was installed, deleting all the content in the database.

Continue reading …

Qualys Cloud Platform 2.38 New Features

This release of the Qualys Cloud Platform version 2.38 includes updates and new features for AssetView, Web Application Firewall, and Web Application Scanning, highlights as follows.

Continue reading …

Detecting Apache Struts 2 Namespace RCE: CVE-2018-11776

A new remote code execution vulnerability in Apache Struts 2, CVE-2018-11776, was disclosed yesterday. While this vulnerability does not exist with a default configuration of Struts, it does exist in commonly seen configurations for some Struts plugins.

Update August 24, 2018: A dashboard for this vulnerability is now available to download.

Continue reading …

Qualys Cloud Platform 2.34 New Features

This release of the Qualys Cloud Platform version 2.34 includes updates and new features for Cloud Agent, EC2 Connector, Continuous Monitoring, Security Assessment Questionnaire, Web Application Scanning, and Web Application Firewall, highlights as follows.

Continue reading …

GDPR Is Here: Web App Security Is a Must

With web and mobile apps becoming a preferred vector for data breaches, organizations must include application security in their plans for complying with the EU’s General Data Protection Regulation (GDPR.)

GDPR went into effect in May, imposing strict requirements on millions of businesses worldwide that control and process the personal data of EU residents.

While GDPR makes only a few, vague references to technology, it’s clear that, for compliance, infosec teams must demonstrate that their organizations are doing their best to prevent accidental or malicious misuse of EU residents’ personal data.

Thus, organizations must have a rock-solid security foundation for superior data breach prevention and detection, and web application security has to be a core component of it.

Continue reading …

Qualys Cloud Platform 2.33 New Features

This release of the Qualys Cloud Platform version 2.33 includes the release for CertView, plus updates and new features for AssetView, Cloud Agent, EC2 Connector, Security Assessment Questionnaire, Web Application Scanning, and Web Application Firewall, highlights as follows.  (This posting has been edited to include an update to WAS that is available in a patch release.)

Continue reading …

Qualys Cloud Platform 2.32 New Features

This release of the Qualys Cloud Platform version 2.32 includes updates and new features for AssetView, EC2 Connector, File Integrity Monitoring, Indication of Compromise, Security Assessment Questionnaire, Web Application Scanning, and Web Application Firewall, highlights as follows.  (Post updated 3/23 to include new FIM features for this release.)

Continue reading …

Countdown to GDPR: For GDPR Compliance, Web App Security Is a Must

With web and mobile apps becoming a preferred vector for data breaches, organizations must include application security in their plans for complying with the EU’s General Data Protection Regulation (GDPR.)

First discussed in the 1990s and turned into law in 2016, GDPR goes into effect in May of this year, imposing strict requirements on millions of businesses and subjecting violators to severe penalties.

The complex regulation applies to any organization worldwide — not just in Europe — that controls and processes the data of EU citizens, whose privacy the GDPR is meant to protect. Fines are stiff, including up to 4 percent of an organization’s annual revenue, or €20 million, whichever is higher.

While GDPR makes only a few, vague references to technology requirements for compliance, it stresses that data “controllers” and “processors” must safeguard customer information by implementing “appropriate technical and organisational measures.”

The regulation also highlights the need for organizations to have in place secure IT networks and systems that can “resist, at a given level of confidence, accidental events or unlawful or malicious actions.”

Continue reading …

Qualys Cloud Platform 2.31 New Features

This release of the Qualys Cloud Platform version 2.31 includes updates and new features for AssetView, Cloud Agent, EC2 Connector, Web Application Scanning, Web Application Firewall, and Security Assessment Questionnaire, highlights as follows.

Continue reading …

Qualys Cloud Platform 2.30 New Features

This release of the Qualys Cloud Platform version 2.30 includes updates and new features for Cloud Agent, EC2 Connector, Web Application Scanning, Web Application Firewall, and Security Assessment Questionnaire, highlights as follows.  (This posting has been updated on 9/6/2017 and 10/25/2017 to reflect new feature capabilities in the release, as noted below.)

Continue reading …