USA Media Coverage

New products of the week 04.27.2015

Qualys Cloud Platform Agent and Qualys WAF 2.0 included in this week's roundup of new products. Read more

Apr 27, 2015

Continuous monitoring of perimeter and internal IT assets

Qualys announced that its popular Qualys Continuous Monitoring (CM) solution for the perimeter now includes internal monitoring capabilities enabling organizations to proactively monitor and get real-time alerts for critical internal IT assets such as desktops, servers and other devices. Read more

Apr 22, 2015

Qualys devises a virtual patch to protect against vulnerabilities

If you can’t wait for that critical patch to secure your system from some just-discovered bug, IT security firm Qualys may have an answer, through new security software that can secure the trouble spot until the patch arrives. Read more

Apr 22, 2015

Qualys Web Application Firewall 2.0 Brings Virtual Patching, Event Response

Qualys today announced the availability of version 2.0 of the company’s Web Application Firewall (WAF). Read more

Apr 21, 2015

Qualys takes step towards complete automation of web app security

Qualys announced Qualys Web Application Firewall (WAF) version 2.0 that comes fully integrated with the Qualys Web Application Scanning solution (WAS). Read more

Apr 21, 2015

Qualys introduces new Web application firewall, cloud agent

Qualys introduced three new offerings at RSA Conference 2015, including an improved Web application firewall and a new cloud agent platform. Read more

Apr 21, 2015

The Web App Security Puzzle

The security industry must outmaneuver hackers. Qualys CISO Jonathan Trull talks about web application security. Read more

Apr 21, 2015

Cloud agent platform for continuous IT asset inventory, security and compliance

Qualys announced the launch of Qualys Cloud Agent Platform (CAP), which extends Qualys’ Cloud Security and Compliance Platform with lightweight agents to continuously assess security and compliance of organizations’ global IT infrastructure and applications. Read more

Apr 21, 2015

CSA, ICS2 introduce new cloud security certification

During his keynote Monday morning, Qualys CEO Philippe Courtot said the security industry needs to do more to encourage education and training for cloud security. Read more

Apr 20, 2015

Making the Case for Cloud Security in Government

The top 4 reasons that governments should consider adopting cloud security solutions. Read more

Apr 16, 2015

Microsoft Zero-Day Bug Being Exploited In The Wild

"We rated it the top bulletin this month," says Qualys CTO Wolfgang Kandek, "because the code is known to attackers already and it does not look to be very difficult [to exploit]. Read more

Apr 16, 2015

Oracle Critical Patch Update features important Java SE updates

The latest Oracle Critical Patch Update includes fixes for close to 100 vulnerabilities, but one expert says there is a critical update for Java on the desktop that needs immediate attention. Read more

Apr 16, 2015

April 2015 Patch Tuesday addresses critical HTTP.sys flaw

Microsoft's April 2015 Patch Tuesday release is lighter than usual with 11 total bulletins, but experts say that system admins should immediately install a critical HTTP.sys patch for Windows Server. Read more

Apr 14, 2015

Microsoft Patch Tuesday April 2015 closes 0-day holes: 4 of 11 patches rated critical

Microsoft released 11 security bulletins, four of which are rated as critical fixes for remote code execution flaws. Adobe and Oracle also released critical patches. Read more

Apr 14, 2015

Microsoft addresses 26 vulnerabilities, some critical, on Patch Tuesday

In a Tuesday blog post, Wolfgang Kandek, CTO of Qualys, wrote that the critical Office bulletin should be the highest priority because it addresses five remote code execution vulnerabilities, including a zero-day bug. Read more

Apr 14, 2015

Microsoft Patch Tuesday: The patches just keep coming

For Microsoft, the vulnerabilities just keep popping up, and appear to be surfacing more quickly than ever before. Read more

Apr 14, 2015

April Patch Tuesday: Microsoft Releases 4 'Critical' Fixes

This month's Security Update includes a fix for a 0-day issue in Microsoft Office. Read more

Apr 14, 2015

Microsoft Patches Critical HTTP.sys Vulnerability

Wolfgang Kandek discusses how to patch for a known critical vulnerability in Windows HTTP protocol stack. Read more

Apr 14, 2015

Calls to make software designers liable for security weakness

Wolfgang Kandek talks about responsible disclosure. Read more

Apr 10, 2015

FedRAMP: What You Need To Know

Is your organization looking to become FedRAMP certified? Read this first. Read more

Apr 7, 2015

Qualys experts and customers to present security best practices at RSA Conference 2015

Qualys CEO Philippe Courtot will deliver the opening keynote presentation at CSA Summit on why new and advanced security standards are needed to secure and maintain data sovereignty. Read more

Apr 7, 2015

Amid growing SSL concerns, Qualys expands free public SSL tester

Qualys has added a free, public API to its SSL testing services, which will enable an enterprise to test any website or server for SSL vulnerabilities. Read more

Mar 31, 2015

How to Stay One Step Ahead of Hackers

The cybersecurity landscape has changed dramatically in recent years, but many people's thinking about security is stuck in 2007. If you're one of those people, it's time to revamp your security practices to better meet the current threats. Read more

Mar 25, 2015

The State of SCADA Security

Amol Sarwate discusses how to address the challenges to securing these types of systems. Read more

Mar 24, 2015

Qualys Expands Its SSL/TLS Security Scanning Service

Qualys enhanced its SSL/TLS scanning technology with a new API and an open-source tool to enable organizations to validate their security. Read more

Mar 20, 2015

The Morning Download: TD Bank Cautiously Testing Analytics as Security Tool

Security researchers disclosed the discovery of new bugs in OpenSSL, the same encryption software at the center of the Heartbleed panic last year. Read more

Mar 20, 2015

Account credentials emerge as a weak spot for cloud app security

Experts say attacks on cloud application credentials are increasing, and vulnerability scans and penetration tests can't tell if an account has been compromised. Read more

Mar 20, 2015

Measuring the effectiveness of your vulnerability management program

Jonathan Trull discusses how to identify key, quantifiable attributes or metrics to help companies drive strategies for protecting networks, systems and data. Read more

Mar 19, 2015

New bugs uncovered in encryption software

New bugs in the widely used encryption software known as OpenSSL were disclosed on Thursday, though experts say do not pose a serious threat like the "Heartbleed" vulnerability in the same technology that surfaced a year ago. Read more

Mar 19, 2015

SSL Labs unveils free open source tool, new APIs

Qualys SSL Labs now includes free assessment APIs, accompanied by a free open source tool that can be used for bulk and automated testing of websites. Read more

Mar 18, 2015

SSL Security Best Practices

Although most attention is on the protocol vulnerabilities, most organizations don't realize that it's their own actions that are proving to be bigger problems in practice. Read more

Mar 17, 2015

Qualys Releases SSL Labs APIs for Automated Website Testing

Cloud security and compliance solutions provider Qualys today announced the availability of free assessment APIs and a new tool that enable SSL Labs users to automate SSL vulnerability testing for websites. Read more

Mar 17, 2015

Avoid this Wireless Alarm Hack

Qualys' Silvio Cesare's home alarm vulnerability research is highlighted. Read more

Mar 13, 2015

Microsoft fixes FREAK vulnerability in Patch Tuesday update

Qualys Director of Engineering Amol Sarwate, weighs in on Patch Tuesday. Read more

Mar 10, 2015

March 2015 Patch Tuesday: 5 of 14 rated Critical and Microsoft issues a fix for FREAK

Microsoft issued 14 security bulletins for March 2015, five of which are rated as critical. Read more

Mar 10, 2015

Microsoft Fixes Stuxnet Bug, Again

On this, the third Patch Tuesday of 2015, Microsoft pushed 14 update bundles to address at least 43 separate vulnerabilities in Internet Explorer, Exchange, Office and a host of other components. Read more

Mar 10, 2015

March 2015 Patch Tuesday: Microsoft offers quick FREAK fix

Microsoft's March 2015 Patch Tuesday bulletins include a fix for the FREAK vulnerability, as well as five critical fixes. Read more

Mar 10, 2015

Microsoft issues 14 bulletins on Patch Tuesday, mitigates FREAK attacks

Qualys CTO Wolfgang Kandek discusses March Patch Tuesday including FREAK and Superfish. Read more

Mar 10, 2015

Microsoft warns Windows PCs also vulnerable to 'Freak' attacks

"I don't think this is a terribly big issue, but only because you have to have many ducks in a row," said Ivan Ristic, director of engineering for cybersecurity firm Qualys Inc. Read more

Mar 6, 2015

Time to FREAK out? How to tell if you're vulnerable

Qualys' SSL Labs boasts an SSL Server Test that will, with a little effort, tell you if the website's server supports "export-grade" cipher suites, which are at the root of the vulnerability. Read more

Mar 5, 2015

Practice Makes Perfect: Making Cyber Hygiene Part of Your Security Program

Good cyber hygiene is the cornerstone to being as secure as possible. Read more

Mar 5, 2015

FREAK Attacks SSL/TLS Security, Putting Apple, Android Users at Risk

In 2011, the BEAST attack against SSL/TLS, which still impacts approximately 80 percent of sites tested by Qualys Labs' SSL Pulse service, was disclosed. Read more

Mar 4, 2015

FREAK Vulnerability Exposes SSL/TLS Security Hole

"This is a very interesting problem that shows how we mustn't be complacent about these older technologies, even though we think they are not going to be used," said Ivan Ristic, Qualys’ director of application security research. Read more

Mar 4, 2015

Old Government Policies Influenced the FREAK Security Flaw

Web owners that want to check to see if their own web site is vulnerable to the flaw can use the SSL Server Test at the Qualys web site to see: SSL Server Test. Read more

Mar 4, 2015

FREAK Out: Yet Another New SSL/TLS Bug Found

"It's a very interesting problem that shows how we mustn't be complacent about these older technologies, even though we think they are not going to be used," says SSL expert Ivan Ristic, who is director of engineering at Qualys. Read more

Mar 3, 2015

New FREAK Attack Threatens Many SSL Clients

For the nth time in the last couple of years, security experts are warning about a new Internet-scale vulnerability, this time in some popular SSL clients. Read more

Mar 3, 2015

Qualys Express Lite

Qualys Express Lite earns a five star rating from SC Magazine. Read more

Mar 2, 2015

BMC and Qualys Join Forces to Improve Enterprise Security

Software solutions provider BMC and Qualys, a provider of cloud security and compliance solutions, last week announced the launch of a new solution to tie vulnerability information to automated remediation actions, dramatically reducing the window of vulnerability while simultaneously improving IT operational performance. Read more

Mar 2, 2015

BMC & Qualys Joint Solution

Intelligent Compliance moves towards a concept of continuous audit. Instead of doing an audit every year or every quarter, Intelligent Compliance is auditing constantly, reporting vulnerabilities and security policy violations. Read more

Mar 1, 2015

Bridging the Gap Between Security and Operations Teams

Qualys' Jonathan Trull discusses how to bridge the divide between IT security and operations teams to improve security and compliance. Read more

Feb 26, 2015

BMC and Qualys Join Forces to Improve Enterprise Security

Integrated solution combines BMC BladeLogic and Qualys Vulnerability Management to quickly identify and remediate threats and boost collaboration between Security and IT Operations teams. Read more

Feb 26, 2015

Password security: Time for an upgrade?

Many organizations are exploring more secure ways to enforce authentication beyond usernames and passwords. Read more

Feb 20, 2015

The Huge Web Security Loophole That Most People Don't Know About, And How It's Being Fixed

Qualys' Ivan Ristic offers his thoughts on web security. Read more

Feb 19, 2015

Microsoft Addresses 41 IE Flaws in February Patch

This Month's security update also includes two additional "critical" remote code execution fixes for Windows. Read more

Feb 11, 2015

Microsoft Internet Explorer Update Repairs 41 Critical Vulnerabilities

At least one of the information disclosure vulnerabilities are being used by attackers in multistaged attacks, according to Wolfgang Kandek, CTO of vulnerability management vendor Qualys. Read more

Feb 11, 2015

Microsoft fixes IE memory problems

Microsoft has issued 41 patches to fix memory vulnerabilities in its browser; Windows and Office also got patches this month. Read more

Feb 11, 2015

Microsoft Pushes Patches for Dozens of Flaws

Microsoft today released nine update bundles to plug at least 55 distinct security vulnerabilities in its Windows operating system and other software. Read more

Feb 10, 2015

February 2015 Patch Tuesday: Group Policy flaw tops three critical fixes

Microsoft's February 2015 Patch Tuesday release offers three critical fixes, including one for a dangerous Group Policy vulnerability, but does not patch a recently revealed IE XSS zero-day flaw. Read more

Feb 10, 2015

Microsoft's Patch Tuesday release leaves one big vulnerability unpatched

This month's Patch Tuesday release includes three updates rated Critical, including a massive security update that fixes more than 40 flaws in Internet Explorer. Read more

Feb 10, 2015

Linux GHOST bug haunts large percentage of enterprise apps

Analysis shows 80% of business-critical apps may be affected. Read more

Feb 10, 2015

New products of the week 2.09.2015

Roundup of new products including Qualys Web Application Scanning. Read more

Feb 9, 2015

Tackling Enterprise Security Through a Continuous Approach

Qualys VP of Product Sumedh Thakar talks about how taking proactive, continuous approach to security is the best way to stay ahead of today's cyber threats. Read more

Feb 5, 2015

Halting Hackers

Sumedh Thakar, chief product officer at Qualys, says that bad actors have moved on from merely seeking some degree of fame. “They are now organized to attack companies and research laboratories for financial gain,” he says. Read more

Feb 5, 2015

Qualys Adds Progressive Scanning to Web App Security Testing Service

Cloud security and compliance solution specialist Qualys Inc. is adding progressive scanning capabilities to its Web Application Scanning (WAS) product. Read more

Feb 5, 2015

Scan Finds 'Ghost' Haunting Critical Business Applications

Wolfgang Kandek, CTO at Qualys, recently told Dark Reading that while exploitable prospects aren't necessarily easy to find, there were indeed likely others out there. Read more

Feb 5, 2015

Qualys Brings Industry¹s First Continuous Progressive Scanning Capabilities to Its Fast Growing Web Applications Scanning Solution

New Features Enable Deeper and Comprehensive Continuous Scanning of Large and Complex Web Applications. Read more

Feb 4, 2015

New tool to identify website vulnerabilities

But identifying these flaws manually can be a mammoth task. Which is why cloud security provider Qualys is announcing the latest version of its Web Application Scanning (WAS) tool. Read more

Feb 4, 2015

Qualys Adds Progressive Scanning Capabilities to Its WAS Solution

Cloud security and compliance solutions provider Qualys today announced a new version of its Web Application Scanning (WAS) solution. Read more

Feb 3, 2015

Ghost Linux vulnerability can be exploited through WordPress, other PHP apps

The buffer overflow vulnerability, dubbed Ghost, was reported Tuesday by researchers from security vendor Qualys. It is identified as CVE-2015-0235 in the Common Vulnerabilities and Exposures database. Read more

Jan 30, 2015

Linux systems hit by discovery of highly critical 'Ghost' flaw

Highly critical security vulnerability affects all Linux systems and dates all the way back to 2000. Read more

Jan 29, 2015

There's a GHOST in Linux's Library

A Qualys security research team found the GHOST flaw and worked closely with Linux distribution vendors in a coordinated effort to offer a patch for all distributions of Linux systems impacted. Read more

Jan 28, 2015

'GHOST' bug in Linux library enables remote takeover of victim's system

The best way to protect against GHOST is to apply patches from Linux distribution vendors, Sarwate said, explaining that Qualys coordinated the disclosure of the bug with the Linux distribution vendors so that patches are already available. Read more

Jan 28, 2015

How A Linux "Ghost" Spooked The Security World

A vulnerability in a widely used component of many Linux distributions could allow remote attackers to take control of a system. Researchers at Qualys have dubbed it Ghost since it can be triggered by the "gethost" functions in Linux. Read more

Jan 28, 2015

Serious 'GHOST' Flaw Puts Linux at Risk

Numerous versions of Linux are at risk from a "GHOST" vulnerability that an attacker could exploit - remotely or locally - to bypass credential checks and seize control of a system, warn researchers at cloud security and vulnerability scanning vendor Qualys. The flaw exists in the GNU C Library, a.k.a. "glibc." Read more

Jan 28, 2015

'Ghost' vulnerability poses high risk to Linux distributions

Flaw in the GNU C Library can be exploited remotely for full control and should be patched as soon as possible, according to Qualys. Read more

Jan 28, 2015

Newly Identified Linux Vulnerability Gives Full Access to Servers

Software security researchers recently identified a bug that provides hackers with an open door to the bulk of the world’s servers running Linux. Read more

Jan 28, 2015

New Linux Bug Could Cause "a Lot of Collateral Damage on the Internet"

Linux users around the world are scrambling to update their operating systems, as a new flaw known as GHOST has been shown to have the potential to cause "a lot of collateral damage on the Internet." Read more

Jan 28, 2015

Severe “Ghost” flaw leaves Linux systems vulnerable to takeover

Qualys researchers discovered the “Ghost” vulnerability – named for the fact that it can be triggered by “gethostbyname” DNS resolution functions – during a recent code audit. Read more

Jan 28, 2015

GHOST glibc Remote Code Execution Vulnerability Affects All Linux Systems

A critical vulnerability has been found in glibc, the GNU C library, that affects all Linux systems dating back to 2000. Attackers can use this flaw to execute code and remotely gain control of Linux machines. Read more

Jan 27, 2015

Qualys finds GHOST: Critical Linux remote code execution flaw

A critical Linux vulnerability, called GHOST, has been found to affect glibc versions released since 2000, and could pose a remote exploit risk on many Linux systems. Read more

Jan 27, 2015

Critical 'Ghost' Vulnerability Impacts Linux Systems

Researchers at Qualys are advising organizations to apply a patch for a critical vulnerability affecting Linux systems as far back as 2000. Read more

Jan 27, 2015

Remotely exploitable ‘GHOST’ bug strikes all Linux distros

Researchers have discovered a serious vulnerability affecting multiple distributions of the Linux OS. While there are patches available the clean up effort is likely to going be a major task for Linux admins. Read more

Jan 27, 2015

Linux makers release patch to thwart new 'Ghost' cyber threat

Sarwate knows of no cases in which hackers exploited the Ghost vulnerability to date, but suspects that motivated hackers could figure out how now that the bug has been disclosed. Read more

Jan 27, 2015

Warning! Linux is being haunted by a G-G-G-GHOST vulnerability -- are you at risk?

Qualys explains that it is calling the vulnerability a "GHOST" because "it can be triggered by the GetHOST functions". In other words, Linux isn't as safe as we thought. Read more

Jan 27, 2015

High severity vulnerability found in Linux GNU C library

The Qualys security research team has found a critical vulnerability in the Linux GNU C Library (glibc), that allows attackers to remotely take control of an entire system without having any prior knowledge of system credentials. Read more

Jan 27, 2015

Highly critical “Ghost” allowing code execution affects most Linux systems

New bug haunting Linux could spark "a lot of collateral damage on the Internet." Read more

Jan 27, 2015

GHOST, a critical Linux security hole, is revealed

Researchers at cloud security company Qualys have discovered a major security hole, GHOST (CVE-2015-0235), in the Linux GNU C Library (glbibc). This vulnerability enables hackers to remotely take control of systems without even knowing any system IDs or passwords. Read more

Jan 27, 2015

Java Patch Plugs 19 Security Holes

Oracle this week released its quarterly patch update for Java, a widely-installed program that for most casual users has probably introduced more vulnerability than utility. Read more

Jan 21, 2015

Microsoft Patches Zero-Day Windows Flaws Disclosed by Google

Qualys' Kandek noted that the Telnet vulnerability shows that even old software can still harbor new bugs. Read more

Jan 13, 2015

Update: Microsoft's Patch Tuesday focuses on Windows

The lack of fixes for IE was "pretty surprising to us," said Wolfgang Kandek, chief technology officer of security vendor Qualys, noting the browser was patched every month in 2014. Read more

Jan 13, 2015

Light January 2015 Patch Tuesday delivers one critical Windows fix

Amol Sarwate and Wolfgang Kandek provide insight into January's Patch Tuesday Read more

Jan 13, 2015

Microsoft Ends Free Public Advance Security Notification Service

Wolfgang Kandek, Qualys CTO comments on the ANS program and believes there is value in that IT administrators can read about specifics, exploits and priorities. Read more

Jan 9, 2015

Microsoft Disabling SSL 3.0 in Azure Storage Next Month

Microsoft plans to disable Secure Sockets Layer (SSL) 3.0 encryption support in its Azure Storage service next month. Its advisory includes guidance for testing web servers using Qualys SSL Labs. Read more

Jan 9, 2015

Microsoft's Patch Tuesday preview will no longer be made public

CTO Wolfgang Kandek comments that the security industry should continue to move in the direction of more information and explanation to help organizations better working to quickly manage vulnerabilities. Read more

Jan 9, 2015

Advanced notice of Microsoft Patch Tuesday fixes is no longer free

Qualys CTO Wolfgang Kandek, who also closely follows the bulletins, was skeptical that demand for the advanced notices is waning. Read more

Jan 8, 2015

What CISOs, InfoSec Pros Have on Their 2015 Wish Lists

Security experts weigh in on what they would like to see in 2015 to make their jobs wrangling users, infrastructure, and data easier. Read more

Jan 6, 2015

Qualys Solutions
Qualys Community
Free Trial & Tools
Free Trial

Nothing to install or download!

1 (800) 745 4355