UK Media Coverage

Germany's Approach to Securing Critical Infrastructure - A Benchmark For Others?

Qualys CTO, Wolfgang Kandek, says that a key concern for countries securing critical infrastructure is ensuring legislation compliance doesn't limit flexibility, and asks if new German laws might provide a benchmark. Read more

Dec 24, 2015

The big fat cybersecurity quiz of the year

As we approach the end of 2015, it’s traditional to hold an annual big fat cybersecurity quiz of the year, including commentary from Qualys' Wolfgang Kandek on the biggest cybersecurity failures of 2015. Read more

Dec 23, 2015

Considerations for Data and Applications in 2016

Security and DR are going to see some challenges in 2016. Two Cloud Experts provide their thoughts on the future, including Wolfgang Kandek, CTO at Qualys. Read more

Dec 23, 2015

Patch madness! 273 vulnerabilities from four vendors in one week

Qualys CTO, Wolfgang Kandek, comments about recently released patches, and how we, "...should instead go back to first principles and make IT secure by design." Read more

Dec 11, 2015

Adobe Updates Flash Player to Resolve 79 Security Flaws

Adobe has pushed out an updated version of Flash Player that resolves a total of 79 security flaws in its last security update of the year. The release addresses critical vulnerabilities that could potentially give an attacker the ability to take control of an affected system, according to Adobe. Read more

Dec 10, 2015

Microsoft Releases 12 Security Bulletins for Christmas

Microsoft and Adobe have conspired to make it a busy festive season for IT admins, releasing patches to fix over 70 vulnerabilities each Read more

Dec 9, 2015

Microsoft passes 130 security fixes for 2015 with final Patch Tuesday update

Microsoft has issued its final Patch Tuesday update of 2015, taking the total number of security fixes for the year to 135. This is well in excess of the 85 issued in 2014. Read more

Dec 9, 2015

Privacy vs. security: how businesses can master the balance

The UK government is closing in on a hugely significant decision that will transform how the law perceives privacy rights. UK security services have had access to phone and internet records for many years. However, the government has claimed that this is not enough to sufficiently combat terrorist threats. Commentary from Qualys CEO, Philippe Courtot, around US versus European data protection laws, and emphasis on public disclosure in the US. Read more

Dec 8, 2015

Let's Encrypt Says Get Your Free Digital Security Certificates Here

Let's Encrypt - the free, automated and open certificate authority - entered its public beta phase on Thursday, meaning its free-of-charge digital certificate store is now open to all. Commentary from Qualys' Ivan Ristic about the substantial effect that granting free certificates will have on world-wide security. Read more

Dec 4, 2015

Getting to secure by design: Why web security needs its own considerations

Qualys CTO Wolfgang Kandek discusses why web security needs to be designed into applications right from the start. Read more

Nov 22, 2015

Crimestoppers Finally Revamps Weak Crypto. Take Your Time Guys

UK crime tip-off service Crimestoppers has revamped its weak website crypto after months of running a system that relied upon obsolete protocols. Crimestoppers has since fixed its TLS, so that it now is rated as "B" by Qualys’ SSL Labs service. Read more

Nov 20, 2015

Microsoft Patches 23 Critical Flaws

Microsoft released 12 security updates in its monthly Patch Tuesday cycle yesterday, addressing 53 vulnerabilities including 23 critical flaws in Internet Explorer. Qualys CTO, Wolfgang Kandek, added that the new Edge browser is reassuringly emerging as a much more secure piece of software than its predecessor IE. Read more

Nov 17, 2015

25 Security Flaws Found in Microsoft’s Internet Explorer

Patch now, security experts recommend Windows users. Includes comments from Qualys CTO, Wolfgang Kandek. Read more

Nov 17, 2015

Microsoft Edge Browser Security Greatly Improved, Makes IE a Bad Memory

It’s not a secret that Internet Explorer was really a security nightmare for Microsoft, and the big number of vulnerabilities found in the browser made it an app to avoid for many people out there, who instead preferred to switch toGoogle Chrome or Mozilla Firefox. Read more

Nov 11, 2015

Ivan Ristic and SSL Labs: How one man changed the way we understand SSL

Ivan Ristic is well-known in the information security world, and his name has become almost a synonym for SSL Labs, a project he started in early 2009. Read more

Nov 11, 2015

Microsoft Patch Tuesday Highlights Edge’s Security Credentials

Microsoft’s Patch Tuesday update for November highlights the differences between Internet Explorer and its more secure focused successor, Microsoft Edge. Read more

Nov 11, 2015

Mozilla Overhauls Security Indicators in Firefox 42

Firefox maker Mozilla is giving sites with either Domain-Validated or Extended Validation digital certificates a green padlock to indicate they’re both secure, despite some key differences. Read more

Nov 4, 2015

Some Surprising Irish Sites Have ‘Incorrectly Configured SSL Certs'

This article checks out the SSL cert configuration across a number of major Irish websites. Read more

Nov 3, 2015

What Will Be The Biggest Risk Facing Boards in 2016?

In an Ask the Experts segment, Qualys CEO Philippe Courtot describes how the board must be aware of the strategy to secure the enterprise, and must consider security and IT together. Read more

Nov 1, 2015

How to solve a problem like security update apathy?

When a high percentage of users have unpatched systems and unpatched programs, can you protect them from themselves? Read more

Oct 29, 2015

Flaws in LibreSSL Could Open Web Servers to Attack

A number of flaws have been discovered in the LibreSSL codebase that could leave servers open to remote code execution. The vulnerabilities were discovered by Qualys and the article quotes Ivan. Read more

Oct 22, 2015

Microsoft patches critical flaw in Office and Internet Explorer

Microsoft has released its latest patch package, unveiling a slender bundle of critical tasks for IT teams to deal with. Read more

Oct 14, 2015

Patch Tuesday’s October Fixes Cover IE, Windows and Office

October has brought a relatively light Patch Tuesday update round for system administrators with Microsoft releasing just six bulletins, although half of these are critical and vulnerabilities covered affect common programs including Office, IE and Windows. Read more

Oct 14, 2015

Adobe Fixes 69 RCE Flaws As New Flash Zero Day Emerges

Adobe has issued a raft of remote code execution (RCE) flaw patches for Flash, Reader and Acrobat, but a Flash zero day is being used in Pawn Storm phishing. Read more

Oct 14, 2015

Microsoft Breaks Annual Record With ‘Modest’ Patch Tuesday

The Patch Tuesday update for October is the first update this year from Microsoft that does not feature a patch for a zero day exploit, although 19 vulnerabilities have been tackled. Read more

Oct 14, 2015

EU Data Protection Regulation: What the EC legislation means for cloud providers

Computer Weekly - With the European Commission's data protection rules set to drop before 2016, take a look at what the changes mean for the cloud and datacentre community. Read more

Oct 12, 2015

Is responsible disclosure responsible enough?

Vulnerabilities in your web browser are one thing, but when they are in your car or an MRI scanner then the potential impact takes on a different hue. Read more

Oct 1, 2015

Thinking Continuous – A New Mindset for SCADA Security

SCADA systems are ever more open to security threats – Qualys director of engineering, Amol Sarwate, explains how to mitigate the risks. Read more

Sep 25, 2015

UK businesses warned of growing cyber risk

Today enterprises across the country are being urged to protect themselves by taking up the government's Cyber Essentials scheme. The article includes comments from Qualys CTO Wolfgang Kandek. Read more

Sep 22, 2015

Microsoft Patch Tuesday Fixes Edge Browser, Again

Microsoft delivers a wide range of fixes to a number of its products, in its Patch Tuesday update for September. Read more

Sep 9, 2015

How valuable intellectual property is being targeted by cyber criminals

Amol Sarwate of Qualys comments on asset management and securing intellectual property from cybercriminals on page 21. Read more

Sep 1, 2015

Microsoft forced to release out-of-band patch to fix IE

Qualys CTO Wolfgang Kandek comments on the Internet Explorer vulnerability that could allow hackers to take control of victims' PCs and what enterprises should do. Read more

Aug 19, 2015

Microsoft releases 'critical' out-of-band security fix for Internet Explorer

Learn more about the critical security fix Microsoft has released for IE. Read more

Aug 19, 2015

Microsoft issues an out-of-band patch for Internet Explorer

"Patch as quickly as possible," says Qualys CTO Wolfgang Kandek. Read more

Aug 19, 2015

Microsoft rushes patch as IE bug goes wild

Qualys discusses the vulnerability that "is actively being exploited in the wild", and urges users to patch their machines to defend themselves against infection. Read more

Aug 19, 2015

Is Industry 4.0 safe – or will it prove to be a hacker's delight?

Amol Sarwate, Qualys Director of Engineering, comments on how security is becoming a huge worry for the industry IoT. Read more

Aug 14, 2015

Half of Patch Tuesday bulletins cover Windows 10

Qualys CTO Wolfgang Kandek warns users of critical vulnerabilities in Microsoft Office. Read more

Aug 12, 2015

Patch Tuesday Tackles Windows 10 Fixes

Qualys CTO Wolfgang Kandek discusses the Windows 10 fixes in Patch Tuesday as well as the new browser, Microsoft Edge. Read more

Aug 12, 2015

How To Look Inside A Cloud

Forbes contributor Adrian Bridgwater discusses the tools via which we can start to look inside cloud computing ‘instances’ and assess their contents, health and performance. Read more

Aug 6, 2015

What is the 'shadow' Internet of Things – and how dangerous is it?

Are IoT devices threatening corporate networks? BYOD has been a threat to corporate IT networks for years, but the dependence of employees on tablets using the likes of Dropbox – and the general circumventing of IT rules and regs – is just the start. Read more

Jul 30, 2015

Don’t Panic: Latest OpenSSL Flaw Not a Heartbleed-Sized Bug

“Other than that, there’s certainly lots of server-type tools that might use OpenSSL for client operations. For them, this vulnerability is potentially significant, but attackers would need to exploit them on a case-by-case basis,” argued Qualys director of security engineering, Ivan Ristic. Read more

Jul 10, 2015

OpenSSL bug serious – but no Heartbleed, say experts

OpenSSL certificate verification flaw lets attackers impersonate cryptography-protected websites, email servers and virtual private networks (VPNs) Read more

Jul 10, 2015

High-severity OpenSSL vulnerability patched

According to Ivan Ristic, director of engineering at Qualys because the problem was identified very early on, the effect has been negligible. “It's a very serious issue,” he said, “but it doesn't affect a large number of users.” Read more

Jul 10, 2015

Amazon launches open source TLS implementation "s2n"

Ivan Ristic, director of engineering at Qualys, told that because TLS has to operate in many environments it has “many extensions that change how it operates but don't necessarily increase security”. Read more

Jul 2, 2015

A Critical Threat

Amol Sarwate, director of vulnerability labs at Qualys, advises implementing proper access control, making sure that necessary patching processes are in place and followed, and says that removing debug services “will help minimise risk." Read more

Jul 1, 2015

Samsung denies disabling Windows Update on its laptop models

Samsung has refuted claims that it put users at risk from hacking by disabling Windows Update on its laptops. Read more

Jun 26, 2015

Top 3 security priorities for CIOs in 2015

How CIOs should prioritise their efforts around security, from budgeting and managing delivery of service through to working with the rest of the business. Read more

Jun 23, 2015

Microsoft Respite for Admins: Just Eight Security Bulletins this Month

“The attacker needs to trick the target into opening a malicious file with Word or any other Office tool and can then take control of the target’s computer,” said Qualys CTO, Wolfgang Kandek in a blog post. Read more

Jun 10, 2015

Where are you on the five levels of TLS maturity?

TLS-based vulnerabilities like Heartbleed have caused widespread panic - but Ivan Ristic, who maintains the SSL Labs research centre for TLS and PKI at Qualys, thinks that companies can get a good grasp on their TLS security with a simple five point assessment model. Read more

Jun 8, 2015

Putting DevOps at the heart of the business – can security keep up?

Qualys CISO Jonathan Trull discusses why DevOps should be part of a wider IT operations strategy. Read more

May 29, 2015

LogJam: Latest internet vulnerability putting your confidential information at risk

First there was Heartbleed, then Poodle, Shellshock, and Freak, and now we have LogJam - the latest vulnerability to be uncovered which is threatening our online security. Read more

May 21, 2015

VENOM virtual vuln proves less poisonous than first feared

Some experts, such as Wolfgang Kandek, CTO at cloud security services firm Qualys, are inclined to disagree with Wardle’s assessment on how easy it might be to patch VENOM – if not on the severity of the bug. Read more

May 14, 2015

Does the bite live up to the hype? 10 insights into the Venom vulnerability

Wolfgang Kandek, CTO for Qualys offers his thoughts on the Venom vulnerability. Read more

May 14, 2015

Microsoft patches 30 bugs with 13 bulletins on Patch Tuesday

“It is safe to say that [attackers'] favourite attack vectors include Internet Explorer, native Windows vulnerabilities and Adobe Flash, which all receive monthly updates publishing upwards of 20 CVEs per month,” he wrote. Read more

May 13, 2015

Microsoft fixes 46 flaws in Windows, IE, Office, other products

"Patch quickly, in less than two weeks if you can," Kandek said. Read more

May 13, 2015

Microsoft fixes 46 flaws in Windows, IE, Office, other products

The priority for administrators should be MS15-043 which fixes 22 vulnerabilities in Internet Explorer, of which 14 are rated critical, said Wolfgang Kandek, the CTO of security firm Qualy. Read more

May 13, 2015

Windows 10: No More Monthly Patches

"Windows 10 follows the path first taken by the smartphone sector where iPhones, versions of Android and Windows Phones pioneered getting updates delivered to users as soon as they become available," says Wolfgang Kandek, CTO of security firm Qualys. Read more

May 6, 2015

Credit card style e-voting system could beat electoral fraud

Apprehensions exist over the potential for individuals' own computers to be hacked and compromised before, during and possibly after the voting process. Read more

May 4, 2015

Qualys's new virtual patch technology buys time in battle against zero days

If you can't wait for that critical patch to secure your system from some just-discovered bug, IT security firm Qualys may have an answer, through new security software that can secure the trouble spot until the patch arrives. Read more

Apr 22, 2015

Metrics for Upping Cyber Defences

Jonathan Trull, CISO at Qualys recommends the following tech metrics for the CISO. Read more

Apr 21, 2015

New cloud agent brings enterprises greater security and asset control

A new Cloud Agent Platform (CAP) from cloud security specialist Qualys provides organizations with a flexible solution to assess the security and compliance of their IT assets in real time, whether they're on-site, cloud-based or mobile endpoints. Read more

Apr 21, 2015

Patch Tuesday Delivers Critical Repairs To Office, Windows

Microsoft releases large security update, reflecting the growing volume of patches from all vendors in 2015. Read more

Apr 16, 2015

Microsoft release four critical patches in update

Wolfgang Kandek shares thoughts on critical vulnerabilities for April Patch Tuesday. Read more

Apr 15, 2015

Microsoft release four critical patches in batch of 11 on Update Tuesday

Read more

Apr 15, 2015

Microsoft Patch Tuesday: More headaches for IT departments

Microsoft's latest round of patches covers Internet Explorer, Windows, Office and other Microsoft products. Read more

Apr 15, 2015

NHS regional health board adopts proactive approach to data security

Spotlight on how NHS Dumfries & Galloway leverage Qualys to safeguard patient data. Read more

Mar 27, 2015

Over 700,000 home routers threaten enterprise security

Cisco researcher warns of flaws in devices ISPs give to customers. Read more

Mar 25, 2015

NHS Dumfries and Galloway spotted Heartbleed bug using Qualys cloud scanning

Case study on how NHS Dumfries and Galloway leverages Qualys. Read more

Mar 19, 2015

Microsoft Patch Tuesday Resolves FREAK Flaw

No more FREAKY business. Microsoft rushes out fix for legacy encryption flaw in Patch Tuesday update. Read more

Mar 12, 2015

FREAK, IE and Stuxnet patches delivered by Microsoft

Wolfgang Kandek, Qualys CTO weighs in on March Patch Tuesday. Read more

Mar 11, 2015

Don't let inaction come back to haunt you: patch the GHOST vulnerability now

Wolfgang Kandek offers insights into lessons learned from the GHOST vulnerability and why organizations should take immediate action to patch their Linux systems. Read more

Mar 11, 2015

Microsoft fixes FREAK vulnerability in Patch Tuesday update

Microsoft has issued critical patches for Windows, Internet Explorer and Office. Read more

Mar 10, 2015

Goodbye to Oracle? Minecraft now comes with its own Java

Wolfgang Kandek comments on Minecraft creators offering a ‘standalone’ version of Java with its loader as part of a new approach that should limit the effects of the software’s infamous insecurity on tens of millions of desktop gamers. Read more

Mar 9, 2015

Heartbleed still prevalent year after discovery

The Heartbleed bug is still prevalent among appliances and devices that rely on SSL despite almost a year passing since it was discovered, according to data collected by the security vendor Qualys. Read more

Mar 4, 2015

BMC and Qualys join forces to improve enterprise security

Integrated solution combines BMC BladeLogic and Qualys Vulnerability Management to quickly identify and remediate threats and boost collaboration between Security and IT Operations teams. Read more

Feb 26, 2015

BMC and Qualys partner to combine technologies

BMC and Qualys have launched a solution to tie vulnerability information to automated remediation actions. Read more

Feb 26, 2015

5 lessons to be learned from the Gemalto NSA/GCHQ hack

Wolfgang Kandek, CTO, Qualys, says: "CISOs can use attacks, such as the one on Gemalto, for the positive purpose of internal security planning and review. The question becomes: How would my organisation fare against such an attack? Read more

Feb 23, 2015

What is good ‘cyber hygiene’ and how do you achieve it?

Qualys CISO Jonathan Trull discusses how organizations can practice good cyber hygiene. Read more

Feb 17, 2015

Microsoft fixes Project Zero disclosures in latest Patch Tuesday release

Speaking about the vulnerabilities in Flash, Wolfgang Kandek, chief technical officer at Qualys, said: "February Patch Tuesday 2015 comes after a quite turbulent month for information security professionals. Read more

Feb 11, 2015

4 highlights from Adobe & Microsoft's Patch Tuesday

Another month has passed and Patch Tuesday is once again upon us, with both Microsoft and Adobe having recently released important patches for their product ranges. Read more

Feb 11, 2015

Patch Tuesday sees Microsoft focus on Internet Explorer updates

Microsoft's monthly Patch Tuesday brought 41 fixes for memory vulnerabilities in its Internet Explorer browser. Desktop and server editions of Windows and Office also got fixes. Read more

Feb 11, 2015

Microsoft fixes bugs exploited to hack military and financial firms

Microsoft’s February 2015 security update includes fixes for a bug exploited by attackers targeting US defence and financial services firms and a vulnerability affecting core components of Windows. Read more

Feb 11, 2015

Bug-Ridden Internet Explorer Back with a Bang … and 41 Flaws

This month’s Patch Tuesday round from Microsoft features nine bulletins fixing 56 vulnerabilities including a mammoth 41 flaws in Internet Explorer. Read more

Feb 11, 2015

Home alone with hackers: how to shift the goalposts

For too long hackers have been a step ahead of organisations and the security industry at large. Can continuous security change that? Read more

Feb 5, 2015

GHOST bug haunts Linux users

Researchers of Cloud Security firm Qualys have discovered vulnerability in Linux GNU C Library (glibc) library which can be manipulated to gain remote access of the attacked system. Read more

Jan 29, 2015

Ghostbusting in the 'critically' vulnerable Linux machine

Whose afraid of GHOSTs? Disagreement over potential risks of new Linux vulnerability, but layered defence is recommended. Read more

Jan 29, 2015

Linux 'Ghost' vulnerability uncovered

Security researchers at Qualys have discovered a Linux vulnerability, naming it 'Ghost'. Read more

Jan 29, 2015

Severe Linux GHOST Flaw Spooks Out Computer Users

The vulnerability, discovered by Qualys, a provider of cloud security and compliance solution, is in the Linux GNU C Library (glibc) and is known as GHOST (CVE-2015-0235), because it can be triggered by the gethostbyname functions. Read more

Jan 28, 2015

'Ghost' vulnerability poses high risk to Linux distributions

The flaw in the GNU C Library can be exploited remotely for full control, according to Qualys. Read more

Jan 28, 2015

Ghost in the Linux machine hits Debian, Red Hat and Ubuntu

The buffer overflow-type vulnerability was discovered by Qualys and has been classified as CVE-2015-0235. The researchers have nicknamed it Ghost as it can be triggered by GetHOST functions. Read more

Jan 28, 2015

I ain't afraid of no GHOST – securo-bods

Security researchers at cloud security firm Qualys found a critical vulnerability in Linux, specifically the GNU C Library (glib). The vulnerability – nicknamed “GHOST” – allows attackers to remotely hack into vulnerable systems without any passwords or administrator credentials. Read more

Jan 28, 2015

Linux flaw leaves web infrastructure vulnerable

A security flaw in the open source operating system Linux is allowing hackers to run malicious code on the machines which power the internet, email and other critical online services. Read more

Jan 28, 2015

Most Linux systems affected by critical vulnerability

The vulnerability could be considered as critical as Heartbleed and Shellshock because it could allow hackers to exploit it in order to execute malicious code on servers and remotely gain control of Linux machines. Read more

Jan 28, 2015

Admins Urged to Patch Linux Now as 'Ghost' Bug Emerges

Qualys CTO Wolfgang Kandek claimed in a blog post that the firm “has worked closely with Linux distribution vendors and patches are available” as of Tuesday. Read more

Jan 28, 2015

Ghost Linux bug haunting Red Hat and Ubuntu systems

An exploitable bug, codenamed Ghost, that affects numerous Linux systems has been discovered by researchers at Qualys. Read more

Jan 28, 2015

BOO! Grave remote-code exec flaw in GNU C Library haunts Linux

Security researchers have uncovered a critical bug in the GNU C Library (glibc), a key component of Linux and some other operating systems, which could render countless machines vulnerable to remote code execution attacks. Read more

Jan 27, 2015

How can I make my PC completely secure?

Use Qualys BrowserCheck or a similar website to check that all your browser plug-ins are up to date. Read more

Jan 15, 2015

Microsoft Patches Zero-Day Windows Flaws Disclosed by Google

Qualys’ Kandek noted that the Telnet vulnerability shows that even old software can still harbor new bugs. Read more

Jan 14, 2015

Microsoft release one critical patch on first “no advance notification” Tuesday

Microsoft released nine patches last night, with one rated as critical. Read more

Jan 14, 2015

Google and Microsoft fail to patch up security row

Decision to publish details of non-critical flaw in Windows 8.1 before release of fix prompts angry response from Microsoft Read more

Jan 14, 2015

Microsoft Ends Free Public Advance Security Notification Service

Qualys CTO Wolfgang Kandek discusses the new changes with Microsoft's ANS program and why there is value in that IT administrators can read about specifics, exploits and priorities. Read more

Jan 12, 2015

Microsoft's Patch Tuesday preview will no longer be made public

CTO Wolfgang Kandek comments that the security industry should continue to move in the direction of more information and explanation to help organizations better working to quickly manage vulnerabilities Read more

Jan 12, 2015

Microsoft to abandon patch advance notifications

Qualys CTO Wolfgang Kandek said that he always thought that customers were interested in the information contained in ANS, but we will see how that works out. Read more

Jan 9, 2015

Microsoft ends free Patch Tuesday security notices

Wolfgang Kandek, chief technology officer of Qualys, also spoke up in defence of the ANS information. “I have always thought that our customers were interested in the information contained in ANS, but we will see how that works out,” he said. Read more

Jan 9, 2015

Microsoft drops Patch Tuesday free advance notice of fixes

From now on if you want to see what patches Microsoft is going to issue on Patch Tuesday you'll have to pay for it. Read more

Jan 9, 2015

Online Banking with the Most Secure Endpoint Device

Qualys CTO Wolfgang Kandek discusses online banking security and how organizations can secure different endpoint devices. Read more

Jan 7, 2015

Qualys Solutions
Qualys Community
Free Trial & Tools
Free Trial

Nothing to install!

1 (800) 745 4355