Newsroom

USA Media Coverage

WiFi, DDoS Vulnerabilities, Cyber-Attacks Lead Week's Security News

Vulnerabilities in Web application frameworks such as ASP.NET, and a security standard for wireless networks were among the security headlines for the last week of 2011. Read more

Dec 31, 2011

Microsoft Patches Dangerous Web Flaw in Double Time

Denial of service hole closed Read more

Dec 30, 2011

Microsoft Ruins Perfect Record with Out-of-Band Patch

It was so close Read more

Dec 30, 2011

Microsoft Releases MS11-100 for ASP.NET DoS Attack

Microsoft released a security bulletin addressing a flaw in ASP.NET that was disclosed early morning yesterday at the Chaos Communication Congress (CCC) in Berlin. Read more

Dec 29, 2011

Windows 8 Gesture Login: Can Screen Smudges Reveal Your Password?

Microsoft is preparing a new way to log in to tablet PCs by letting users perform gestures on the screen instead of typing in letters and numbers Read more

Dec 23, 2011

2012: Security Predictions for the Future of Mobile, Cloud, Attacks, Data Loss and Big Data

Read more

Dec 21, 2011

Security Holes In Software Decreased This Year, Early Data Shows

The number of vulnerabilities disclosed to the public fell in 2011, as did the proportion of flaws that were exploited. Is secure development paying off? Read more

Dec 20, 2011

App Internet and Mobile Devices to Dive Massive Technology Demands in 2012

The rise of the "app internet" -- in which users' PCs, smartphones and tablets run the business applications - will drive completely different demands from technology next year. Read more

Dec 18, 2011

Microsoft Internet Explorer Will Update Automatically in 2012

Microsoft will no longer wait for users to do the secure thing and manually upgrade their Web browsers. Read more

Dec 16, 2011

Microsoft to Begin Silently Updating IE in 2012

Coming next month, Internet Explorer (IE) users will no longer have to manually upgrade their web browser. Read more

Dec 15, 2011

IBahn, Supplier of Hotel Internet Services, Denies Breach

iBahn, a provider of internet services to some 3,000 hotels worldwide, denied on Thursday a news report that its network was breached by hackers. Read more

Dec 15, 2011

5 Tips for Keeping Your Website and Customer Data Safe During the Holidays

Five tips for online retailers to help them prevent their websites from being hacked and to keep their customer data safe this holiday season and beyond Read more

Dec 15, 2011

Microsoft Gets Silent Upgrade Religion, Will Push IE Auto-Updates

Copies Chrome and follows Firefox to get users onto the newest browser without asking permission Read more

Dec 15, 2011

Silent Updating for Internet Explorer

Microsoft announced that in 2012 Internet Explorer will be updated "silently" to its newest possible version. Read more

Dec 15, 2011

Auto Updates Nudge IE Users Into the Present

Micrsoft's new plan to institute automatic updates for Internet Explorer could finally pull certain users of extremely outdated version into the here and now. Read more

Dec 15, 2011

December Patch Tuesday Fixes Duqu Worm

Microsoft has fixed a major vulnerability exploited by the nasty Duqu Worm with its most recent Patch Tuesday series of security updates, which started rolling out yesterday. Read more

Dec 14, 2011

No BEAST Fix From Microsoft in December Patch Batch

Google, Adobe join Redmond in festive fix barrage Read more

Dec 14, 2011

Microsoft Scratches BEAST Patch at Last Minute, but Fixes Duqu Bug

Admits Duqu-like browser-based attacks possible Read more

Dec 13, 2011

December’s Patch Tuesday is Live, Fixes Three Critical Windows Flaws

December set of Patch Tuesday updates contains a double-digit quantity of security bulletins. Read more

Dec 13, 2011

Microsoft fixes Duqu hole, but not BEAST problem

Microsoft has finally patched a flaw being exploited by the Duqu Trojan, but a fix to protect Internet Explorer users from having their encrypted communications snooped on didn't quite make the cut. Read more

Dec 13, 2011

Microsoft’s 13 Decemeber Security Bulletins

Microsoft released 13 security bulletins Read more

Dec 13, 2011

Microsoft Patch Fest Includes Duqu Vulnerability

Security patches next week should address multiple critical vulnerabilities. Adobe will fix a Reader flaw being actively exploited to attack defense firms. Read more

Dec 9, 2011

December's Patch Tuesday to Contain a Heavy 14 Bulletins

Today Microsoft released the outline for December’s Patch Tuesday event Read more

Dec 8, 2011

Merry Christmas! Microsoft Plans Massive Patch Tuesday to Close 2011

Microsoft is playing Scrooge this year for any IT admins who were hoping to relax and ride out the rest of the year. Read more

Dec 8, 2011

Fourteen Security Bulletins for Microsoft's 'Patch Tuesday'

Microsoft said Thursday that system administrators would have fourteen security bulletins to manage next Tuesday, three of which are critical. Read more

Dec 8, 2011

Patch Tuesday Preview for December

Expect 14 security updates from Microsoft Tuesday -- three of them for critical vulnerabilities. Read more

Dec 8, 2011

Qualys Partners with Multi-State Information Sharing and Analysis Center

Qualys has recently entered a partnership agreement with Multi-State Information Sharing and Analysis Center (MS-ISAC). Read more

Dec 7, 2011

QualysGuard Web Application Scanning

Mike Shema, Director of Engineering at Qualys, offers insight into the latest release of QualysGuard WAS. Read more

Dec 7, 2011

Qualys Enhances Web Application Scanning Tool, Partners with MS-ISAC

Software-as-a-Service (SaaS) security solutions vendor Qualys, today announced updates to its QualysGuard Web Application Scanning suite, including the ability to integrate with Selenium Read more

Dec 6, 2011

RSA Security Lapse Led to March Hack, says Researcher

Exploit targeted Windows XP machines that didn't have DEP switched on Read more

Dec 5, 2011

RSA Exploit Victims Likely Used Windows XP

Windows' Data Execution Prevention on Windows 7 would have stopped the SecureID breach, reports Qualys researcher. Read more

Dec 1, 2011

Researcher: DEP Would Have Stopped Exploit Used in RSA Breach

Qualys research says EMC RSA phishing victims likely were running Windows XP Read more

Nov 30, 2011

Hackers Launch Millions of Java Exploits, Says Microsoft

Hackers continue to launch attacks exploiting vulnerabilities in Oracle's Java software in record numbers, Microsoft said Monday. Read more

Nov 29, 2011

Apache Reverse Proxy Flaw Opens Door to Internal Networks

Apache has confirmed the existence of a new reverse proxy vulnerability after it was discovered by Prutha Parikh, a security researcher with Qualys Read more

Nov 28, 2011

Criminals Sabotaging Cyber Monday, Security Experts Warn

Fake UPS notices, bogus Groupon coupons, raft of other tactics deployed by bad guys Read more

Nov 28, 2011

Apache Server Hit by Reverse Proxy

Dangerous flaw puts internal Web servers at risk, but there is a fix in the works. Read more

Nov 28, 2011

Unpatched Apache Reverse Proxy Flaw Allows Access to Internal Network

A yet-to-be-patched flaw discovered in the Apache HTTP server allows attackers to access protected resources on the internal network if some rewrite rules are not defined properly. Read more

Nov 25, 2011

Enterprises Struggle to Update Browser Plug-ins

A back door into businesses Read more

Nov 24, 2011

Apache Developers Scramble to Fix Proxy Flaw

Admins, Nail Down Your Systems Read more

Nov 24, 2011

Free Web Security Tools to Guard Your Business Browser

Using online security measures can be confusing and costly. But there is one easy step you can take right now: Make your browser as secure as possible. Read more

Nov 21, 2011

Finance Veteran Don McCauley Guides Qualys' Rapid Growth

Private Company CFO Finalist: Don McCauley, Qualys Inc. Read more

Nov 18, 2011

Microsoft to Streamline Windows 8's Patch Process

Tweaks to updating, rebooting of patched PCs will improve security, say experts Read more

Nov 15, 2011

Microsoft Patches Critical Windows Bug, But Not Duqu Flaw

Microsoft released a security update to fix one critical and three less serious Windows holes but is still working on a patch for a flaw being exploited by the Duqu Trojan. Read more

Nov 8, 2011

Light Patch Tuesday Features Four Bulletins

For the November Patch Tuesday, Microsoft released four bulletins that fix vulnerabilities targeting Windows. Read more

Nov 8, 2011

Microsoft Patch Snuffs Out Major Worm Potential

Microsoft issued its four expected patches as part of its regular release cycle, including a fix for a potentially serious worm Read more

Nov 8, 2011

Microsoft Releases Four Security Patches, One Critical

Microsoft on Tuesday released four security bulletins as part of its November update, closing the same number of holes and expectedly leaving out a permanent fix for the flaw linked to the Duqu trojan. Read more

Nov 8, 2011

Microsoft Details Duqu Workaround

Patch Tuesday next week won't have a fix for the newly discovered zero-day vulnerability, but Microsoft says it will deliver one as soon as it can. Read more

Nov 4, 2011

Microsoft Issues Temporary Duqu Workaround

Plans 4 Patch Tuesday fixes Read more

Nov 3, 2011

Microsoft to Patch Critical Windows 7 Bug in 'Upside Down' Update Next Week

No sign it will rush emergency update for kernel flaw exploited by Duqu malware Read more

Nov 3, 2011

VDI Security Supports Active Protection Strategies

Organizations are embracing virtual desktop infrastructure (VDI) with the expectation of persistent security enhancements Read more

Nov 1, 2011

6 Deadly Enterprise Security Mistakes

These small, subtle security mistakes can have big data breach consequences. Read more

Oct 27, 2011

Tool Lets Single Laptop Take Down an SSL Server

Yet Another Strike Against SSL Security Read more

Oct 25, 2011

Risk I/O Partners with Qualys SaaS Platform

Risk I/O announces its partnership with Qualys Read more

Oct 14, 2011

Patch Internet Explorer Now

Security experts are virtually unanimous that patching Internet Explorer should be priority one. Read more

Oct 12, 2011

The SSL Certificate Industry Can and Should Be Replaced

Moxie Marlinspike has just the plan to revolutionize SSL certificate security Read more

Oct 12, 2011

Microsoft’s October 2011 Patch Tuesday Fixes 23 Flaws, Releases SIRv11

Microsoft released eight security bulletins today, patching 23 vulnerabilities across its product line Read more

Oct 11, 2011

Your Patch Tuesday Update, October 2011

Microsoft issued eight security bulletins today that include patches for 23 vulnerabilities. Read more

Oct 11, 2011

IE Security Hole Sewn up for Patch Tuesday

Microsoft is planning eight security updates next week – two critical – as part of its regular Patch Tuesday programme. Read more

Oct 7, 2011

Critical Updates Coming from Microsoft Next Week

Next Tuesday is a moderate month in terms of patch volume, but the couple that are rated as Critical should be addressed quickly to prevent exploits. Read more

Oct 6, 2011

Manulife Outsources VM Scanning

A growing number of organizations are using vulnerability management (VM) solutions to scan their networks for weaknesses and assist with updating and remediation processes. Read more

Oct 5, 2011

Facebook Enlists Websense for Neighborhood Watch

Boffins propose an alternative to security certificates Read more

Oct 4, 2011

Adobe: Crashing 100 Million Machines Not an Option

Zero-day vulns get 6,000 man-hours of testing Read more

Oct 3, 2011

SSL Labs Launches Two Convergence Notaries

Guest blog from Qualys Director of Engineering Ivan Ristic Read more

Sep 30, 2011

Qualys Endorses Alternative to Crappy SSL System

Moxie Marlinspike's Convergence gets show of support Read more

Sep 30, 2011

New SSL Alternative: Support Grows for Convergence

Convergence, Moxie Marlinspike's crowdsourced approach to improving SSL security, wins fans. But Google's still not on board. Read more

Sep 30, 2011

Experts Suggest SSL Changes to Keep BEAST at Bay

Google protected. PayPal? Not so much Read more

Sep 23, 2011

Patch Tuesday, Financial Cyber-Crime, APT Lead Week's Security News

A recap of the past week's IT security news features Patch Tuesday updates from Microsoft and Adobe, financial cyber-crime trends and discussions of APTs against enterprises. Read more

Sep 19, 2011

Hackers break SSL encryption used by millions of sites

Beware of BEAST decrypting secret PayPal cookies Read more

Sep 19, 2011

Microsoft and Adobe Issue Patch Tuesday Updates

Microsoft and Adobe take aim at DigiNotar in latest round of patch updates Read more

Sep 14, 2011

Microsoft, Adobe Patch Vulnerabilities

Microsoft patches 15 important vulnerabilities, Adobe update fixes critical Reader and Acrobat vulnerabilities, and multiple vendors block more DigiNotar-related certificates. Read more

Sep 14, 2011

Microsoft Patches 15 Flaws, Blacklists Additional DigiNotar Certificates

Microsoft issued five security bulletins for its September 2011 Patch Tuesday, addressing 15 vulnerabilities in Windows and Office. Read more

Sep 13, 2011

Microsoft's Full Monty: Five security bulletins, 15 vulnerabilities

Microsoft just pushed out its September security update to address some 15 vulnerabilities in Windows and Office. Here's the full breakdown from Microsoft, followed by additional guidance from security vendors Qualys and Symantec: Read more

Sep 13, 2011

Microsoft patches 15 bugs, nukes more SSL certificates

Officially ships security updates four days after leaking detailed info Read more

Sep 13, 2011

Microsoft Fixes Excel, Office Flaws During September Patch Tuesday Update

Microsoft's September Patch Tuesday release had no "critical" patches for the first time in a long time. Read more

Sep 13, 2011

Microsoft Fixes Office, Excel Flaws In 'Non-Critical' Patch Tuesday Release

Microsoft (NSDQ:MSFT) issued a modest patch load for its September Patch Tuesday release, but coupled the security bulletin with yet another update blacklisting more fraudulent DigiNotar SSL certificates. Read more

Sep 13, 2011

Microsoft, Adobe release scheduled security patches

Microsoft on Tuesday released five security bulletins, along with an update revoking six more DigiNotar certificates, while Adobe issued critical updates for Reader and Acrobat. Read more

Sep 13, 2011

MS inadvertently offers early peep at September patches

Kimono hastily snatched closed again 'til Tuesday Read more

Sep 12, 2011

Microsoft posts security bulletins 4 days early, scrambles to fix mistake

Each month, there is a clearly defined process Microsoft uses to release security patches to fix flaws in Windows and its other products. On a Thursday, Microsoft releases an advance notification, listing the software affected by the upcoming patches and the type of threat fixed ... Read more

Sep 9, 2011

Office and Windows fixes star in quiet Patch Tuesday

No criticals for once among the backdoor plugs Read more

Sep 9, 2011

Microsoft Patch Tuesday Update Contains No Critical Fixes

Microsoft (NSDQ:MSFT) is planning to issue a light five patches for its September Patch Tuesday, in a release that doesn’t include any critical updates, according to the company’s advanced notification bulletin Thursday. Read more

Sep 8, 2011

Cloud Control

You want your cloud provider to share security risk. Your provider wants to limit its liability. The result is a negotiation. Here's what CFOs should know to gain the upper hand. Read more

Sep 8, 2011

Certificate hacks: PKI didn't fail us, humans did

After latest attack, GlobalSign stopped issuing SSL certificates. But the real problem is that few pay attention to warnings anyway Read more

Sep 8, 2011

Advanced persistent threats call for a reality check

Continued hype surrounding the topic of so-called advanced persistent threats (APTs) is causing alarm and confusion as to what an APT actually is. Read more

Sep 7, 2011

Comodo Hacker Takes Credit For Massive DigiNotar Hack

Even as the number of rogue digital certificates skyrockets to more than 500 -- with some spoofing major domains -- overall impact so far has mostly been minimal outside of Iran, experts say Read more

Sep 6, 2011

Qualys offers tool to spot server DDoS weaknesses

Security company Qualys is offering a tool admins can use to work out how vulnerable their servers might be to simple but often hard-to-detect a types of DDoS attack that exploit vulnerabilities in the design of HTTP. Read more

Aug 30, 2011

Slow HTTP DoS vulnerability test tool

Slow HTTP DoS attacks rely on the fact that the HTTP protocol, by design, requires requests to be completely received by the server before they are processed. Read more

Aug 29, 2011

Slow HTTP DoS vulnerability test tool

Slow HTTP DoS attacks rely on the fact that the HTTP protocol, by design, requires requests to be completely received by the server before they are processed. Read more

Aug 29, 2011

Researcher To Release Free ‘Slow HTTP Attack’ Tool – Dark Reading

‘Slowhttptest’ could be expanded to test for so-called “ApacheKiller” hack. Slow HTTP attacks can be a lethal form of denial of service to Web servers: they are easy to perform and require minimal computing resources, and they are tough to detect until it’s too late. So a researcher is releasing a new open-source tool he wrote that checks a server’s vulnerability to such an attack. Read more

Aug 25, 2011

Researcher To Release Free 'Slow HTTP Attack' Tool

Slow HTTP attacks can be a lethal form of denial of service to Web servers: they are easy to perform and require minimal computing resources, and they are tough to detect until it's too late. So a researcher is releasing a new open-source tool he wrote that checks a server's vulnerability to such an attack Read more

Aug 25, 2011

Next generation security as a service

The new UI for the QualysGuard IT Security and Compliance SaaS Suite features interactive dashboards, streamlined workflows, actionable menus and filters with improved visual feedback, making it easier for customers to utilize the comprehensive services in the QualysGuard Suite. Read more

Aug 25, 2011

Hackers could reverse-engineer Microsoft patches to create DoS attacks

The security company Qualys this week demonstrated how to reverse-engineer a Microsoft patch in order to launch a denial-of-service attack on Windows DNS Server. Read more

Aug 24, 2011

Hackers could reverse-engineer Microsoft patches to create DoS attacks

The security company Qualys this week demonstrated how to reverse-engineer a Microsoft patch in order to launch a denial-of-service attack on Windows DNS Server. Read more

Aug 24, 2011

Microsoft patches reverse-engineered to create DoS attack

Security vendor Qualys this week demonstrated how it reverse-engineered a Microsoft (NASDAQ: MSFT) patch to successfully create a denial-of-service attack against a Windows DNS server. Read more

Aug 24, 2011

Hackers could reverse-engineer Microsoft patches to create DoS attacks

The security company Qualys this week demonstrated how to reverse-engineer a Microsoft patch in order to launch a denial-of-service attack on Windows DNS Server. Read more

Aug 24, 2011

Improper SSL Implementations Leave Websites Wide Open to Attack

Improper configuration is rendering SSL nearly useless as organizations are transmitting sensitive information online without any security. Security researchers are buzzing about the flaws in the Secure Sockets Layer system and the fact that a significant portion of the Internet is vulnerable to attack. Read more

Aug 17, 2011

The SSL Implementation Equation

Many SSL servers aren't as secure as you'd think, according to new data from Qualys' SSL Labs. Only about one-fifth of SSL websites actually redirect to SSL for authentication, according to new data released at Black Hat USA last week. Read more

Aug 11, 2011

Microsoft Fixes 22 Flaws in August Patch Tuesday

Microsoft released 13 patches addressing issues in the Windows operating system, Internet Explorer, Office and its development tools. - Microsoft released 13 security bulletins addressing 22 unique vulnerabilities for its August Patch Tuesday update. Read more

Aug 9, 2011

Your Microsoft Patch Tuesday update for August 2011

Qualys - Today Microsoft released 13 security updates, which we are considering a normal workload for the heavier Patch Tuesdays every other month. Read more

Aug 9, 2011

Microsoft patches Ping of Death bug in Windows

Patch Tuesday also brings Internet Explorer, Office fixes - Microsoft has issued 13 security updates that patched 22 vulnerabilities in Internet Explorer, Windows, Office and other software, including one that harked back two decades to something dubbed "Ping of Death.".. Read more

Aug 9, 2011

Microsoft patches 1990s-era 'Ping of Death'

Also plugs critical holes in IE9, Windows' DNS service in 22-fix collection - Microsoft today issued 13 security updates that patched 22 vulnerabilities in Internet Explorer, Windows, Office and other software, including one that harked back two decades to something dubbed "Ping of Death." Read more

Aug 9, 2011

Microsoft Security Patch Fixes 20-Year-Old Flaw

Microsoft today issued 13 security updates that patched 22 vulnerabilities in Internet Explorer, Windows, Office and other software, including one that harked back two decades to something dubbed "Ping of Death." Read more

Aug 9, 2011

Microsoft releases 13 security bulletins, fixes 22 vulnerabilities

Today Microsoft released 13 security bulletins, two rated Critical, nine Important and two Moderate. Read more

Aug 9, 2011

Hefty Microsoft August Patch Delivers 13 Security Fixes

The August patch is a bulky one as Microsoft released 13 fixes today. The two "critical," nine "important" and two "moderate" items are targeted at 22 vulnerabilities. Read more

Aug 9, 2011

Microsoft expects Internet Explorer exploits within 30 days

Patch Tuesday features 13 patches for 22 vulnerabilities - Microsoft's monthly patches released today include a critical fix for seven holes in Internet Explorer which, if left unpatched, are considered "likely to see reliable exploits developed within the next 30 days." Read more

Aug 9, 2011

IT administrators labor with 13 Microsoft security bulletins in August

IT administrators will need their Labor Day break after struggling with 13 security bulletins covering a broad range of Microsoft platforms, to be released on Tuesday. Read more

Aug 8, 2011

Microsoft Offers $250,000 in BlueHat Prizes for Security Technology

Microsoft announced the Blue Hat contest to encourage researchers to develop runtime mitigation technologies to prevent attackers from exploiting memory vulnerabilities. Read more

Aug 8, 2011

Most SSL Sites Vulnerable

SSL certificates and encryption are supposed to protect websites and users, but there is a catch. Read more

Aug 8, 2011

DefCon Kids Guides Young Hackers to Do Good

Children 8 to 16 were welcomed for the first time ever at the DefCon hackers conference Read more

Aug 8, 2011

Products of the Week

Our round-up of intriguing new products from Radiant Logic, Beyond Trust, Qualys among others. -- QualysGuard Web Application Scanning (WAS) 2.0 Read more

Aug 8, 2011

Photos show the cultural difference between Black Hat and Defcon hacker events

Black Hat: Philippe Courtot started Qualys a decade ago to focus on cloud security. Read more

Aug 7, 2011

Microsoft preps 13 updates for August Patch Tuesday alert print comment tweet Unloads baker's dozen after quiet July

Microsoft is fuelling up 13 bulletins for release next week, including an update that guards against critical flaws in Internet Explorer. Another "critical" bulletin affects Windows server operating systems, and addresses a code-execution risk on unpatched systems. Read more

Aug 5, 2011

Microsoft to Fix 22 Software Flaws in Its August Patch Tuesday Update

Microsoft will fix bugs in Internet Explorer, desktop and server editions of Windows and Visio for August Patch Tuesday. Read more

Aug 5, 2011

Web application security on a new level

Qualys announced QualysGuard WAS 2.0, enabling organizations to leverage the power and scalability of the cloud to discover, catalogue and scan large numbers of web applications. Read more

Aug 4, 2011

Virtualized scanners and report customization for security assessment

Qualys announced a new edition of the QualysGuard Consultant service, featuring virtualized scanner appliances (vScanners) and a report customization module. Read more

Aug 4, 2011

Context-Based Web UI Ushers in Qualys' New SaaS Platform

Qualys showcased its new UI Read more

Aug 3, 2011

Black Hat 2011: Attack vectors, vulnerabilities and malware analysis

Rodrigo Branco, director of vulnerability and malware research at Qualys Inc. talks about vulnerabilities, malware sophistication and whether the move to cloud-based services will change the way cybercriminals conduct attacks. Read more

Aug 3, 2011

Qualys Announces UI For VM Services, Upgrades Web Application Scanning Service

Qualys has announced a new user interface to streamline management of its QualysGuard suite of vulnerability management and compliance software-as-a-service (SaaS) offerings. Read more

Aug 3, 2011

Qualys Announces User Interface For Vulnerability Management Services

Compliance software-as-a-service vendor also upgrades its Web application scanning service. Read more

Aug 3, 2011

Oracle Issues Substantial Critical Patch Update with 78 Security Fixes

Oracle is fixing 78 security flaws across scores of its product in its latest critical patch update Read more

Jul 21, 2011

Oracle Patches 78 Vulnerabilities in July

Oracle is out this week with its July critical patch update (CPU) Read more

Jul 21, 2011

Bug Warnings: Vendor Security Bulletins Unclear

Adobe, Apple, and Oracle have been slammed by security experts for a lack of information, transparency, and clarity in security bulletins. Read more

Jul 15, 2011

Microsoft Squashes Bluetooth Bug

Patch Tuesday sees 22 Microsoft vulnerabilities fixed, while Mozilla pushes a Mac-only Firefox update. Read more

Jul 13, 2011

Microsoft Warns of Critical Security Hole in Bluetooth Stack

Microsoft today shipped four security bulletins with patches for 22 serious security flaws and called special attention to a vulnerability in the Windows Bluetooth stack Read more

Jul 12, 2011

Microsoft Fixes 22 Vulnerabilities

In today's Patch Tuesday, Microsoft released 4 bulletins addressing vulnerabilities affecting Windows and Office. Read more

Jul 12, 2011

Microsoft Patch Tuesday to Fix 22 Vulnerabilities, One Critical

Microsoft is preparing to release four security updates for patching 22 vulnerabilities affecting its Windows and Visio 2003 platforms. Read more

Jul 11, 2011

Microsoft to Issue 'Light' Four-Patch Update Tuesday

Microsoft plans to release a relatively light patch load for its upcoming Patch Tuesday Read more

Jul 7, 2011

Critical Update for Windows 7 Coming Tuesday

Qualys' Amol Sarwate discusses the highest priority update Read more

Jul 7, 2011

How to Fight Back Against a Cyber Attack

How are cyber attacks attacks carried out, what are the real risks, and what companies can do to protect themselves Read more

Jul 6, 2011

Striving for Better Information Security Intelligence

Turning big data from a threat into an opportunity Read more

Jul 1, 2011

SQL Injection Most Dangerous Software Error

SANS is out this week with its annual CWE/SANS Top 25 Most Dangerous Software Errors Report for 2011. Read more

Jun 29, 2011

Are All of Your Company's Browsers Up to Date?

Keeping browsers up-to-date isn't always as easy as it should be. Today, Qualys is expanding that effort with the BrowserCheck Business Edition Read more

Jun 27, 2011

Dell SecureWorks Cooperates with Qualys for VMS

SecureWorks signed a strategic partnership deal with Qualys Read more

Jun 23, 2011

New SMB Browser Tool Hunts Down Insecure Plugins

Qualys has invited small businesses to sign up to use a free online tool that can scan browsers for out-of-date versions and plugins that might be putting users at risk. Read more

Jun 21, 2011

Do You Know Where Your Security Holes Are?

Qualys and McAfee lead the way in six-vendor test of automated tools that scan and report on vulnerabilities Read more

Jun 20, 2011

Qualys Unveils BrowserCheck Business Edition

Qualys has just announced a Business Edition of their free BrowserCheck web browser vulnerability assessment tool Read more

Jun 20, 2011

Qualys Extends Free BrowserCheck Service to Businesses

Qualys has extended its free BrowserCheck service into the business space, adding a number of extra features to the browser service for IT security admins. Read more

Jun 20, 2011

A Tool to Help Secure Your Browser

A new free tool for consumers from Qualys called BrowserCheck helps secure your browser Read more

Jun 15, 2011

Patch Tuesday - Microsoft hits 34 vulnerabilities in 16 bulletins

Microsoft has released 16 security bulletins for the month of June Read more

Jun 15, 2011

How To Prioritize Microsoft Patch Bonanza

Patch Tuesday weighed in as a doozy, but IT administrators also face fixes for major bugs in Acrobat, Flash, Java, and more. Here's expert advice on what's most key. Read more

Jun 15, 2011

MS Patch Tuesday: Gaping holes haunt Internet Explorer browser

Guest Post by Wolfgang Kandek, CTO for Qualys Read more

Jun 14, 2011

Microsoft Patches 34 Vulnerabilities

Microsoft released 16 bulletins addressing 34 vulnerabilities in Microsoft Windows, Microsoft Office, Internet Explorer, .NET, SQL, Visual Studio, Silverlight, VML and ISA. Read more

Jun 14, 2011

Microsoft Issues 16 Bulletins, 9 Critical Including SMB, IE Fixes

Microsoft unleashed 16 bulletins on June’s Patch Tuesday, issuing major operating system repairs and addressing other serious coding errors across its product line. Read more

Jun 14, 2011

Adobe Fixes 36 Critical Bugs in Quarterly Security Update

As part of its regularly scheduled quarterly security updates, Adobe patches its Reader, Acrobat, Shockwave and Flash products. Read more

Jun 14, 2011

Microsoft Fixes 24 Bugs in June Patch Tuesday

Microsoft fixed 24 bugs in June’s Patch Tuesday release, closing critical security holes in Internet Explorer, Windows and Excel with nine rated as “critical.” Read more

Jun 14, 2011

Microsoft 'Patch Tuesday' Fixes 24 Flaws in 16 Updates

IT administrators will have their hands full this month Read more

Jun 14, 2011

Patch Tuesday Sees 16 Fixes

Microsoft's June Patch Tuesday was released Tuesday to address 34 vulnerabilities in 16 bulletins Read more

Jun 14, 2011

Your Patch Tuesday Update

The latest on Microsoft's June 2011 Security Update, based on what the vendors are saying Read more

Jun 14, 2011

Microsoft Patches Critical IE9, Windows Bugs

Fixes 34 flaws, including multiple 'drive-by' vulnerabilities, in host of products Read more

Jun 14, 2011

Just in Time for Father's Day - Some Microsoft Patch Tuesday Overtime for IT Administrators

On Tuesday, Microsoft will release 16 security bulletins patching 34 flaws, including nine critical vulnerabilities, just days before Father’s Day. Read more

Jun 13, 2011

Brace Yourself for a Big Patch Tuesday

Whether you're an IT admin in charge of deploying Windows updates across your firm's entire department or simply a home user with a Windows rig or three, prepare yourself for what's coming tomorrow. Read more

Jun 13, 2011

Patch Tuesday: Fixing Critical Vulnerabilities

It's looking like a busy summer for systems administrators Read more

Jun 12, 2011

Microsoft Patch Tuesday To Address 34 Security Risks

The next Patch Tuesday will include a whopping 34 fixes, including critical vulnerabilities in all versions of Microsoft Windows, Internet Explorer, and Excel. Read more

Jun 10, 2011

MS Lines up Bumper Patch Tuesday

Microsoft is preparing a bumper Patch Tuesday for next week, with 16 security bulletins that collectively address 34 vulnerabilities. Read more

Jun 10, 2011

Adobe Preps Quarterly Security Update for Reader, Acrobat

Adobe will release its quarterly update to address security vulnerabilities in all versions of Reader and Acrobat. Read more

Jun 10, 2011

Patch Tuesday Will Be Busy for IT Pros

Microsoft's regular monthly advance security bulletin was released as expected Thursday, and from the look of things, June will be a busy one for Windows IT pros. Read more

Jun 9, 2011

Microsoft Planning 16 Fixes for Patch Tuesday

Windows IT pros can expect a really busy June if the advance notification for this month's security update is any indication. Read more

Jun 9, 2011

Oracle Updates Java for Security

This week Oracle released a Critical Patch Update (CPU) for Java, fixing 17 security flaws in Java SE. Read more

Jun 9, 2011

Microsoft Plans 16 Security Bulletins for June's Patch Tuesday

Microsoft will release 16 bulletins next week to fix 34 security vulnerabilities in all versions of Windows, Excel, Internet Explorer and SQL Server. Read more

Jun 9, 2011

Microsoft Planning 16 Fixes for Patch Tuesday

Windows IT pros can expect a really busy June if the advance notification for this month's security update is any indication. Read more

Jun 9, 2011

Qualys Recertifies Its Cloud Computing FDCC Auditing Service

QualysGuard streamlines process of meeting FDCC compliance and USGCB Read more

Jun 8, 2011

Web Security: Why You Should Always Use HTTPS

The importance of HTTPS and encrypting traffic to your browser Read more

May 31, 2011

Is MacDefender Malware a Sign of the Macpocalypse?

There is a new world order. MacDefender, and subsequently MacGuard, demonstrate that the inherent security by obscurity of the Mac is fading, and that attackers are looking at the bigger picture. Read more

May 27, 2011

Microsoft Patches Critical Server Flaw, Revises Index

Microsoft issued two bulletins this week, one critical, repairing a serious vulnerability affecting its server line. Read more

May 11, 2011

Microsoft Patches Critical Windows Vulnerability

The software maker also tweaked its exploitability index, which predicts the likelihood that vulnerabilities will soon be compromised. Read more

May 11, 2011

Modest Patch Tuesday Batch Tackles Windows and Office Issues

Includes critical WINS component update Read more

May 11, 2011

Microsoft's May 2011 Security Update

Microsoft released its May 2011 security update: Two bulletins covering three vulnerabilities. Read more

May 10, 2011

Microsoft Releases Patch Tuesday Fixes for Windows Server and PowerPoint

Microsoft fixed bugs in the WINS name server resolution protocol and a file format vulnerability in PowerPoint for its May Patch Tuesday. Read more

May 10, 2011

Wall Street Journal Leak Site Works on Security Fixes

The Wall Street Journal's SafeHouse web site, which invites whistle-blowers to submit tips and documents, addresses security problems Read more

May 6, 2011

Patch Tuesday Will Be Light, with Only Two Vulnerabilities

After April's backbreaking Patch Tuesday, May's version will be light, with only two security bulletins. Read more

May 6, 2011

Microsoft Gives IT Admins a Break for May Patch Tuesday

Microsoft is only planning to release two new security bulletins for the May Patch Tuesday next week. Read more

May 5, 2011

How Web Security Will Change with HTML5

Qualys' Mike Shema discusses the changes with HTML5 and what they mean for web security Read more

Apr 29, 2011

One-Fourth of SSL Websites Are at Risk

Many sites haven't applied patches for well-known 'renegotiation' flaw Read more

Apr 21, 2011

Adobe Updates Acrobat, Reader to Guard Against Flash Zero-Day

Adobe is once again releasing software updates to address a zero-day vulnerability in Adobe Flash. Read more

Apr 21, 2011

Microsoft April 2011 Security Update is Live

Microsoft released its April 2011 security update a few minutes ago Read more

Apr 12, 2011

Microsoft Delivers Monster Security Update for Windows, IE

Experts urge everyone to patch SMB bug pronto before hackers release another Conficker-style worm Read more

Apr 12, 2011

Breaking Dawn Attack: How To Avoid Getting Bit

A new attack is spreading its way across Facebook, targeting fans of the epic vampire series Twilight. Read more

Apr 12, 2011

Prepare for Microsoft's Mammoth Patch Tuesday

Mammoth. That's the word that most accurately describes what Microsoft has in store for this Patch Tuesday. Read more

Apr 8, 2011

Record Patch Tuesday with 17-Bulletin Bumper Crop

Microsoft is lining up a record equaling 17 security bulletins Read more

Apr 8, 2011

Microsoft to Ship Record Updates for April Patch Tuesday

Bulletins address a record of 64 vulnerabilities Read more

Apr 8, 2011

Microsoft to Fix 64 Flaws on Patch Tuesday Next Week

Microsoft is set to fix a bumper crop of 64 vulnerabilities Read more

Apr 8, 2011

Microsoft Preps 17 Security Bulletins For Patch Tuesday

Microsoft plans to release 17 security bulletins next week to address 64 vulnerabilities across several products, including Windows and Internet Explorer. Read more

Apr 7, 2011

Microsoft Releases 17 Patches in April, 9 Critical

Microsoft's "Patch Tuesday" bug fixes were a relatively light load for security professionals to deal with in March but that seems to have been only a momentary lull. Read more

Apr 7, 2011

Epsilon Data Breach: Expect a Surge in Spear Phishing Attacks

Epsilon--the largest distributor of permission-based email in the world--revealed that millions of individual email addresses were exposed in an attack on its servers. Read more

Apr 4, 2011

Epsilon Data Breach Paves Way for Phishing, Security Pros Warn

As the list of companies affected by the Epsilon e-mail breach continues to grow, security professionals are warning that the public should expect to see an onslaught of targeted phishing attacks. Read more

Apr 4, 2011

Epsilon Breach a Treasure Trove for Phishing Attacks

While the Epsilon data breach differs from other recent breaches in that there are no credit card numbers, social security numbers or corporate secrets, the threat of phishing attacks is all too real. Read more

Apr 4, 2011

Getting Rid of Scareware

Don't wait until you get hit by scareware. Prevention is always the best cure. Read more

Apr 2, 2011

LizaMoon Attack: What You Need to Know

A little information and common sense are all you need to make sure that LizaMoon is nothing more than a minor annoyance. Read more

Apr 1, 2011

New Vulnerabilities Are on the Rise

According to a new report from IBM (NYSE:IBM), 2010 was a good year -- for new security vulnerabilities. Read more

Mar 31, 2011

Qualys Partners with StopBadware

Qualys is partnering with the non-profit anti-malware organization StopBadware. Read more

Mar 29, 2011

Qualys Joins with StopBadware to Fight Malware on the Internet

The two organizations will leverage one another’s strengths to improve the web’s collective defenses against malware. Read more

Mar 29, 2011

Experts Weigh in on Comodo SSL Certificate Fraud

Reactions are running rampant after security firm Comodo revealed it was tricked into issuing rogue digital certificates Read more

Mar 24, 2011

How Secure is Your Browser

Video coverage of Qualys CTO Wolfgang Kandek on the state of browser security. Read more

Mar 22, 2011

IronBee Versus ModSecurity

The difference between ModSecurity and IronBee Read more

Mar 16, 2011

Hackers Exploit Flash Zero-Day, Adobe Confirms

Plans to patch Flash, Reader next week, but cites Reader X's sandbox as reason why it won't update newest version Read more

Mar 14, 2011

Adobe Promises Flash, Acrobat and Reader Fix for Zero-Day Bug

Adobe issued a security bulletin about a critical vulnerability that could compromise user systems and promised a fix next week. Read more

Mar 14, 2011

Report: Internet Explorer Used to Exploit Windows MHTML Vulnerability

A vulnerability in the way Internet Explorer parses MHTML content is now targeting users as part of a "drive-by" browser attack. Read more

Mar 13, 2011

Patch Tuesday Unleashes Three Bulletins

Microsoft has announced that it has issued three bulletins to fix four vulnerabilities in Microsoft Windows and Office as part of March's Patch Tuesday. Read more

Mar 10, 2011

Microsoft Patches Four Vulnerabilities in Windows and Office

Today Microsoft released three security bulletins: one is rated Critical and two are rated Important. Read more

Mar 8, 2011

Microsoft Patch Tuesday Leaves MHTML Bug Unchecked

Microsoft issued three security bulletins, addressing two critical vulnerabilities Read more

Mar 8, 2011

Microsoft Issues Security Bulletins for Vulnerabilities in Windows, Office

Microsoft has issued three security bulletins, one rated "critical" and two "important" Read more

Mar 8, 2011

Microsoft Patches Critical Windows Drive-by Bug

Microsoft today shipped three security updates that patched four vulnerabilities in Windows and Office, but did not patch IE ahead of the Pwn2Own hacking contest that begins Wednesday. Read more

Mar 8, 2011

Microsoft Warns of Windows Media Video Attacks

Hackers could use malicious video files to take over Windows computers Read more

Mar 8, 2011

Microsoft Fixes Critical Windows Hole, Others

Microsoft today released three bulletins fixing four vulnerabilities in Windows and Microsoft Office, including one that is rated "critical" for Windows XP, Vista, and Windows 7. Read more: http://news.cnet.com/8301-27080_3-20040672-245.html#ixzz1G3Z1wGBK Read more

Mar 8, 2011

Microsoft's March 2011 Security Update

Quick update on the patch bundle Microsoft released a short time ago Read more

Mar 8, 2011

Qualys Unveils IronBee Open Source Web Application Firewall

One of the most compelling (and arguably overlooked) bits of news from last month's RSA Conference was the arrival of IronBee Read more

Mar 2, 2011

What is the WAF? IronBee Wants To Be the WAF Standard

How's your WAF? What you don't have one? You probably should. Read more

Feb 28, 2011

80% of Browsers Have Known Vulnerabilities

Most problems are caused by insecure plug-ins, such as Java, Adobe Reader, QuickTime, and Flash, finds Qualys. Read more

Feb 23, 2011

Qualys Launches Open Source Web App Firewall Project

Qualys last week unveiled IronBee Read more

Feb 22, 2011

Most Users Leave Web Browsers Open to Cyberattack

Most people don't keep Web browsers secure, according to new report Read more

Feb 18, 2011

4 in 5 Surfers Open to Browser Exploits from Fixed Flaws

Patchy patches provide pretty paltry protection Read more

Feb 18, 2011

Open Source Report from RSA 2011

Open source is alive and well in the security industry Read more

Feb 18, 2011

Most Vulnerable Browser Plugin? Think Java, not Flash

Adobe's Flash has a reputation for requiring regular security updates, but the sleeper vulnerabilities in browsers may be in Java. Read more

Feb 18, 2011

RSA: Java is the Most Vulnerable Browser Plug-in

Are your browser plug-ins up-to-date? Read more

Feb 17, 2011

Bulk of Browsers Found to Be at Risk of Attack

About 80% of browsers and their plug-ins need updating, says researcher. Read more

Feb 17, 2011

Researcher: 80 Percent of Browsers Need Updating

80 percent of Web browsers run by consumers are vulnerable to exploits of already-patched bugs Read more

Feb 17, 2011

Qualys Releases Report on Faulty Browser Plugins

Qualys's BrowserCheck tool, released last summer, reports on any security problems with your browser. A new report, released Wednesday, shows the most vulnerable plugins. Read more

Feb 16, 2011

Virtualized Software-Based Scanner Appliances Introduced by Qualys

Qualys introduces virtualized software-based scanner appliances for QualysGuard Read more

Feb 16, 2011

Qualys Announces Security-as-a-Service Platform

The new Qualys security-as-a-service platform offers an integrated framework with new functionality in all Qualys security and compliance applications Read more

Feb 16, 2011

Qualys Starts an Open Source WAF Project

IronBee open sourced, community under construction Read more

Feb 16, 2011

Open Source Web Application Firewall Unveiled by Qualys

Next-generation of WAF technology will be provided by a new open source project, IronBee. Read more

Feb 16, 2011

Sun Java by Far the Most Vulnerable Plug-in

oday at the RSA Conference in San Francisco, Qualys CTO Wolfgang Kandek presented research which clearly shows that browser security is alarmingly bad. Read more

Feb 16, 2011

Open Source Web Firewall Launched by Qualys

Qualys has set out its alternative vision based on building a new generation using open source development. Read more

Feb 16, 2011

Best Vulnerability Management Tool

Winner: Qualys for QualysGuard Vulnerability Management Read more

Feb 15, 2011

IronBee Open Source WAF Project Launches

Web Application Firewall (WAF) technology is seen by many as a much needed technology for Web application security. Read more

Feb 15, 2011

Best SME Security Solution

Winner: Qualys for QualysGuard Express Read more

Feb 15, 2011

Free e-Book: Web Application Security for Dummies

New e-book helps readers understand web application security - including how to find and fix vulnerabilities Read more

Feb 15, 2011

Security: Latest Network Forensics Products Keep Tireless Watch for Malware Threats

At the RSA Conference in San Francisco Feb. 14-18, a number of networking companies are shining the spotlight on network forensics and packet analysis. Read more

Feb 15, 2011

Qualys Revamps Managed Security Platform with Java Back-End

Qualys unveiled its second-generation security-as-a-service platform that uses Java and a number of open-source technologies. The company also announced a new open-source application firewall project. Read more

Feb 14, 2011

Security: RSA Conference 11 Products to Watch

There are more than 450 expo vendors showing wares or hawking programs at the 20th annual RSA Conference now underway in San Francisco. Read more

Feb 14, 2011

Web Application Scanning on a New Level

QualysGuard WAS 2.0 enhancements to help customers catalog web applications on a global scale and scan them for vulnerabilities that can lead to exploitation. Read more

Feb 14, 2011

Qualys Debuts Its Next Generation Security-as-a-Service

For a decade, Philippe Courtot, chairman and chief executive of Qualys, has been singing the praises of cloud-based security. Read more

Feb 14, 2011

RSA Conference 2011: Cloud Security Challenges Dominate

Security in the cloud is a hot topic, so it's no surprise that RSA Conference 2011 in San Francisco Feb. 14-18 will feature a number of sessions devoted to the issue. Read more

Feb 10, 2011

Microsoft Security Fixes Arrive With More Vulnerabilities

Computer security looks more and more like a game of Whac-A-Mole. Read more

Feb 8, 2011

ZDI Releases Details on Five Unpatched Microsoft Flaws

The Tipping Point Zero Day Initiative released details on 25 vulnerabilities this week Read more

Feb 8, 2011

How to Prioritize Microsoft Patch Tuesday

Following a very light Patch Tuesday in January which left a number of exposed zero-day vulnerabilities unpatched, Microsoft is bouncing back with 12 security bulletins for February. Read more

Feb 8, 2011

Microsoft to Patch Three Zero Day Vulnerabilities

Tuesday will bring 22 fixes from Microsoft, as well as Adobe patches for Acrobat and Reader Read more

Feb 7, 2011

Zero-Day Update Duo to Star in Upcoming Patch Tuesday Update

But MHTML Fix Remains MIA Read more

Feb 4, 2011

Your Patch Tuesday Preview

Analysis on Microsoft's February security update by Qualys CTO Wolfgang Kandek Read more

Feb 3, 2011

Microsoft to Seal 22 Security Holes This Month

Next week's Patch Tuesday will address 22 vulnerabilities, three of which are critical Read more

Feb 3, 2011

Microsoft Offers FixIt Tool to Address Newest Vulnerability

New tool mitigates issue behind new vulnerability that impacts nearly all supported versions of Windows Read more

Jan 31, 2011

Microsoft: Exploit Published for Windows Flaw

Hackers have published instructions for attacking a previously unknown security hole in all versions of Windows Read more

Jan 28, 2011

Attack Code Surfaces for New Windows MHTML Zero-Day Vulnerability

Vulnerability could be exploited if a victim clicks on a malicious link in a website Read more

Jan 28, 2011

Windows Vulnerable to Zero-Day XSS Attacks

Advisory addresses flaw in the MHTML protocol handler which opens all versions of Windows to potential cross-site scripting (XSS) attacks. Read more

Jan 28, 2011

Microsoft Warns of New Windows Zero-Day Bug

Only Internet Explorer users at risk; other browsers can't be exploited, say researchers Read more

Jan 28, 2011

Busy Patch Tuesday Sees 16 Microsoft Fixes Coincide with Adobe Security Update Release

IT administrators will find their hands full this month Read more

Jan 13, 2011

Microsoft Patches Critical Windows Drive-by Bug

Also repairs 'DLL load hijacking' flaw in Vista, but leaves several vulnerabilities unfixed Read more

Jan 11, 2011

Cloud Security Alliance Plans RSA Summit

At RSA Conference 2011, CSA will provide updates on progress in several research areas Read more

Jan 10, 2011

Fixes for Two Windows Flaws Coming from Microsoft

Microsoft's first security update of the New Year should be relatively easygoing for administrators Read more

Jan 6, 2011

QualysGuard Integration with BeyondTrust PowerBroker

Customers to use PowerBroker root delegation functionality for authenticated vulnerability and compliance scans on Unix systems Read more

Jan 5, 2011

Qualys Combines QualysGuard Saas Platform with BeyondTrust PowerBroker

Integration enables customers to manage user access and privileges while expanding coverage of security scans Read more

Jan 5, 2011

Developer Best Practices for Protecting Data in the Cloud

Moving data to the cloud means making sure that security is as good or better than your data center. Read more

Jan 5, 2011

Qualys Solutions
Qualys Community
Free Tools & Trials
Free Trial

Nothing to install or download!

1 (800) 745 4355