2016
OpenSSH Patches Information Leak Flaw
OpenSSH released a patch for a vulnerability that could expose files to theft and manipulation and affects all versions of OpenSSH prior to 7.2p2 with X11Forwarding enabled. The vulnerability was found by Qualys researchers, who said attackers would have to use a malicious server in order to force a client to give up the key.
Cloud Cyber Security: Why it Pays to Work with Your Provider
The information held by cloud providers is encouraging criminals to increasingly develop malware and attack techniques designed to exploit weaknesses in the technology. Qualys CTO Wolfgang Kandek recommends ensuring your cloud security platform is up to date with configuration management and patching.
Adobe Issues Patch for 23 Flash Flaws
Adobe released a critical update for Flash Player that addresses 23 vulnerabilities which was discovered by a researcher at Kaspersky Labs. A successful exploit of one of the vulnerabilities, CVE-2016-1010, gives the attacker Remote Code Execution on the target machine.
Cloud Computing: Security and Evolution
In this podcast from RSA 2016, Qualys CTO Wolfgang Kandek talks about the evolution of the cloud computing architecture, the problems it solves and how we can secure it.
Adobe, Microsoft Push Critical Updates
Microsoft today pushed out 13 security updates to fix at least 39 separate vulnerabilities in its various Windows operating systems and software.
Hacking a connected car is this easy
Since competitive pressures often mean that car makers bring new functionality to their products before they're fully tested, new vulnerabilities are likely to be generated with each new feature.
DROWN Flaw Illustrates Dangers of Intentionally Weak Crypto
The DROWN vulnerability results from export-grade ciphersuites mandated by the US government.
Qualys Delivers Scalable, Cloud-Based Patching
Qualys' new OEM partnership with HEAT Software delivers a cloud-based patch management offering to its global customers.
New Service Helps Organizations Visualize and Prioritize Security Threats BetaNews
Qualys ThreatPROTECT provides customers with an interactive dashboard to help them understand security threats at-a-glance.
Qualys extends Cloud Agent Platform to support Linux and Mac OS
Qualys Cloud Agent Platform, now available on Linux and Mac OS, enables organizations to inventory all their IT assets, get the visibility needed to secure them against cyber attacks on a continuous basis and take action with Qualys’ new patching capabilities.
Qualys Launches Threat Intelligence Solution
Qualys ThreatPROTECT lets customers visualize, prioritize and take action to minimize exposure from vulnerabilities related to the threats that matter most to their environments.
SSL ‘DROWNs’ In Yet Another Serious Security Flaw
A recently discovered OpenSSL security hole enables SSL v2, long deprecated, to be used to attack modern web sites. The attack, dubbed DROWN, is estimated to be able to kill off at least one-third of all HTTPS servers.
HTTPS DROWN flaw: Security bods' hearts sink as tatty protocols wash away web crypto
The discovery of a HTTPS encryption vulnerability, dubbed DROWN, again proves that supporting tired old protocols weakens modern crypto systems.
VMware Products Affected by Critical glibc Flaw
A critical remote code execution vulnerability found in the GNU C Library (glibc) affects most Linux systems and many widely used products, including ones from VMware.
Go Full SHA-256 by June or Get Locked Out, Say Payments Bods Bacs
Online businesses in the UK will have to update their systems and adopt SHA-2 before June in order to avoid losing access to vital payment and money transfer services.
Oracle Fixes Vulnerability in Java Installer that Could Lead to ‘Complete Compromise' of Victim's System
Oracle has issued a rare out-of-band security patch for Java to fix a flaw that posed a risk to anyone installing the tool on Windows devices.
Oracle Unleashes 248 Security Updates in First Patch Release of 2016
Wolfgang Kandek, chief technical officer at security firm Qualys, warned that it is more important than ever for organisations to be aware of the applications they run and to keep all software up to date.
Oracle Releases Record Number of Security Patches
Oracle released its first quarterly Critical Patch Update of 2016. The update consists of 248 updates and provides fixes for E-business suite, Java SE and Database Server, and includes a number of critical updates to reduce the risk of attack.
Adobe, Microsoft Push Reader, Windows Fixes
Microsoft and Adobe releases patches for Patch Tuesday January 2016, and Microsoft announced the retirement of several versions of Internet Explorer.
Microsoft Silverlight patch might be a Hacking Team zero day
A Microsoft Silverlight patch becomes more important as researchers claim it may be a Hacking Team zero day that has been known for years.
Evil OpenSSH servers can steal your private login keys to other systems – patch now
Malicious OpenSSH servers can silently steal people's private SSH keys as they try to login, it emerged today, according to analysis released by Qualys.
Bug that can leak crypto keys just fixed in widely used OpenSSH
A critical bug that can leak secret cryptographic keys has just just been fixed in OpenSSH, one of the more widely used implementations of the secure shell (SSH) protocol.
Top Survival Tips For IE End-Of-Life
If an immediate upgrade to the latest version is not an option for all your machines running Internet Explorer, here's how to mitigate your risk.
How Will ITSM Play its Part Fighting the IT Security Threat?
How threats of terrorism have changed the IT landscape making IT security no longer just a business integrity issue, but also a political issue.
