USA Media Coverage
|
FREAK Out: Yet Another New SSL/TLS Bug Found"It's a very interesting problem that shows how we mustn't be complacent about these older technologies, even though we think they are not going to be used," says SSL expert Ivan Ristic, who is director of engineering at Qualys. Read more Mar 3, 2015 |
|---|---|
|
New FREAK Attack Threatens Many SSL ClientsFor the nth time in the last couple of years, security experts are warning about a new Internet-scale vulnerability, this time in some popular SSL clients. Read more Mar 3, 2015 |
|
Qualys Express LiteQualys Express Lite earns a five star rating from SC Magazine. Read more Mar 2, 2015 |
BMC and Qualys Join Forces to Improve Enterprise SecuritySoftware solutions provider BMC and Qualys, a provider of cloud security and compliance solutions, last week announced the launch of a new solution to tie vulnerability information to automated remediation actions, dramatically reducing the window of vulnerability while simultaneously improving IT operational performance. Read more Mar 2, 2015 |
|
BMC & Qualys Joint SolutionIntelligent Compliance moves towards a concept of continuous audit. Instead of doing an audit every year or every quarter, Intelligent Compliance is auditing constantly, reporting vulnerabilities and security policy violations. Read more Mar 1, 2015 |
|
|
Bridging the Gap Between Security and Operations TeamsQualys' Jonathan Trull discusses how to bridge the divide between IT security and operations teams to improve security and compliance. Read more Feb 26, 2015 |
|
|
BMC and Qualys Join Forces to Improve Enterprise SecurityIntegrated solution combines BMC BladeLogic and Qualys Vulnerability Management to quickly identify and remediate threats and boost collaboration between Security and IT Operations teams. Read more Feb 26, 2015 |
|
|
Password security: Time for an upgrade?Many organizations are exploring more secure ways to enforce authentication beyond usernames and passwords. Read more Feb 20, 2015 |
The Huge Web Security Loophole That Most People Don't Know About, And How It's Being FixedQualys' Ivan Ristic offers his thoughts on web security. Read more Feb 19, 2015 |
|
|
Microsoft Addresses 41 IE Flaws in February PatchThis Month's security update also includes two additional "critical" remote code execution fixes for Windows. Read more Feb 11, 2015 |
|
Microsoft Internet Explorer Update Repairs 41 Critical VulnerabilitiesAt least one of the information disclosure vulnerabilities are being used by attackers in multistaged attacks, according to Wolfgang Kandek, CTO of vulnerability management vendor Qualys. Read more Feb 11, 2015 |
|
Microsoft fixes IE memory problemsMicrosoft has issued 41 patches to fix memory vulnerabilities in its browser; Windows and Office also got patches this month. Read more Feb 11, 2015 |
|
Microsoft Pushes Patches for Dozens of FlawsMicrosoft today released nine update bundles to plug at least 55 distinct security vulnerabilities in its Windows operating system and other software. Read more Feb 10, 2015 |
|
February 2015 Patch Tuesday: Group Policy flaw tops three critical fixesMicrosoft's February 2015 Patch Tuesday release offers three critical fixes, including one for a dangerous Group Policy vulnerability, but does not patch a recently revealed IE XSS zero-day flaw. Read more Feb 10, 2015 |
|
Microsoft's Patch Tuesday release leaves one big vulnerability unpatchedThis month's Patch Tuesday release includes three updates rated Critical, including a massive security update that fixes more than 40 flaws in Internet Explorer. Read more Feb 10, 2015 |
Linux GHOST bug haunts large percentage of enterprise appsAnalysis shows 80% of business-critical apps may be affected. Read more Feb 10, 2015 |
|
|
New products of the week 2.09.2015Roundup of new products including Qualys Web Application Scanning. Read more Feb 9, 2015 |
Tackling Enterprise Security Through a Continuous ApproachQualys VP of Product Sumedh Thakar talks about how taking proactive, continuous approach to security is the best way to stay ahead of today's cyber threats. Read more Feb 5, 2015 |
|
Halting HackersSumedh Thakar, chief product officer at Qualys, says that bad actors have moved on from merely seeking some degree of fame. “They are now organized to attack companies and research laboratories for financial gain,” he says. Read more Feb 5, 2015 |
|
|
|
Qualys Adds Progressive Scanning to Web App Security Testing ServiceCloud security and compliance solution specialist Qualys Inc. is adding progressive scanning capabilities to its Web Application Scanning (WAS) product. Read more Feb 5, 2015 |
|
|
Scan Finds 'Ghost' Haunting Critical Business ApplicationsWolfgang Kandek, CTO at Qualys, recently told Dark Reading that while exploitable prospects aren't necessarily easy to find, there were indeed likely others out there. Read more Feb 5, 2015 |
|
|
Qualys Brings Industry¹s First Continuous Progressive Scanning Capabilities to Its Fast Growing Web Applications Scanning SolutionNew Features Enable Deeper and Comprehensive Continuous Scanning of Large and Complex Web Applications. Read more Feb 4, 2015 |
New tool to identify website vulnerabilitiesBut identifying these flaws manually can be a mammoth task. Which is why cloud security provider Qualys is announcing the latest version of its Web Application Scanning (WAS) tool. Read more Feb 4, 2015 |
|
|
Qualys Adds Progressive Scanning Capabilities to Its WAS SolutionCloud security and compliance solutions provider Qualys today announced a new version of its Web Application Scanning (WAS) solution. Read more Feb 3, 2015 |
|
|
Ghost Linux vulnerability can be exploited through WordPress, other PHP appsThe buffer overflow vulnerability, dubbed Ghost, was reported Tuesday by researchers from security vendor Qualys. It is identified as CVE-2015-0235 in the Common Vulnerabilities and Exposures database. Read more Jan 30, 2015 |
|
Linux systems hit by discovery of highly critical 'Ghost' flawHighly critical security vulnerability affects all Linux systems and dates all the way back to 2000. Read more Jan 29, 2015 |
There's a GHOST in Linux's LibraryA Qualys security research team found the GHOST flaw and worked closely with Linux distribution vendors in a coordinated effort to offer a patch for all distributions of Linux systems impacted. Read more Jan 28, 2015 |
|
|
|
'GHOST' bug in Linux library enables remote takeover of victim's systemThe best way to protect against GHOST is to apply patches from Linux distribution vendors, Sarwate said, explaining that Qualys coordinated the disclosure of the bug with the Linux distribution vendors so that patches are already available. Read more Jan 28, 2015 |
How A Linux "Ghost" Spooked The Security WorldA vulnerability in a widely used component of many Linux distributions could allow remote attackers to take control of a system. Researchers at Qualys have dubbed it Ghost since it can be triggered by the "gethost" functions in Linux. Read more Jan 28, 2015 |
|
Serious 'GHOST' Flaw Puts Linux at RiskNumerous versions of Linux are at risk from a "GHOST" vulnerability that an attacker could exploit - remotely or locally - to bypass credential checks and seize control of a system, warn researchers at cloud security and vulnerability scanning vendor Qualys. The flaw exists in the GNU C Library, a.k.a. "glibc." Read more Jan 28, 2015 |
|
|
|
'Ghost' vulnerability poses high risk to Linux distributionsFlaw in the GNU C Library can be exploited remotely for full control and should be patched as soon as possible, according to Qualys. Read more Jan 28, 2015 |
Newly Identified Linux Vulnerability Gives Full Access to ServersSoftware security researchers recently identified a bug that provides hackers with an open door to the bulk of the world’s servers running Linux. Read more Jan 28, 2015 |
|
New Linux Bug Could Cause "a Lot of Collateral Damage on the Internet"Linux users around the world are scrambling to update their operating systems, as a new flaw known as GHOST has been shown to have the potential to cause "a lot of collateral damage on the Internet." Read more Jan 28, 2015 |
|
Severe “Ghost” flaw leaves Linux systems vulnerable to takeoverQualys researchers discovered the “Ghost” vulnerability – named for the fact that it can be triggered by “gethostbyname” DNS resolution functions – during a recent code audit. Read more Jan 28, 2015 |
|
|
|
GHOST glibc Remote Code Execution Vulnerability Affects All Linux SystemsA critical vulnerability has been found in glibc, the GNU C library, that affects all Linux systems dating back to 2000. Attackers can use this flaw to execute code and remotely gain control of Linux machines. Read more Jan 27, 2015 |
|
Qualys finds GHOST: Critical Linux remote code execution flawA critical Linux vulnerability, called GHOST, has been found to affect glibc versions released since 2000, and could pose a remote exploit risk on many Linux systems. Read more Jan 27, 2015 |
|
|
Critical 'Ghost' Vulnerability Impacts Linux SystemsResearchers at Qualys are advising organizations to apply a patch for a critical vulnerability affecting Linux systems as far back as 2000. Read more Jan 27, 2015 |
|
|
Remotely exploitable ‘GHOST’ bug strikes all Linux distrosResearchers have discovered a serious vulnerability affecting multiple distributions of the Linux OS. While there are patches available the clean up effort is likely to going be a major task for Linux admins. Read more Jan 27, 2015 |
|
Linux makers release patch to thwart new 'Ghost' cyber threatSarwate knows of no cases in which hackers exploited the Ghost vulnerability to date, but suspects that motivated hackers could figure out how now that the bug has been disclosed. Read more Jan 27, 2015 |
Warning! Linux is being haunted by a G-G-G-GHOST vulnerability -- are you at risk?Qualys explains that it is calling the vulnerability a "GHOST" because "it can be triggered by the GetHOST functions". In other words, Linux isn't as safe as we thought. Read more Jan 27, 2015 |
|
|
High severity vulnerability found in Linux GNU C libraryThe Qualys security research team has found a critical vulnerability in the Linux GNU C Library (glibc), that allows attackers to remotely take control of an entire system without having any prior knowledge of system credentials. Read more Jan 27, 2015 |
Highly critical “Ghost” allowing code execution affects most Linux systemsNew bug haunting Linux could spark "a lot of collateral damage on the Internet." Read more Jan 27, 2015 |
|
|
|
GHOST, a critical Linux security hole, is revealedResearchers at cloud security company Qualys have discovered a major security hole, GHOST (CVE-2015-0235), in the Linux GNU C Library (glbibc). This vulnerability enables hackers to remotely take control of systems without even knowing any system IDs or passwords. Read more Jan 27, 2015 |
|
|
Java Patch Plugs 19 Security HolesOracle this week released its quarterly patch update for Java, a widely-installed program that for most casual users has probably introduced more vulnerability than utility. Read more Jan 21, 2015 |
|
Microsoft Patches Zero-Day Windows Flaws Disclosed by GoogleQualys' Kandek noted that the Telnet vulnerability shows that even old software can still harbor new bugs. Read more Jan 13, 2015 |
|
Update: Microsoft's Patch Tuesday focuses on WindowsThe lack of fixes for IE was "pretty surprising to us," said Wolfgang Kandek, chief technology officer of security vendor Qualys, noting the browser was patched every month in 2014. Read more Jan 13, 2015 |
|
|
Light January 2015 Patch Tuesday delivers one critical Windows fixAmol Sarwate and Wolfgang Kandek provide insight into January's Patch Tuesday Read more Jan 13, 2015 |
|
|
Microsoft Ends Free Public Advance Security Notification ServiceWolfgang Kandek, Qualys CTO comments on the ANS program and believes there is value in that IT administrators can read about specifics, exploits and priorities. Read more Jan 9, 2015 |
|
|
Microsoft Disabling SSL 3.0 in Azure Storage Next MonthMicrosoft plans to disable Secure Sockets Layer (SSL) 3.0 encryption support in its Azure Storage service next month. Its advisory includes guidance for testing web servers using Qualys SSL Labs. Read more Jan 9, 2015 |
|
|
Microsoft's Patch Tuesday preview will no longer be made publicCTO Wolfgang Kandek comments that the security industry should continue to move in the direction of more information and explanation to help organizations better working to quickly manage vulnerabilities. Read more Jan 9, 2015 |
|
|
Advanced notice of Microsoft Patch Tuesday fixes is no longer freeQualys CTO Wolfgang Kandek, who also closely follows the bulletins, was skeptical that demand for the advanced notices is waning. Read more Jan 8, 2015 |
|
|
What CISOs, InfoSec Pros Have on Their 2015 Wish ListsSecurity experts weigh in on what they would like to see in 2015 to make their jobs wrangling users, infrastructure, and data easier. Read more Jan 6, 2015 |
