USA Media Coverage

Critical security vulnerability found in Internet Explorer

Learn more about the critical security vulnerability found in Microsoft IE. Read more

Aug 18, 2015

Emergency Zero-Day Internet Explorer Security Fix Released

"Patch as quickly as possible," says Qualys CTO Wolfgang Kandek. Read more

Aug 18, 2015

Cloud security without borders

In this podcast, Qualys CEO Philippe Courtot discusses cloud security without borders. Read more

Aug 17, 2015

Microsoft Pushes Emergency Patch for IE

Wolfgang Kandek, Qualys CTO, comments on an emergency patch for Microsoft IE that is already being exploited by hackers. Read more

Aug 15, 2015

Is Industry 4.0 safe – or will it prove to be a hacker's delight?

Amol Sarwate, Qualys Director of Engineering, comments on how security is becoming a huge worry for the industry IoT. Read more

Aug 14, 2015

Poodle bug afflicts John McAfee SSL start-up

The web server of John McAfee's new company, which will sell SSL certificates used to authenticate two communicating parties online, is vulnerable to the Poodle bug, according to Qualys SSL Labs' domain check. Read more

Aug 13, 2015

Windows 10, Internet Explorer, Office Fixes on Patch Tuesday

Qualys CTO Wolfgang Kandek discusses how Firefox version 39 was under attack through a vulnerability in the built-in PDF reader that lets attackers retrieve files. Read more

Aug 12, 2015

How to bring your patch management up to speed

Qualys CTO Wolfgang Kandek discusses how always-on connectivity and continuous updates are becoming the new norm outside the office, so IT needs to ensure they're doing the same. Read more

Aug 11, 2015

Microsoft patches Windows 10, Edge, 4 critical holes, 2 exploits in the wild

Qualys CTO Wolfgang Kandek discusses the securities bulletins released by Microsoft for August 2015. Read more

Aug 11, 2015

Microsoft Office bug highlights August 2015 Patch Tuesday

According to Qualys CTO Wolfgang Kandek, the most important Patch Tuesday bulletin this month addresses vulnerabilities in Microsoft Office 2007, 2010 and 2013. Read more

Aug 11, 2015

Windows 10 gets its first set of security patches

Windows 10 seems to be off to a solid start as far as being engineered for security, noted Wolfgang Kandek, chief technology officer for IT security firm Qualys. Read more

Aug 11, 2015

Small breaches may be only a tune up for the big show

Philippe Courtot, CEO of Qualys, calls 2015 “the year of the megabreach.” Read more

Aug 11, 2015

Microsoft's August Patch Includes 'Critical' Update for Windows 10

Security firm Qualys' CTO Wolfgang Kandek warns that some users will want to patch right away due to a possible active threat associated with critical vulnerabilities in Microsoft Office. Read more

Aug 11, 2015

Qualys Provides Free Asset Inventory Service for Customers

Qualys is looking to help customers eliminate some of the headaches associated with searching for information within their IT assets with the launch of Qualys AssetView, a free cloud-based asset inventory service. Read more

Aug 7, 2015

IoT Security Flaws Give Hackers Total Smart Control

Qualys Director of Engineering Amol Sarwate on how security vulnerabilities expose risk of hackers taking total control of IoT devices, while connected solutions can send out data for miles. Read more

Aug 7, 2015

How To Look Inside A Cloud

Forbes contributor Adrian Bridgwater discusses the tools via which we can start to look inside cloud computing ‘instances’ and assess their contents, health and performance. Read more

Aug 6, 2015

The Right Approach for a Vulnerability Disclosure Policy

Speaking at RSA Conference 2015, Wolfgang Kandek, Qualys CTO, said 90 days in some cases may not be enough to patch software vulnerabilities because the software code itself may be easy to repair, but changes to the code can also impact the entire infrastructure around the software. Read more

Aug 5, 2015

Qualys Unfurls Free Asset Inventory Service in the Cloud

Qualys announced a free asset inventory service delivered via the cloud based on the same agent software the company uses to deliver security intelligence. Read more

Aug 5, 2015

Qualys offers free IT asset management service for enterprises

Qualys unveils free inventory service that can help organizations keep track of all their computers and virtual machines. Read more

Aug 5, 2015

Windows 10’s Gulf prospects: Win, Win or lose, lose?

Qualys engineering director, Amol Sarwate, is cautiously optimistic about Microsoft's ability to deliver on its goal of secure computing for everyone. Read more

Jul 26, 2015

Four RCE Zero-Day Flaws Plague Internet Explorer: ZDI

“There is not much you can do at the moment, except refrain from using Internet Explorer,” Qualys CTO Wolfgang Kandek commented on the disclosure of the zero-days. Read more

Jul 23, 2015

Reflections on virtualization security and the VENOM vulnerability

In this podcast recorded at Infosecurity Europe 2015, Wolfgang Kandek, CTO at Qualys, talks about the benefits, challenges and security implications of virtualization. Read more

Jul 21, 2015

Encrypted Web and Wi-Fi at risk as RC4 attacks become more practical

“I think even 48 hours is an unreasonable amount of time to expect that a browser will be continuously open and sending over 4,000 requests per second the whole time,” said Ivan Ristic, director of engineering at security vendor Qualys, via email. “If the attack takes longer, it’s even less likely.” Read more

Jul 16, 2015

Windows Server 2003 Died Yesterday and No One Cared

"For anyone who still runs Windows 2003, I hope it is where no one can access it, and they are working on a project to replace those servers," said Wolfgang Kandek, chief technology officer for IT security firm Qualys. Read more

Jul 15, 2015

Patch Tuesday bids au revoir to Windows Server 2003

As a cautionary tale, Kandek points out when Microsoft stopped technical support of Windows XP earlier this year, within two months a significant vulnerability popped up that affected the aging desktop operating system. Read more

Jul 15, 2015

Adobe Flash Woes Prove Steve Jobs Was Right

“Cybercriminals have been doing their own research and have been able to integrate all three zero-day vulnerabilities into the major Exploit Kits exposing the general public to these previously unknown attacks,” explained Wolfgang Kandek, CTO of Qualys. Read more

Jul 14, 2015

Microsoft releases 14 bulletins on Patch Tuesday, ends Windows Server 2003 support

"July is the last month of patches for Windows Server 2003,” Kandek wrote. “Nine of the 14 bulletins affected Windows Server 2003. That is a clear indication that attackers will continue to find issues in Windows 2003 at roughly that rate." Read more

Jul 14, 2015

Microsoft Patch Tuesday says goodbye to Windows Server 2003

“For anyone who still runs Windows 2003, I hope it is where no one can access it, and they are working on a project to replace those servers,” said Wolfgang Kandek, chief technology officer for IT security firm Qualys. Read more

Jul 14, 2015

July 2015 Patch Tuesday: Microsoft and Adobe attack Hacking Team zero-days

Qualys CTO Wolfgang Kandek comments on July's Patch Tuesday. Read more

Jul 14, 2015

July 2015 Patch Tuesday: Microsoft closes holes being exploited in the wild

For July 2015, Microsoft released 14 security bulletins, with four patches rated as "critical" remote code execution (RCE) fixes. At least one of the fixes rated "critical" and some rated as "important" are currently being exploited in the wild. Read more

Jul 14, 2015

MIT's CodePhage helps computers automatically detect, devour their own bugs

Massachusetts Institute of Technology researchers presented a system to detect bugs in programs as they run and repair them by borrowing functionality from other applications. Read more

Jul 10, 2015

OpenSSL Fixes High-Severity, Narrow-Scope Vulnerability

Bug allows attackers to issue invalid certificates, but is difficult to exploit and only affects OpenSSL versions released since last month. Read more

Jul 9, 2015

OpenSSL fixes serious flaw that could enable man-in-the-middle attacks

Ivan Ristic comments on the potential impact of this flaw in the widely used OpenSSL library. Read more

Jul 9, 2015

MIT tests 'software transplants' to fix buggy code

MIT isn't the only organization looking for novel ways to repair vulnerable software. Earlier this year, security vendor Qualys released software that can apply virtual patches to known vulnerabilities, eliminating the need to wait for the software vendor to patch the problem. Read more

Jun 30, 2015

Growing threats make security vulnerability management essential

The number of software vulnerabilities has become overwhelming, and enterprises need to be smart about how they prioritize and address them, according to Qualys CTO Wolfgang Kandek. Read more

Jun 25, 2015

Adobe Flash Player Zero-Day Exploited in Attack Campaign

"The vulnerability lies in the video decoding part of Flash and the exploit shows some signs of sophistication by introducing new techniques in their use of ROP," blogged Qualys CTO Wolfgang Kandek. Read more

Jun 23, 2015

TLS security: What really matters and how to get there

In this podcast recorded at Infosecurity Europe 2015, Ivan Ristic, Director of Engineering at Qualys and lead at SSL Labs, introduces the TLS Maturity Model - conceptual deployment model that describes a journey toward robust TLS security. Read more

Jun 23, 2015

Several Security Bugs Found in GarrettCom Magnum Industrial Switches

Researchers have identified several vulnerabilities in Magnum 6K and Magnum 10K managed ethernet switches produced by Belden GarrettCom. The vendor has released firmware updates to address the security holes. Read more

Jun 17, 2015

Patch Tuesday June 2015

Wolfgang Kandek CTO of Qualys provides commentary on June’s Patch Tuesday. Read more

Jun 15, 2015

Patch Tuesday Sunset Will Be a Mixed Bag for Windows Security

"The bigger installed base for a couple of years to come will be operating systems that need a Patch Tuesday, but we can see its end on the horizon," said Qualys CTO Wolfgang Kandek. Read more

Jun 11, 2015

Patch Tuesday June 2015: 4 of Microsoft's 8 patches close remote code execution holes

Microsoft released eight security bulletins, two rated critical, but four address remote code execution vulnerabilities that an attacker could exploit to take control of a victim's machine. Read more

Jun 10, 2015

Microsoft Releases Critical Security Updates for Internet Explorer, Windows

Microsoft released eight security bulletins today as part of this month's Patch Tuesday, including two critical updates for Windows and Internet Explorer. Read more

Jun 9, 2015

June 2015 Patch Tuesday brings critical IE security fix, Flash update

Microsoft's June 2015 Patch Tuesday features eight bulletins, including a critical update for Internet Explorer and Windows Media Player. Read more

Jun 9, 2015

Microsoft fixes buggy browser

Qualys CTO Wolfgang Kandek, provides commentary on June Patch Tuesday. Read more

Jun 9, 2015

Prioritizing Patch Management Critical to Security

Patch management - two words that are vital to cybersecurity, but that rarely generate enough attention. Read more

Jun 9, 2015

Windows 10: More security with non-stop patching

Wolfgang Kandek, CTO at Qualys, talks about what comes next after the death of Patch Tuesday. Windows 10 encourages the idea of continuous patching, and we learn what that means for individual users and enterprises. Read more

Jun 8, 2015

Qualys CEO discusses cloud computing threats, 'cloud without borders'

Philippe Courtot discusses how enterprises and information security vendors need to start treating malware and threats in the cloud like infectious diseases that can spread across the globe. Read more

Jun 2, 2015

Infosecurity Europe 2015, expo floor

Infosecurity Europe 2015 is underway in London, and infosec companies, experts and customers are crowding the expo floor. Read more

Jun 2, 2015

Secure updates are difficult, but less risky than not patching

Recent malware issues with Lenovo's automatic update system have some worried about the risks associated with automatic updates. Experts say secure update processes are better than ever and result in less risk than waiting to patch vulnerabilities. Read more

May 27, 2015

Interview: Wolfgang Kandek, CTO of Qualys

Wolfgang Kandek discusses new approaches to continuous scanning and monitoring in addition to patching and why it’s important. Read more

May 26, 2015

New Logjam Browser Flaw Puts Web Surfers' Data at Risk

Ivan Ristic, director of engineering at cloud security Relevant Products/Services firm Qualys, told us Logjam is yet another reminder that supporting obsolete cryptography is never a good idea. Read more

May 20, 2015

As Auctions Go Digital, Hackers Set Their Sights On Buyers’ Data

How safe is your information once it's with an auction house? Read more

May 20, 2015

Logjam SSL/TLS Vulnerability Exposes Cryptographic Weakness

The Logjam flaw is due to a vulnerability in the TLS protocol and puts the widely deployed Diffie-Hellman key exchange at risk, exposing Web users and sites. Read more

May 20, 2015

Experts' Opinions Mixed On VENOM Vulnerability

Some say the virtualization vuln could be worse than Heartbleed, while others advise to patch, but don't panic. Read more

May 15, 2015

Product spotlight: Qualys Continuous Monitoring

In this podcast recorded at RSA Conference 2015, Wolfgang Kandek, CTO at Qualys, talks about their Continuous Monitoring (CM) solution for the perimeter. Read more

May 14, 2015

Venom vulnerability: toxic threat or hissing hyperbole?

Wolfgang Kandek, the CTO at Qualys, is equally in no doubt that this is a serious and high profile threat. He reminds us that virtualization adds a layer to the stack, and that's a layer that can come with its own issues. Read more

May 14, 2015

The cybersecurity talent war you don't hear about

Serial entrepreneur Philippe Courtot sees companies like HackerRank and Synack as part of an evolution made possible by the cloud, but he is skeptical about these next-generation recruiting platforms. Read more

May 13, 2015

May Patch Tuesday delivers critical and important fixes

"Attackers have at their disposal a number of exploits for a diverse set of vulnerabilities to adapt to the target’s machine," commented Qualys CTO Wolfgang Kandek. Read more

May 13, 2015

Patch Tuesday Still Alive and Kickin'

Kandek also pointed to attackers exploiting online advertising providers and attaching malicious links. These links are included automatically in unsuspecting Web sites that use the services of their providers. Read more

May 13, 2015

Microsoft fixes 46 flaws in Windows, IE, Office, other products

The priority for administrators should be MS15-043 which fixes 22 vulnerabilities in Internet Explorer, of which 14 are rated critical, said Wolfgang Kandek, the CTO of security firm Qualys. Read more

May 13, 2015

Microsoft patches 30 bugs with 13 bulletins on Patch Tuesday

Microsoft issued 13 bulletins today in possibly one of its last official Patch Tuesday releases. Read more

May 12, 2015

May 2015 Patch Tuesday isn't all about critical patches, experts say

"I cannot remember a similar active year," Kandek said. "Our internal tracking of vulnerability numbers now projects north of 140 advisories for this year, certainly also new record." Read more

May 12, 2015

Microsoft Patches Remote Code Execution Bugs in IE, Font Drivers, Windows Journal

That doesn’t mean the vulnerability parade is likely to let up; Qualys for example, says that the pace of this year’s bulletins and patches has already exceeded each of the last five years and figures to top 150 by year’s end. Read more

May 12, 2015

'Critical' IE Fix Highlights Microsoft's May Patch

This month's security update also includes "critical" bulletins for Windows, Office and .NET Framework. Read more

May 12, 2015

Beginning Of The End For Patch Tuesday

Starting with Windows 10, Microsoft will introduce Windows Update for Business, issuing patches as they're available, instead of once a month. Read more

May 7, 2015

SC Magazine RSA 2015 Courtot Interview

Illena Armstrong, VP editorial for SC Magazine, speaks to Philippe Courtot, CEO of Qualys, about cyber security and privacy in the cloud at the RSA 2015 Conference. Read more

May 5, 2015

Security is a Matter of Public Record, any of us can Become the Source of an Attack

Qualys CEO Philippe Courtot discusses new ways to improve security amid an ever changing IT landscape. Read more

May 5, 2015

Product spotlight: Qualys Web Application Firewall 2.0

In this podcast recorded at RSA Conference 2015, Wolfgang Kandek, CTO at Qualys, talks about the recently announced Qualys Web Application Firewall (WAF) version 2.0, that comes fully integrated with the Qualys Web Application Scanning solution (WAS). Read more

May 4, 2015

Qualys CAP for Continuous Asset, Inventory and Compliance

Read more

Apr 28, 2015

All You Need to Know About the FREAK Vulnerability

Hadi Jaafarwai, managing director of Qualys Middle East discusses the FREAK vulnerability at GISEC 2015. Read more

Apr 28, 2015

The value of patching and how to do it properly

In this podcast, Wolfgang Kandek, CTO at Qualys, talks about the importance of focusing on the right patches for your organization. Read more

Apr 28, 2015

New products of the week 04.27.2015

Qualys Cloud Platform Agent and Qualys WAF 2.0 included in this week's roundup of new products. Read more

Apr 27, 2015

Continuous monitoring of perimeter and internal IT assets

Qualys announced that its popular Qualys Continuous Monitoring (CM) solution for the perimeter now includes internal monitoring capabilities enabling organizations to proactively monitor and get real-time alerts for critical internal IT assets such as desktops, servers and other devices. Read more

Apr 22, 2015

Qualys devises a virtual patch to protect against vulnerabilities

If you can’t wait for that critical patch to secure your system from some just-discovered bug, IT security firm Qualys may have an answer, through new security software that can secure the trouble spot until the patch arrives. Read more

Apr 22, 2015

Qualys Web Application Firewall 2.0 Brings Virtual Patching, Event Response

Qualys today announced the availability of version 2.0 of the company’s Web Application Firewall (WAF). Read more

Apr 21, 2015

Qualys takes step towards complete automation of web app security

Qualys announced Qualys Web Application Firewall (WAF) version 2.0 that comes fully integrated with the Qualys Web Application Scanning solution (WAS). Read more

Apr 21, 2015

Qualys introduces new Web application firewall, cloud agent

Qualys introduced three new offerings at RSA Conference 2015, including an improved Web application firewall and a new cloud agent platform. Read more

Apr 21, 2015

The Web App Security Puzzle

The security industry must outmaneuver hackers. Qualys CISO Jonathan Trull talks about web application security. Read more

Apr 21, 2015

Cloud agent platform for continuous IT asset inventory, security and compliance

Qualys announced the launch of Qualys Cloud Agent Platform (CAP), which extends Qualys’ Cloud Security and Compliance Platform with lightweight agents to continuously assess security and compliance of organizations’ global IT infrastructure and applications. Read more

Apr 21, 2015

CSA, ICS2 introduce new cloud security certification

During his keynote Monday morning, Qualys CEO Philippe Courtot said the security industry needs to do more to encourage education and training for cloud security. Read more

Apr 20, 2015

Making the Case for Cloud Security in Government

The top 4 reasons that governments should consider adopting cloud security solutions. Read more

Apr 16, 2015

Microsoft Zero-Day Bug Being Exploited In The Wild

"We rated it the top bulletin this month," says Qualys CTO Wolfgang Kandek, "because the code is known to attackers already and it does not look to be very difficult [to exploit]. Read more

Apr 16, 2015

Oracle Critical Patch Update features important Java SE updates

The latest Oracle Critical Patch Update includes fixes for close to 100 vulnerabilities, but one expert says there is a critical update for Java on the desktop that needs immediate attention. Read more

Apr 16, 2015

April 2015 Patch Tuesday addresses critical HTTP.sys flaw

Microsoft's April 2015 Patch Tuesday release is lighter than usual with 11 total bulletins, but experts say that system admins should immediately install a critical HTTP.sys patch for Windows Server. Read more

Apr 14, 2015

Microsoft Patch Tuesday April 2015 closes 0-day holes: 4 of 11 patches rated critical

Microsoft released 11 security bulletins, four of which are rated as critical fixes for remote code execution flaws. Adobe and Oracle also released critical patches. Read more

Apr 14, 2015

Microsoft addresses 26 vulnerabilities, some critical, on Patch Tuesday

In a Tuesday blog post, Wolfgang Kandek, CTO of Qualys, wrote that the critical Office bulletin should be the highest priority because it addresses five remote code execution vulnerabilities, including a zero-day bug. Read more

Apr 14, 2015

Microsoft Patch Tuesday: The patches just keep coming

For Microsoft, the vulnerabilities just keep popping up, and appear to be surfacing more quickly than ever before. Read more

Apr 14, 2015

April Patch Tuesday: Microsoft Releases 4 'Critical' Fixes

This month's Security Update includes a fix for a 0-day issue in Microsoft Office. Read more

Apr 14, 2015

Microsoft Patches Critical HTTP.sys Vulnerability

Wolfgang Kandek discusses how to patch for a known critical vulnerability in Windows HTTP protocol stack. Read more

Apr 14, 2015

Calls to make software designers liable for security weakness

Wolfgang Kandek talks about responsible disclosure. Read more

Apr 10, 2015

FedRAMP: What You Need To Know

Is your organization looking to become FedRAMP certified? Read this first. Read more

Apr 7, 2015

Qualys experts and customers to present security best practices at RSA Conference 2015

Qualys CEO Philippe Courtot will deliver the opening keynote presentation at CSA Summit on why new and advanced security standards are needed to secure and maintain data sovereignty. Read more

Apr 7, 2015

Amid growing SSL concerns, Qualys expands free public SSL tester

Qualys has added a free, public API to its SSL testing services, which will enable an enterprise to test any website or server for SSL vulnerabilities. Read more

Mar 31, 2015

How to Stay One Step Ahead of Hackers

The cybersecurity landscape has changed dramatically in recent years, but many people's thinking about security is stuck in 2007. If you're one of those people, it's time to revamp your security practices to better meet the current threats. Read more

Mar 25, 2015

The State of SCADA Security

Amol Sarwate discusses how to address the challenges to securing these types of systems. Read more

Mar 24, 2015

Qualys Expands Its SSL/TLS Security Scanning Service

Qualys enhanced its SSL/TLS scanning technology with a new API and an open-source tool to enable organizations to validate their security. Read more

Mar 20, 2015

The Morning Download: TD Bank Cautiously Testing Analytics as Security Tool

Security researchers disclosed the discovery of new bugs in OpenSSL, the same encryption software at the center of the Heartbleed panic last year. Read more

Mar 20, 2015

Account credentials emerge as a weak spot for cloud app security

Experts say attacks on cloud application credentials are increasing, and vulnerability scans and penetration tests can't tell if an account has been compromised. Read more

Mar 20, 2015

Measuring the effectiveness of your vulnerability management program

Jonathan Trull discusses how to identify key, quantifiable attributes or metrics to help companies drive strategies for protecting networks, systems and data. Read more

Mar 19, 2015

New bugs uncovered in encryption software

New bugs in the widely used encryption software known as OpenSSL were disclosed on Thursday, though experts say do not pose a serious threat like the "Heartbleed" vulnerability in the same technology that surfaced a year ago. Read more

Mar 19, 2015

SSL Labs unveils free open source tool, new APIs

Qualys SSL Labs now includes free assessment APIs, accompanied by a free open source tool that can be used for bulk and automated testing of websites. Read more

Mar 18, 2015

SSL Security Best Practices

Although most attention is on the protocol vulnerabilities, most organizations don't realize that it's their own actions that are proving to be bigger problems in practice. Read more

Mar 17, 2015

Qualys Releases SSL Labs APIs for Automated Website Testing

Cloud security and compliance solutions provider Qualys today announced the availability of free assessment APIs and a new tool that enable SSL Labs users to automate SSL vulnerability testing for websites. Read more

Mar 17, 2015

Avoid this Wireless Alarm Hack

Qualys' Silvio Cesare's home alarm vulnerability research is highlighted. Read more

Mar 13, 2015

Microsoft fixes FREAK vulnerability in Patch Tuesday update

Qualys Director of Engineering Amol Sarwate, weighs in on Patch Tuesday. Read more

Mar 10, 2015

March 2015 Patch Tuesday: 5 of 14 rated Critical and Microsoft issues a fix for FREAK

Microsoft issued 14 security bulletins for March 2015, five of which are rated as critical. Read more

Mar 10, 2015

Microsoft Fixes Stuxnet Bug, Again

On this, the third Patch Tuesday of 2015, Microsoft pushed 14 update bundles to address at least 43 separate vulnerabilities in Internet Explorer, Exchange, Office and a host of other components. Read more

Mar 10, 2015

March 2015 Patch Tuesday: Microsoft offers quick FREAK fix

Microsoft's March 2015 Patch Tuesday bulletins include a fix for the FREAK vulnerability, as well as five critical fixes. Read more

Mar 10, 2015

Microsoft issues 14 bulletins on Patch Tuesday, mitigates FREAK attacks

Qualys CTO Wolfgang Kandek discusses March Patch Tuesday including FREAK and Superfish. Read more

Mar 10, 2015

Microsoft warns Windows PCs also vulnerable to 'Freak' attacks

"I don't think this is a terribly big issue, but only because you have to have many ducks in a row," said Ivan Ristic, director of engineering for cybersecurity firm Qualys Inc. Read more

Mar 6, 2015

Time to FREAK out? How to tell if you're vulnerable

Qualys' SSL Labs boasts an SSL Server Test that will, with a little effort, tell you if the website's server supports "export-grade" cipher suites, which are at the root of the vulnerability. Read more

Mar 5, 2015

Practice Makes Perfect: Making Cyber Hygiene Part of Your Security Program

Good cyber hygiene is the cornerstone to being as secure as possible. Read more

Mar 5, 2015

FREAK Attacks SSL/TLS Security, Putting Apple, Android Users at Risk

In 2011, the BEAST attack against SSL/TLS, which still impacts approximately 80 percent of sites tested by Qualys Labs' SSL Pulse service, was disclosed. Read more

Mar 4, 2015

FREAK Vulnerability Exposes SSL/TLS Security Hole

"This is a very interesting problem that shows how we mustn't be complacent about these older technologies, even though we think they are not going to be used," said Ivan Ristic, Qualys’ director of application security research. Read more

Mar 4, 2015

Old Government Policies Influenced the FREAK Security Flaw

Web owners that want to check to see if their own web site is vulnerable to the flaw can use the SSL Server Test at the Qualys web site to see: SSL Server Test. Read more

Mar 4, 2015

FREAK Out: Yet Another New SSL/TLS Bug Found

"It's a very interesting problem that shows how we mustn't be complacent about these older technologies, even though we think they are not going to be used," says SSL expert Ivan Ristic, who is director of engineering at Qualys. Read more

Mar 3, 2015

New FREAK Attack Threatens Many SSL Clients

For the nth time in the last couple of years, security experts are warning about a new Internet-scale vulnerability, this time in some popular SSL clients. Read more

Mar 3, 2015

Qualys Express Lite

Qualys Express Lite earns a five star rating from SC Magazine. Read more

Mar 2, 2015

BMC and Qualys Join Forces to Improve Enterprise Security

Software solutions provider BMC and Qualys, a provider of cloud security and compliance solutions, last week announced the launch of a new solution to tie vulnerability information to automated remediation actions, dramatically reducing the window of vulnerability while simultaneously improving IT operational performance. Read more

Mar 2, 2015

BMC & Qualys Joint Solution

Intelligent Compliance moves towards a concept of continuous audit. Instead of doing an audit every year or every quarter, Intelligent Compliance is auditing constantly, reporting vulnerabilities and security policy violations. Read more

Mar 1, 2015

Bridging the Gap Between Security and Operations Teams

Qualys' Jonathan Trull discusses how to bridge the divide between IT security and operations teams to improve security and compliance. Read more

Feb 26, 2015

BMC and Qualys Join Forces to Improve Enterprise Security

Integrated solution combines BMC BladeLogic and Qualys Vulnerability Management to quickly identify and remediate threats and boost collaboration between Security and IT Operations teams. Read more

Feb 26, 2015

Password security: Time for an upgrade?

Many organizations are exploring more secure ways to enforce authentication beyond usernames and passwords. Read more

Feb 20, 2015

The Huge Web Security Loophole That Most People Don't Know About, And How It's Being Fixed

Qualys' Ivan Ristic offers his thoughts on web security. Read more

Feb 19, 2015

Microsoft Addresses 41 IE Flaws in February Patch

This Month's security update also includes two additional "critical" remote code execution fixes for Windows. Read more

Feb 11, 2015

Microsoft Internet Explorer Update Repairs 41 Critical Vulnerabilities

At least one of the information disclosure vulnerabilities are being used by attackers in multistaged attacks, according to Wolfgang Kandek, CTO of vulnerability management vendor Qualys. Read more

Feb 11, 2015

Microsoft fixes IE memory problems

Microsoft has issued 41 patches to fix memory vulnerabilities in its browser; Windows and Office also got patches this month. Read more

Feb 11, 2015

Microsoft Pushes Patches for Dozens of Flaws

Microsoft today released nine update bundles to plug at least 55 distinct security vulnerabilities in its Windows operating system and other software. Read more

Feb 10, 2015

February 2015 Patch Tuesday: Group Policy flaw tops three critical fixes

Microsoft's February 2015 Patch Tuesday release offers three critical fixes, including one for a dangerous Group Policy vulnerability, but does not patch a recently revealed IE XSS zero-day flaw. Read more

Feb 10, 2015

Microsoft's Patch Tuesday release leaves one big vulnerability unpatched

This month's Patch Tuesday release includes three updates rated Critical, including a massive security update that fixes more than 40 flaws in Internet Explorer. Read more

Feb 10, 2015

Linux GHOST bug haunts large percentage of enterprise apps

Analysis shows 80% of business-critical apps may be affected. Read more

Feb 10, 2015

New products of the week 2.09.2015

Roundup of new products including Qualys Web Application Scanning. Read more

Feb 9, 2015

Tackling Enterprise Security Through a Continuous Approach

Qualys VP of Product Sumedh Thakar talks about how taking proactive, continuous approach to security is the best way to stay ahead of today's cyber threats. Read more

Feb 5, 2015

Halting Hackers

Sumedh Thakar, chief product officer at Qualys, says that bad actors have moved on from merely seeking some degree of fame. “They are now organized to attack companies and research laboratories for financial gain,” he says. Read more

Feb 5, 2015

Qualys Adds Progressive Scanning to Web App Security Testing Service

Cloud security and compliance solution specialist Qualys Inc. is adding progressive scanning capabilities to its Web Application Scanning (WAS) product. Read more

Feb 5, 2015

Scan Finds 'Ghost' Haunting Critical Business Applications

Wolfgang Kandek, CTO at Qualys, recently told Dark Reading that while exploitable prospects aren't necessarily easy to find, there were indeed likely others out there. Read more

Feb 5, 2015

Qualys Brings Industry¹s First Continuous Progressive Scanning Capabilities to Its Fast Growing Web Applications Scanning Solution

New Features Enable Deeper and Comprehensive Continuous Scanning of Large and Complex Web Applications. Read more

Feb 4, 2015

New tool to identify website vulnerabilities

But identifying these flaws manually can be a mammoth task. Which is why cloud security provider Qualys is announcing the latest version of its Web Application Scanning (WAS) tool. Read more

Feb 4, 2015

Qualys Adds Progressive Scanning Capabilities to Its WAS Solution

Cloud security and compliance solutions provider Qualys today announced a new version of its Web Application Scanning (WAS) solution. Read more

Feb 3, 2015

Ghost Linux vulnerability can be exploited through WordPress, other PHP apps

The buffer overflow vulnerability, dubbed Ghost, was reported Tuesday by researchers from security vendor Qualys. It is identified as CVE-2015-0235 in the Common Vulnerabilities and Exposures database. Read more

Jan 30, 2015

Linux systems hit by discovery of highly critical 'Ghost' flaw

Highly critical security vulnerability affects all Linux systems and dates all the way back to 2000. Read more

Jan 29, 2015

There's a GHOST in Linux's Library

A Qualys security research team found the GHOST flaw and worked closely with Linux distribution vendors in a coordinated effort to offer a patch for all distributions of Linux systems impacted. Read more

Jan 28, 2015

'GHOST' bug in Linux library enables remote takeover of victim's system

The best way to protect against GHOST is to apply patches from Linux distribution vendors, Sarwate said, explaining that Qualys coordinated the disclosure of the bug with the Linux distribution vendors so that patches are already available. Read more

Jan 28, 2015

How A Linux "Ghost" Spooked The Security World

A vulnerability in a widely used component of many Linux distributions could allow remote attackers to take control of a system. Researchers at Qualys have dubbed it Ghost since it can be triggered by the "gethost" functions in Linux. Read more

Jan 28, 2015

Serious 'GHOST' Flaw Puts Linux at Risk

Numerous versions of Linux are at risk from a "GHOST" vulnerability that an attacker could exploit - remotely or locally - to bypass credential checks and seize control of a system, warn researchers at cloud security and vulnerability scanning vendor Qualys. The flaw exists in the GNU C Library, a.k.a. "glibc." Read more

Jan 28, 2015

'Ghost' vulnerability poses high risk to Linux distributions

Flaw in the GNU C Library can be exploited remotely for full control and should be patched as soon as possible, according to Qualys. Read more

Jan 28, 2015

Newly Identified Linux Vulnerability Gives Full Access to Servers

Software security researchers recently identified a bug that provides hackers with an open door to the bulk of the world’s servers running Linux. Read more

Jan 28, 2015

New Linux Bug Could Cause "a Lot of Collateral Damage on the Internet"

Linux users around the world are scrambling to update their operating systems, as a new flaw known as GHOST has been shown to have the potential to cause "a lot of collateral damage on the Internet." Read more

Jan 28, 2015

Severe “Ghost” flaw leaves Linux systems vulnerable to takeover

Qualys researchers discovered the “Ghost” vulnerability – named for the fact that it can be triggered by “gethostbyname” DNS resolution functions – during a recent code audit. Read more

Jan 28, 2015

GHOST glibc Remote Code Execution Vulnerability Affects All Linux Systems

A critical vulnerability has been found in glibc, the GNU C library, that affects all Linux systems dating back to 2000. Attackers can use this flaw to execute code and remotely gain control of Linux machines. Read more

Jan 27, 2015

Qualys finds GHOST: Critical Linux remote code execution flaw

A critical Linux vulnerability, called GHOST, has been found to affect glibc versions released since 2000, and could pose a remote exploit risk on many Linux systems. Read more

Jan 27, 2015

Critical 'Ghost' Vulnerability Impacts Linux Systems

Researchers at Qualys are advising organizations to apply a patch for a critical vulnerability affecting Linux systems as far back as 2000. Read more

Jan 27, 2015

Remotely exploitable ‘GHOST’ bug strikes all Linux distros

Researchers have discovered a serious vulnerability affecting multiple distributions of the Linux OS. While there are patches available the clean up effort is likely to going be a major task for Linux admins. Read more

Jan 27, 2015

Linux makers release patch to thwart new 'Ghost' cyber threat

Sarwate knows of no cases in which hackers exploited the Ghost vulnerability to date, but suspects that motivated hackers could figure out how now that the bug has been disclosed. Read more

Jan 27, 2015

Warning! Linux is being haunted by a G-G-G-GHOST vulnerability -- are you at risk?

Qualys explains that it is calling the vulnerability a "GHOST" because "it can be triggered by the GetHOST functions". In other words, Linux isn't as safe as we thought. Read more

Jan 27, 2015

High severity vulnerability found in Linux GNU C library

The Qualys security research team has found a critical vulnerability in the Linux GNU C Library (glibc), that allows attackers to remotely take control of an entire system without having any prior knowledge of system credentials. Read more

Jan 27, 2015

Highly critical “Ghost” allowing code execution affects most Linux systems

New bug haunting Linux could spark "a lot of collateral damage on the Internet." Read more

Jan 27, 2015

GHOST, a critical Linux security hole, is revealed

Researchers at cloud security company Qualys have discovered a major security hole, GHOST (CVE-2015-0235), in the Linux GNU C Library (glbibc). This vulnerability enables hackers to remotely take control of systems without even knowing any system IDs or passwords. Read more

Jan 27, 2015

Java Patch Plugs 19 Security Holes

Oracle this week released its quarterly patch update for Java, a widely-installed program that for most casual users has probably introduced more vulnerability than utility. Read more

Jan 21, 2015

Microsoft Patches Zero-Day Windows Flaws Disclosed by Google

Qualys' Kandek noted that the Telnet vulnerability shows that even old software can still harbor new bugs. Read more

Jan 13, 2015

Update: Microsoft's Patch Tuesday focuses on Windows

The lack of fixes for IE was "pretty surprising to us," said Wolfgang Kandek, chief technology officer of security vendor Qualys, noting the browser was patched every month in 2014. Read more

Jan 13, 2015

Light January 2015 Patch Tuesday delivers one critical Windows fix

Amol Sarwate and Wolfgang Kandek provide insight into January's Patch Tuesday Read more

Jan 13, 2015

Microsoft Ends Free Public Advance Security Notification Service

Wolfgang Kandek, Qualys CTO comments on the ANS program and believes there is value in that IT administrators can read about specifics, exploits and priorities. Read more

Jan 9, 2015

Microsoft Disabling SSL 3.0 in Azure Storage Next Month

Microsoft plans to disable Secure Sockets Layer (SSL) 3.0 encryption support in its Azure Storage service next month. Its advisory includes guidance for testing web servers using Qualys SSL Labs. Read more

Jan 9, 2015

Microsoft's Patch Tuesday preview will no longer be made public

CTO Wolfgang Kandek comments that the security industry should continue to move in the direction of more information and explanation to help organizations better working to quickly manage vulnerabilities. Read more

Jan 9, 2015

Advanced notice of Microsoft Patch Tuesday fixes is no longer free

Qualys CTO Wolfgang Kandek, who also closely follows the bulletins, was skeptical that demand for the advanced notices is waning. Read more

Jan 8, 2015

What CISOs, InfoSec Pros Have on Their 2015 Wish Lists

Security experts weigh in on what they would like to see in 2015 to make their jobs wrangling users, infrastructure, and data easier. Read more

Jan 6, 2015

Qualys Solutions
Qualys Community
Free Trial & Tools
Free Trial

Nothing to install!

1 (800) 745 4355