UK Media Coverage

Don’t Panic: Latest OpenSSL Flaw Not a Heartbleed-Sized Bug

“Other than that, there’s certainly lots of server-type tools that might use OpenSSL for client operations. For them, this vulnerability is potentially significant, but attackers would need to exploit them on a case-by-case basis,” argued Qualys director of security engineering, Ivan Ristic. Read more

Jul 10, 2015

OpenSSL bug serious – but no Heartbleed, say experts

OpenSSL certificate verification flaw lets attackers impersonate cryptography-protected websites, email servers and virtual private networks (VPNs) Read more

Jul 10, 2015

High-severity OpenSSL vulnerability patched

According to Ivan Ristic, director of engineering at Qualys because the problem was identified very early on, the effect has been negligible. “It's a very serious issue,” he said, “but it doesn't affect a large number of users.” Read more

Jul 10, 2015

Amazon launches open source TLS implementation "s2n"

Ivan Ristic, director of engineering at Qualys, told SCMagazineUK.com that because TLS has to operate in many environments it has “many extensions that change how it operates but don't necessarily increase security”. Read more

Jul 2, 2015

A Critical Threat

Amol Sarwate, director of vulnerability labs at Qualys, advises implementing proper access control, making sure that necessary patching processes are in place and followed, and says that removing debug services “will help minimise risk." Read more

Jul 1, 2015

Samsung denies disabling Windows Update on its laptop models

Samsung has refuted claims that it put users at risk from hacking by disabling Windows Update on its laptops. Read more

Jun 26, 2015

Top 3 security priorities for CIOs in 2015

How CIOs should prioritise their efforts around security, from budgeting and managing delivery of service through to working with the rest of the business. Read more

Jun 23, 2015

Microsoft Respite for Admins: Just Eight Security Bulletins this Month

“The attacker needs to trick the target into opening a malicious file with Word or any other Office tool and can then take control of the target’s computer,” said Qualys CTO, Wolfgang Kandek in a blog post. Read more

Jun 10, 2015

Where are you on the five levels of TLS maturity?

TLS-based vulnerabilities like Heartbleed have caused widespread panic - but Ivan Ristic, who maintains the SSL Labs research centre for TLS and PKI at Qualys, thinks that companies can get a good grasp on their TLS security with a simple five point assessment model. Read more

Jun 8, 2015

Putting DevOps at the heart of the business – can security keep up?

Qualys CISO Jonathan Trull discusses why DevOps should be part of a wider IT operations strategy. Read more

May 29, 2015

LogJam: Latest internet vulnerability putting your confidential information at risk

First there was Heartbleed, then Poodle, Shellshock, and Freak, and now we have LogJam - the latest vulnerability to be uncovered which is threatening our online security. Read more

May 21, 2015

VENOM virtual vuln proves less poisonous than first feared

Some experts, such as Wolfgang Kandek, CTO at cloud security services firm Qualys, are inclined to disagree with Wardle’s assessment on how easy it might be to patch VENOM – if not on the severity of the bug. Read more

May 14, 2015

Does the bite live up to the hype? 10 insights into the Venom vulnerability

Wolfgang Kandek, CTO for Qualys offers his thoughts on the Venom vulnerability. Read more

May 14, 2015

Microsoft patches 30 bugs with 13 bulletins on Patch Tuesday

“It is safe to say that [attackers'] favourite attack vectors include Internet Explorer, native Windows vulnerabilities and Adobe Flash, which all receive monthly updates publishing upwards of 20 CVEs per month,” he wrote. Read more

May 13, 2015

Microsoft fixes 46 flaws in Windows, IE, Office, other products

"Patch quickly, in less than two weeks if you can," Kandek said. Read more

May 13, 2015

Microsoft fixes 46 flaws in Windows, IE, Office, other products

The priority for administrators should be MS15-043 which fixes 22 vulnerabilities in Internet Explorer, of which 14 are rated critical, said Wolfgang Kandek, the CTO of security firm Qualy. Read more

May 13, 2015

Windows 10: No More Monthly Patches

"Windows 10 follows the path first taken by the smartphone sector where iPhones, versions of Android and Windows Phones pioneered getting updates delivered to users as soon as they become available," says Wolfgang Kandek, CTO of security firm Qualys. Read more

May 6, 2015

Credit card style e-voting system could beat electoral fraud

Apprehensions exist over the potential for individuals' own computers to be hacked and compromised before, during and possibly after the voting process. Read more

May 4, 2015

Qualys's new virtual patch technology buys time in battle against zero days

If you can't wait for that critical patch to secure your system from some just-discovered bug, IT security firm Qualys may have an answer, through new security software that can secure the trouble spot until the patch arrives. Read more

Apr 22, 2015

Metrics for Upping Cyber Defences

Jonathan Trull, CISO at Qualys recommends the following tech metrics for the CISO. Read more

Apr 21, 2015

New cloud agent brings enterprises greater security and asset control

A new Cloud Agent Platform (CAP) from cloud security specialist Qualys provides organizations with a flexible solution to assess the security and compliance of their IT assets in real time, whether they're on-site, cloud-based or mobile endpoints. Read more

Apr 21, 2015

Patch Tuesday Delivers Critical Repairs To Office, Windows

Microsoft releases large security update, reflecting the growing volume of patches from all vendors in 2015. Read more

Apr 16, 2015

Microsoft release four critical patches in update

Wolfgang Kandek shares thoughts on critical vulnerabilities for April Patch Tuesday. Read more

Apr 15, 2015

Microsoft release four critical patches in batch of 11 on Update Tuesday

Read more

Apr 15, 2015

Microsoft Patch Tuesday: More headaches for IT departments

Microsoft's latest round of patches covers Internet Explorer, Windows, Office and other Microsoft products. Read more

Apr 15, 2015

NHS regional health board adopts proactive approach to data security

Spotlight on how NHS Dumfries & Galloway leverage Qualys to safeguard patient data. Read more

Mar 27, 2015

Over 700,000 home routers threaten enterprise security

Cisco researcher warns of flaws in devices ISPs give to customers. Read more

Mar 25, 2015

NHS Dumfries and Galloway spotted Heartbleed bug using Qualys cloud scanning

Case study on how NHS Dumfries and Galloway leverages Qualys. Read more

Mar 19, 2015

Microsoft Patch Tuesday Resolves FREAK Flaw

No more FREAKY business. Microsoft rushes out fix for legacy encryption flaw in Patch Tuesday update. Read more

Mar 12, 2015

FREAK, IE and Stuxnet patches delivered by Microsoft

Wolfgang Kandek, Qualys CTO weighs in on March Patch Tuesday. Read more

Mar 11, 2015

Don't let inaction come back to haunt you: patch the GHOST vulnerability now

Wolfgang Kandek offers insights into lessons learned from the GHOST vulnerability and why organizations should take immediate action to patch their Linux systems. Read more

Mar 11, 2015

Microsoft fixes FREAK vulnerability in Patch Tuesday update

Microsoft has issued critical patches for Windows, Internet Explorer and Office. Read more

Mar 10, 2015

Goodbye to Oracle? Minecraft now comes with its own Java

Wolfgang Kandek comments on Minecraft creators offering a ‘standalone’ version of Java with its loader as part of a new approach that should limit the effects of the software’s infamous insecurity on tens of millions of desktop gamers. Read more

Mar 9, 2015

Heartbleed still prevalent year after discovery

The Heartbleed bug is still prevalent among appliances and devices that rely on SSL despite almost a year passing since it was discovered, according to data collected by the security vendor Qualys. Read more

Mar 4, 2015

BMC and Qualys join forces to improve enterprise security

Integrated solution combines BMC BladeLogic and Qualys Vulnerability Management to quickly identify and remediate threats and boost collaboration between Security and IT Operations teams. Read more

Feb 26, 2015

BMC and Qualys partner to combine technologies

BMC and Qualys have launched a solution to tie vulnerability information to automated remediation actions. Read more

Feb 26, 2015

5 lessons to be learned from the Gemalto NSA/GCHQ hack

Wolfgang Kandek, CTO, Qualys, says: "CISOs can use attacks, such as the one on Gemalto, for the positive purpose of internal security planning and review. The question becomes: How would my organisation fare against such an attack? Read more

Feb 23, 2015

What is good ‘cyber hygiene’ and how do you achieve it?

Qualys CISO Jonathan Trull discusses how organizations can practice good cyber hygiene. Read more

Feb 17, 2015

Microsoft fixes Project Zero disclosures in latest Patch Tuesday release

Speaking about the vulnerabilities in Flash, Wolfgang Kandek, chief technical officer at Qualys, said: "February Patch Tuesday 2015 comes after a quite turbulent month for information security professionals. Read more

Feb 11, 2015

4 highlights from Adobe & Microsoft's Patch Tuesday

Another month has passed and Patch Tuesday is once again upon us, with both Microsoft and Adobe having recently released important patches for their product ranges. Read more

Feb 11, 2015

Patch Tuesday sees Microsoft focus on Internet Explorer updates

Microsoft's monthly Patch Tuesday brought 41 fixes for memory vulnerabilities in its Internet Explorer browser. Desktop and server editions of Windows and Office also got fixes. Read more

Feb 11, 2015

Microsoft fixes bugs exploited to hack military and financial firms

Microsoft’s February 2015 security update includes fixes for a bug exploited by attackers targeting US defence and financial services firms and a vulnerability affecting core components of Windows. Read more

Feb 11, 2015

Bug-Ridden Internet Explorer Back with a Bang … and 41 Flaws

This month’s Patch Tuesday round from Microsoft features nine bulletins fixing 56 vulnerabilities including a mammoth 41 flaws in Internet Explorer. Read more

Feb 11, 2015

Home alone with hackers: how to shift the goalposts

For too long hackers have been a step ahead of organisations and the security industry at large. Can continuous security change that? Read more

Feb 5, 2015

GHOST bug haunts Linux users

Researchers of Cloud Security firm Qualys have discovered vulnerability in Linux GNU C Library (glibc) library which can be manipulated to gain remote access of the attacked system. Read more

Jan 29, 2015

Ghostbusting in the 'critically' vulnerable Linux machine

Whose afraid of GHOSTs? Disagreement over potential risks of new Linux vulnerability, but layered defence is recommended. Read more

Jan 29, 2015

Linux 'Ghost' vulnerability uncovered

Security researchers at Qualys have discovered a Linux vulnerability, naming it 'Ghost'. Read more

Jan 29, 2015

Severe Linux GHOST Flaw Spooks Out Computer Users

The vulnerability, discovered by Qualys, a provider of cloud security and compliance solution, is in the Linux GNU C Library (glibc) and is known as GHOST (CVE-2015-0235), because it can be triggered by the gethostbyname functions. Read more

Jan 28, 2015

'Ghost' vulnerability poses high risk to Linux distributions

The flaw in the GNU C Library can be exploited remotely for full control, according to Qualys. Read more

Jan 28, 2015

Ghost in the Linux machine hits Debian, Red Hat and Ubuntu

The buffer overflow-type vulnerability was discovered by Qualys and has been classified as CVE-2015-0235. The researchers have nicknamed it Ghost as it can be triggered by GetHOST functions. Read more

Jan 28, 2015

I ain't afraid of no GHOST – securo-bods

Security researchers at cloud security firm Qualys found a critical vulnerability in Linux, specifically the GNU C Library (glib). The vulnerability – nicknamed “GHOST” – allows attackers to remotely hack into vulnerable systems without any passwords or administrator credentials. Read more

Jan 28, 2015

Linux flaw leaves web infrastructure vulnerable

A security flaw in the open source operating system Linux is allowing hackers to run malicious code on the machines which power the internet, email and other critical online services. Read more

Jan 28, 2015

Most Linux systems affected by critical vulnerability

The vulnerability could be considered as critical as Heartbleed and Shellshock because it could allow hackers to exploit it in order to execute malicious code on servers and remotely gain control of Linux machines. Read more

Jan 28, 2015

Admins Urged to Patch Linux Now as 'Ghost' Bug Emerges

Qualys CTO Wolfgang Kandek claimed in a blog post that the firm “has worked closely with Linux distribution vendors and patches are available” as of Tuesday. Read more

Jan 28, 2015

Ghost Linux bug haunting Red Hat and Ubuntu systems

An exploitable bug, codenamed Ghost, that affects numerous Linux systems has been discovered by researchers at Qualys. Read more

Jan 28, 2015

BOO! Grave remote-code exec flaw in GNU C Library haunts Linux

Security researchers have uncovered a critical bug in the GNU C Library (glibc), a key component of Linux and some other operating systems, which could render countless machines vulnerable to remote code execution attacks. Read more

Jan 27, 2015

How can I make my PC completely secure?

Use Qualys BrowserCheck or a similar website to check that all your browser plug-ins are up to date. Read more

Jan 15, 2015

Microsoft Patches Zero-Day Windows Flaws Disclosed by Google

Qualys’ Kandek noted that the Telnet vulnerability shows that even old software can still harbor new bugs. Read more

Jan 14, 2015

Microsoft release one critical patch on first “no advance notification” Tuesday

Microsoft released nine patches last night, with one rated as critical. Read more

Jan 14, 2015

Google and Microsoft fail to patch up security row

Decision to publish details of non-critical flaw in Windows 8.1 before release of fix prompts angry response from Microsoft Read more

Jan 14, 2015

Microsoft Ends Free Public Advance Security Notification Service

Qualys CTO Wolfgang Kandek discusses the new changes with Microsoft's ANS program and why there is value in that IT administrators can read about specifics, exploits and priorities. Read more

Jan 12, 2015

Microsoft's Patch Tuesday preview will no longer be made public

CTO Wolfgang Kandek comments that the security industry should continue to move in the direction of more information and explanation to help organizations better working to quickly manage vulnerabilities Read more

Jan 12, 2015

Microsoft to abandon patch advance notifications

Qualys CTO Wolfgang Kandek said that he always thought that customers were interested in the information contained in ANS, but we will see how that works out. Read more

Jan 9, 2015

Microsoft ends free Patch Tuesday security notices

Wolfgang Kandek, chief technology officer of Qualys, also spoke up in defence of the ANS information. “I have always thought that our customers were interested in the information contained in ANS, but we will see how that works out,” he said. Read more

Jan 9, 2015

Microsoft drops Patch Tuesday free advance notice of fixes

From now on if you want to see what patches Microsoft is going to issue on Patch Tuesday you'll have to pay for it. Read more

Jan 9, 2015

Online Banking with the Most Secure Endpoint Device

Qualys CTO Wolfgang Kandek discusses online banking security and how organizations can secure different endpoint devices. Read more

Jan 7, 2015

Qualys Solutions
Qualys Community
Free Trial & Tools
Free Trial

Nothing to install!

1 (800) 745 4355