PCI Compliance Thoughts for the New Year
With the new year around the corner, it's not too early for businesses to begin lining their compliance initiatives up with the new PCI 2.0 rules.
Microsoft Repairs Critical Explorer Flaws, Stuxnet Malware Vulnerability
Microsoft issued a record 17 security bulletins
Microsoft Patch Tuesday: The Bottom Line
Guest Editorial by Wolfgang Kandek
The Cloud Gets PCI Compliant
Amazon has announced that its EC2 service is now PCI-DSS 2.0 compliant
2011 Prediction: Qualys
Qualys CSO Randy Barr talks about what he expects in 2011 for cloud computing and security.
Bah Humbug! Microsoft Plays Scrooge with Record Patch Tuesday
Next Tuesday is the final Patch Tuesday of the year for Microsoft, and apparently we're going to close 2010 with a bang.
Microsoft to Patch 40 Vulnerabilities
Security update will close the last known Stuxnet vulnerability, but won't address a zero-day bug reported Thursday in Internet Explorer.
Keeping Your Computer Secure
As a guest on Craig Crossman's Computer America radio show, Qualys CTO Wolfgang Kandek gives tips on how to keep your computer safe as you shop online and web surf.
Microsoft Patch Tuesday to End Year with Massive Update
Microsoft is prepping 17 security bulletins for release next week
Cloud Consortium Releases Security Compliance Tools
Free governance, risk management, and compliance stack from the Cloud Security Alliance aims for data-handling and security transparency.
Does Apple's Java Move Mean a Less Secure Mac?
Security experts are split over whether Apple's decision to hand over Java to an Oracle-backed open-source project is a good deal for Mac users.
Rsam, Qualys Partner to Improve GRC Compliance
Announcing the integration of QualysGuard Policy Compliance and the Rsam GRC Platfrom
5 Tools for Browser Security Testing
A secure browser is often the first line of defense for a company’s network security. Here are some tools that can help find and fix security holes.
Patch Management Should Be Core to Operations
SC World Congress panel discusses importance of a robust patch management program
Microsoft November Patch Tuesday Bottom Line
Amol Sarwate, Qualys' vulnerability labs manager, discusses this month's Patch Tuesday release.
Rsam and Qualys Partner to Tightly Integrate Rsam GRC with QualysGuard Policy Compliance
New integration helps customers identify and measure policy compliance within the context of the GRC Framework
Microsoft Patches Office, but IE Zero-Day Still in the Wild
Patch Tuesday is light, but Internet Explorer still at risk
IE Bug Fix Not Included in Light Patch Tuesday
Only one 'critical' patch – for Office for Windows
IE Zero-Day Doesn't Make the Cut for Patch Tuesday
Microsoft published its advanced notification for next week's Patch Tuesday
Patch Tuesday Heads-up: Critical MS Office Security Holes
After last month's record-breaking security patch release, Microsoft is offering a November respite.
Microsoft Patch Load Lightens for November
After two straight gargantuan rollouts, IT pros are getting a break with November's patch load.
SSL Vulnerabilities: Trusted SSL Certificate Generation for Enterprises
State of SSL and SSL vulnerabilities and attacks
PCI Scanning for External IP Addresses with QualysGuard PCI
A test drive of QualysGuard PCI
What's New in PCI v2.0 for Vulnerability Management
Qualys director of engineering describes key changes and deadlines for the new standard.
Will PCI-DSS 2.0 Security Advance the Cloud?
The new PCI DSS version 2.0 specifications debuted this week
Social Network Privacy to Java Attacks: The Week in Security
A recap of the week's security news follows privacy flaps affecting Facebook and MySpace as well as the growth of attacks on Java.
Nearly Half of All Systems Running Java Are Vulnerable to Attack
Data from Qualys paints a picture of a rather large attack surface
Users Neglect Java Patches, Leave Attack Door Wide Open
Security expert suggests Oracle distribute Java fixes on Microsoft's update service
QualysGuard Offers Web Service for PCI Compliance Scans
QualysGuard PCI verifies compliance to help protect servers and outward-facing applications from hackers
Accelerate Patching Progress in the Enterprise
Qualys CTO's presentation at RSA Europe on accelerating patching in the enterprise
A Fortress in the Cloud: Keeping Data Safe on 3rd-Party Servers
Understanding the security issues of cloud computing to keep data safe in the cloud
Qualys Adds Two-Factor Authentication to Service
Qualys is now providing two-factor authentication technology to its vulnerability management service customers for free.
Qualys Adds to Its SaaS Offerings Two-Factor Authentication Powered by VeriSign
Qualys will offer two-factor, or strong authentication, at no extra charge to its customers worldwide.
Microsoft Releases Its Biggest Security Fix
Microsoft Corp. has released its greatest update related to security features
Qualys Browser Check
Mary's Antivirus Security Software Blog highlights free BrowserCheck service from Qualys
Microsoft Releases Biggest-Ever Security Fix
Microsoft instigated its biggest-ever security fix
Microsoft Issues Patches for a Record 49 Security Holes
Microsoft Tuesday issued its largest ever batch of security patches
Oracle Plugs Java for Drive-by Downloads with October CPU
Oracle is out this week with its quarterly Critical Patch Update (CPU) fixing software vulnerabilities across its database, middleware, Siebel, PeopleSoft and Sun product groups.
Microsoft Patches Third Stuxnet Vulnerability; Critical Bugs Affect IE and Windows
Microsoft delivers record Patch Tuesday with 16 updates for 49 vulnerabilities.
Microsoft Patches 49 Security Vulnerabilities in Massive Release
Microsoft released 16 security bulletins Tuesday to repair 49 security vulnerabilities, including four critical ones, in a record-setting patch release.
Patching Challenges and Techniques
Qualys CTO discusses Microsoft security bulletins, patching difficulties in general, patching tools and techniques as well as Adobe Reader and Flash.
Microsoft Issues Its Biggest-Ever Security Fix
Microsoft Corp issued its biggest-ever security fix, including repairs to its ubiquitous Windows operating system and Internet browser for flaws that could let hackers take control of a PC.
Large Scale Study of SSL Configurations
In this podcast, Ivan Ristic talks about the Qualys SSL Labs Internet-wide SSL survey and their recent release of the raw data from the survey.
Nemean Networks Sold to California Company
Nemean Networks, a Madison software development company created as a result of UW-Madison research, has been purchased by Qualys.
Qualys Buys Nemean Networks for Behavoir-Aware Malware Detection
The acquisition expands Qualys’ IDS signatures and increases its threat data.
Madison's Nemean Networks Bought by Qualys
Madison developer of malware detection and computer security software, has been acquired by Qualys
Security Firm Qualys Goes Shopping
Qualys to expand its research capabilities further into intrusion and malware detection
Qualys Acquires Nemean Networks
Qualys announced the acquisition of Nemean Networks,completed on August 31, 2010
Qualys Partners with Cyber-Ark to Integrate Identity Management with Scanning Technology
Qualys has announced the integration of its QualysGuard technology with Cyber-Ark's Privileged Identity Management (PIM) Suite.
Web Apps and Governments Are Most Cyber-Attacked in 2010
Cyber-criminals are still looking for networks to infiltrate and information to take, but according to new research, Web applications are increasingly being targeted.
Microsoft Releases Emergency ASP.NET Patch to Block Attacks
Microsoft pushed out an out-of-band patch to address a security issue with ASP.NET that has come under attack.
Microsoft Releases Patch for ASP.net
Microsoft released an "important" patch to address an information disclosure security vulnerability associated with ASP.NET systems.
Stuxnet Compromise at Iranian Nuclear Plant May Be By Design
A worm that targets controls used at Iranian nuclear facilities is driving speculation that the US targeted Iran
Second Qualys Annual Report Shows Increasing Hacker Sophistication
Research just released by cloud security specialist Qualys, highlights the increasing sophistication of hackers in their cyberattacks
Adobe Reader More Secure After Version 9
But old versions hang on for a long time
Malicious Code that Comes with Release Notes?
New security report shows that’s how sophisticated cybercriminals have become
CSRF Vulnerabilities Rise, Overall Vulnerability Disclosures Dip
Old-school attacks still alive and well, too, report says
With OS's More Secure, Cyber Criminals Target Applications
Online attacks are crimes of opportunity — and plenty of them — according to a new report from SANS, Qualys and HP TippingPoint.
Microsoft Patches New Windows Bug Exploited by Stuxnet
Fixes 11 flaws, reveals that July worm used four zero-days to infect PCs
Defeating Combined Attacks
Is Your SME Prepared for New Cyber Attacks?
MS Preps 9 Bulletins for September Patch Tuesday
Microsoft is planning another busy Patch Tuesday this month.
Microsoft Plans Windows Security Fixes for Patch Tuesday
Microsoft is planning to release nine security bulletins next week to cover 13 vulnerabilities.
Microsoft to Issue Nine Patches, Four for "Critical" Bugs
Microsoft is planning to release nine patches on Tuesday to plug 13 holes as part of the software giant's monthly security update.
Digital Arms Dealer
NSS Labs has a plan to secure the Internet: Build a Nasdaq for hackers.
Snort Creator Remains Guiding Force Behind Network Detection System
Q&A with Sourcefire's Martin Roesch about upcoming changes to the backbone of Snort's engine and closer integration with QualysGuard
Intel/McAfee Deal Signals Growing Appeal for Online Security Sector
Observers are still talking about the deal and what it means for the security industry overall.
Microsoft Confirms Windows DLL Hijacking Vulnerabilities
Proof-of-concept code for the remote execution attack hits the wild; numerous applications at risk.
Microsoft Confirms Windows DLL Hijacking Vulnerabilities
Proof-of-concept code for the remote execution attack hits the wild; numerous applications at risk.
Adobe Patches Zero Day Vulnerabilities
Out-of-cycle updates fix bugs in Reader and Acrobat affecting Windows, Mac, and Unix.
McAfee Rivals Respond to Intel Acquisition
McAfee competitors weigh in with insight and opinion regarding the Intel acquisition.
Free Software Tools Can Add to Your Anti-Virus Protection
There are new software tools that can help you clean up and repel the latest cyberattacks.
The State of SSL on the Web: Qualys' Ivan Ristic Discusses the Good and the Bad
Video interview on Ristic's Black Hat 2010 talk, including research findings into the state of SSL
PCI Council Outlines Proposed Changes
The PCI Security Standards Council's proposed revisions for PCI DSS include additional guidance and clarifications to existing requirements in areas such as data discovery and virtualization.
Patch Tuesday Packs in Solutions to 34 Serious Microsoft Flaws
Yesterday's Patch Tuesday update from Microsoft was a packed one
Microsoft Issues Biggest Security Patch Yet
IT administrators have plenty of work to do if they want to close up the holes in their systems.
Microsoft: Big Patch Tuesday for IT Administrators
Microsoft issued one of its largest collections of security fixes.
Prepare for Record Patch Tuesday
Next Tuesday Microsoft will unleash 14 new security bulletins, addressing a record-tying 34 vulnerabilities.
Microsoft Previews Record-Setting Patch Tuesday
Microsoft will release a record number of patches next week, as part of its monthly Patch Tuesday bug-busting cycle.
Microsoft to Issue Record Number of Patches
Microsoft will issue 14 security bulletins on Tuesday to plug 34 holes, including eight that are critical, in Windows, Office, Internet Explorer, SQL and Silverlight
Microsoft Slates Record-Setting Monster Patch Tuesday Next Week
14 updates, 8 critical, will quash 34 bugs in Windows, Office, IE, Silverlight
Qualys Does More than Complain About Insecure Open Source
Qualys is offering a free, open source tool to help people and companies keep their open source up to date.
Microsoft Issues Out-of-Band Patch for Windows Shortcut Flaw
Microsoft on Monday issued a "critical" out-of-band patch for its previously disclosed Windows Shell vulnerability.
Microsoft Issues Emergency Patch for Million Dollar Windows Flaw
Microsoft today rushed out an emergency patch for Windows Vista and Windows 7 PCs just eight days before its next Patch Tuesday.
Microsoft Rushes Unscheduled Patch for Shortcut Flaw
Microsoft is issuing an out-of-band patch today to address rising attacks against the Windows shortcut vulnerability discovered last month.
Microsoft Releases Patch for Windows Shell Vulnerability
One week before the monthly set of patches from Redmond, Microsoft has issued a patch for the widely covered Windows Shell vulnerability.
Open Source Web Apps Called Often Insecure
Qualys has released a new open source tool, "BlindElephant," which can accurately fingerprint web applications down to version level in order to better manage the security issues which now plague such software.
Most SSL Sites Poorly Configured
Half of all SSL servers run older, insecure version of SSL; attacks against HTTPS browser sessions detailed at Black Hat
Open Source Web Apps Often Insecure, New Tool Discovers
Qualys BlindElephant released new open source tool to accurately fingerprint web applications
SSL Study Shows Most Sites Incorrectly Configured
According to Qualys security researcher Ivan Ristic, most SSL sites are actually misconfigured
Black Hat USA 2010 Preview
Qualys security researcher Ivan Ristic is scheduled to detail the final results of a large study on SSL security validity.
Mobile Threats, SSL Weaknesses, Web Application Bugs at Black Hat
Ivan Ristic of Qualys SSL Labs to present results of his research analyzing SSL use at Black Hat.
Qualys Offers Additional Layer of Security to Consumers
Qualys has released a browser plugin that promises a fast and bloat-free check for security issues.
Free Browser Security Check
The free BrowserCheck add-on from Qualys helps make sure you're not surfing around half-patched.
Free Web Browser and Plug-in Security Service Launched
Cloud security specialist Qualys has launched an interactive and online web browser checking service.
Microsoft Confirms 'Nasty' Windows Zero-Day Bug
But it won't patch the vulnerability for Windows XP SP2 or Windows 2000
Black Hat 2010: Study Tests SSL Protocol Use, Finds SSL Errors
Q&A with Qualys Director of Engineering Ivan Ristic about SSL Labs research
Microsoft Plugs Critical Windows, Office Holes
Microsoft issued four security bulletins on Tuesday to fix five holes in Windows and Office
One Final Patch for Windows XP Service Pack 2 Before It Reaches End-of-Life
Last XP SP2 patch prevents remote code executions
Microsoft Windows XP Service Pack 2 Updates to Stop This Week
Hundreds of millions of PCs worldwide, including tens of millions in the U.S., are instantly becoming riper targets for hackers.
Microsoft to Patch Google Engineer's Zero-Day Next Week
Sped up patch job originally slated for August release
Poor SSL Set-Up Can Kill e-Commerce
Black Hat talk to show how poor SSL implementation can hurt online business
'BlindElephant' to ID Outdated or Unknown Web Apps, Plus-Ins
Qualys researcher to demonstrate new tool and discuss findings at Black Hat.
SSL Certificates in Use Today Aren't All Valid
Security research firm Qualys is attempting to paint a detailed picture of SSL deployments with a new, still under-development study
Microsoft Patching Tamed by Qualys Tool
Qualys has added a new reporting feature to its vulnerability management service that helps IT staff work out which Microsoft patches to apply and in what order.
Patch Management Enhancement Tools and Best Practices
For systems administrators, it is tough to find much appreciation for patch management. Unfortunately, this necessary evil has to be done. IT pro Rick Vanover shares a few tips on patch management.
Microsoft Leaves Some Office XP Users Patchless
Microsoft skips fix for flaw in nine-year old suite, but patches Office 2003, 2007.
Microsoft Finally Fixes Pwn2Own Browser Flaw
The Microsoft Patch Tuesday train rolled into town today, dropping off a massive 10 security bulletins with fixes for at least 34 documented vulnerabilities.
SP1 Coming Soon to a Windows 7 PC Near You
Microsoft revealed at TechEd that it is working on SP1 for Windows 7.
Microsoft to Fix 34 Holes in Windows, Office, IE
Qualys CTO says this month's Patch Tuesday will keep systems admins busy.
Windows XP, The Operating System That Just Won't Die
Windows XP is in its tenth year and still large numbers of businesses stick by a service pack that became obsolete over two years ago.
Would Google's Windows Exodus Make the World More or Less Secure?
How big a role does choice of OS play in the big picture of a corporation's data security?
Windows XP SP2 Retirement Looms, Puts Users in Tough Spot
Qualys CTO discusses current use of Windows XP SP2 and the need to migrate to XP SP3.
Microsoft to Stop Security Updates for Windows XP Service Pack 2
Qualys discusses the impact of having no more security updates for this older operating system.
Microsoft Issues Two Critical Fixes for Windows
Security experts from Qualys discuss the need to patch two critical vulnerabilities from today's Microsoft bulletin
Microsoft Repairs Critical Outlook Express, Visual Basic Vulnerabilities
Qualys CTO discusses Microsoft bulletins for May
Online Tools Promote Amateur Sleuthing
Qualys CTO talks about availability of information on the internet.
Microsoft Update Keeps Office Secure, Says Researcher
Qualys Director of Vulnerability Research Richie Lai discusses Microsoft's newest "Security Intelligence Report."
Apple iPad Security: Jury Out
Experts discuss security implications for iPad use in the enterprise.
Logic Flaws and the OWASP Top 10
Qualys Security Researcher Mike Shema discusses the OWASP Top 10.
Microsoft Fixes Critical Drive-by Media Handling Flaws
Qualys CTO discusses how flaws enable a savvy attacker to trick the verification and impersonate a legitimate signature signed by a software vendor.
Adobe, Oracle Plug Over 60 Security Vulnerabilities in Updates
Qualys CTO talks about the importance of using the latest versions of software.
iPad Security for the Enterprise Still Subject to Debate
Qualys CTO Wolfgang Kandek discusses iPad enterprise readiness.
1-in-10 Windows PCs Still Vulnerable to Conficker Worm
New data from Qualys shows that about 10% of the hundreds of thousands of Windows systems it monitors for customers have not yet applied Microsoft's MS08-067 security update.
Guest Q&A with Philippe Courtot
Gary Orenstein discusses industry news with Qualys Chairman and CEO Philippe Courtot
Microsoft Rushes to Patch Zero-Day IE Hole on Tuesday
Qualys CTO Wolfgang Kandek discusses Microsoft's emergency update and the need to patch as quickly as possible if you are still using IE6 or IE7.
Free Website Malware Detection Service
In this video, Qualys CTO Wolfgang Kandek discusses how QualysGuard Malware Detection works to keep web sites malware-free.
RSA Roundup: 7 New Channel Friendly Security Services
The new Qualys GO Secure service puts web sites through their paces by scanning for malware and vulnerabilities, as well as SSL certification validation.
Security in the Computing Cloud a Top Concern
Cloud computing, the role of government in securing cyberspace and a growing concern over the potential for cyber-warfare dominated conversations at this year's RSA conference.
Psst, Mister, Scan Your Site for Malware - For Free
Qualys, the 10-year-old SaaS security pioneer, has started offering to scan web sites for free looking for malware.
Experts Laud IPS Virtual Patching, but Warn Against Misuse
Security pros at RSA discuss virtual patching as a fix for network vulnerabilities.
Qualys Offers Free Malware Testing Service
Free offer is designed to highlight managed services capabilities.
Qualys to Offer Free Domain Scanning and Security Assurance Seals
The first item that will be sure to grab some attention on the conference floor this week at RSA is Qualys' new GO SECURE offering.
Cyber Defenders of the World Unite
As instances of cyber attacks continue to grow more prevalent, cyber warriors and national security officials are gathering in California to examine methods to enhance cyber defenses.
Qualys Launches Cloud-Based Scanner to Detect Drive-by Malware on Your Site
Qualys is launching two new services today - Qualys Guard Malware Detection and Qualys Go Secure - to detect drive-by malware.
Free Service Keeps Your Web Site Healthy
Now in beta, QualysGuard Malware Detection scans any web site for malware and reports in detail when any threats are found. If your family or small business web site gets hacked Qualys will sound the alarm.
Qualys Intros Cloud-Based Software for FDCC Compliance
Qualys has introduced the QualysGuard FDCC module, cloud-based software designed to help federal agencies comply with the Federal Desktop Core Configuration.
20 Coolest Cloud Security Vendors
ChannelWeb's list of security vendors helping to foster the SaaS phenomenon and drive it forward in 2010.
Google-Style Cyberattack Found on Chinese Government Site
Microsoft Security Bulletin Coming Thursday for IE Zero-Day
Qualys Director of Vulnerability Research Richie Lai discusses the zero-day exploit at the heart of the China attacks on Google.
Why Is Internet Explorer 6 Still Hanging Around
Recent attacks raise the question of why major enterprises are still using a browser now eight years and two generations old.
Adobe Update Trumps Microsoft's Lone Fix in Patch Frenzy
Qualys CTO discusses how administrators should focus on updating Adobe Reader and Acrobat.
Qualys Updates PCI Compliance Tool
The solution offers approved scanning to give channel partners visibility into customer environments and practices so partners can better recommend mitigations that would improve compliance with PCI and also overall security.
Adobe Reader's Patch Tuesday
Qualys CTO discusses how at next week's Patch Tuesday, we will get a critical update for Adobe Reader from Adobe Systems.