See Resources

USA Media Coverage


Cloud Consortium Releases Security Compliance Tools

Free governance, risk management, and compliance stack from the Cloud Security Alliance aims for data-handling and security transparency.

Does Apple's Java Move Mean a Less Secure Mac?

Security experts are split over whether Apple's decision to hand over Java to an Oracle-backed open-source project is a good deal for Mac users.

Rsam, Qualys Partner to Improve GRC Compliance

Announcing the integration of QualysGuard Policy Compliance and the Rsam GRC Platfrom

5 Tools for Browser Security Testing

A secure browser is often the first line of defense for a company’s network security. Here are some tools that can help find and fix security holes.

Patch Management Should Be Core to Operations

SC World Congress panel discusses importance of a robust patch management program

Microsoft November Patch Tuesday Bottom Line

Amol Sarwate, Qualys' vulnerability labs manager, discusses this month's Patch Tuesday release.

Rsam and Qualys Partner to Tightly Integrate Rsam GRC with QualysGuard Policy Compliance

New integration helps customers identify and measure policy compliance within the context of the GRC Framework

Microsoft Patches Office, but IE Zero-Day Still in the Wild

Patch Tuesday is light, but Internet Explorer still at risk

IE Bug Fix Not Included in Light Patch Tuesday

Only one 'critical' patch – for Office for Windows

IE Zero-Day Doesn't Make the Cut for Patch Tuesday

Microsoft published its advanced notification for next week's Patch Tuesday

Patch Tuesday Heads-up: Critical MS Office Security Holes

After last month's record-breaking security patch release, Microsoft is offering a November respite.

Microsoft Patch Load Lightens for November

After two straight gargantuan rollouts, IT pros are getting a break with November's patch load.

SSL Vulnerabilities: Trusted SSL Certificate Generation for Enterprises

State of SSL and SSL vulnerabilities and attacks

PCI Scanning for External IP Addresses with QualysGuard PCI

A test drive of QualysGuard PCI

Will PCI-DSS 2.0 Security Advance the Cloud?

The new PCI DSS version 2.0 specifications debuted this week

What's New in PCI v2.0 for Vulnerability Management

Qualys director of engineering describes key changes and deadlines for the new standard.

Social Network Privacy to Java Attacks: The Week in Security

A recap of the week's security news follows privacy flaps affecting Facebook and MySpace as well as the growth of attacks on Java.

Nearly Half of All Systems Running Java Are Vulnerable to Attack

Data from Qualys paints a picture of a rather large attack surface

QualysGuard Offers Web Service for PCI Compliance Scans

QualysGuard PCI verifies compliance to help protect servers and outward-facing applications from hackers

Users Neglect Java Patches, Leave Attack Door Wide Open

Security expert suggests Oracle distribute Java fixes on Microsoft's update service

Accelerate Patching Progress in the Enterprise

Qualys CTO's presentation at RSA Europe on accelerating patching in the enterprise

A Fortress in the Cloud: Keeping Data Safe on 3rd-Party Servers

Understanding the security issues of cloud computing to keep data safe in the cloud

Qualys Adds Two-Factor Authentication to Service

Qualys is now providing two-factor authentication technology to its vulnerability management service customers for free.

Qualys Adds to Its SaaS Offerings Two-Factor Authentication Powered by VeriSign

Qualys will offer two-factor, or strong authentication, at no extra charge to its customers worldwide.

Microsoft Releases Its Biggest Security Fix

Microsoft Corp. has released its greatest update related to security features

Qualys Browser Check

Mary's Antivirus Security Software Blog highlights free BrowserCheck service from Qualys

Microsoft Releases Biggest-Ever Security Fix

Microsoft instigated its biggest-ever security fix

Oracle Plugs Java for Drive-by Downloads with October CPU

Oracle is out this week with its quarterly Critical Patch Update (CPU) fixing software vulnerabilities across its database, middleware, Siebel, PeopleSoft and Sun product groups.

Microsoft Issues Patches for a Record 49 Security Holes

Microsoft Tuesday issued its largest ever batch of security patches

Microsoft Patches Third Stuxnet Vulnerability; Critical Bugs Affect IE and Windows

Microsoft delivers record Patch Tuesday with 16 updates for 49 vulnerabilities.

Microsoft Patches 49 Security Vulnerabilities in Massive Release

Microsoft released 16 security bulletins Tuesday to repair 49 security vulnerabilities, including four critical ones, in a record-setting patch release.

Microsoft Issues Its Biggest-Ever Security Fix

Microsoft Corp issued its biggest-ever security fix, including repairs to its ubiquitous Windows operating system and Internet browser for flaws that could let hackers take control of a PC.

Patching Challenges and Techniques

Qualys CTO discusses Microsoft security bulletins, patching difficulties in general, patching tools and techniques as well as Adobe Reader and Flash.

Large Scale Study of SSL Configurations

In this podcast, Ivan Ristic talks about the Qualys SSL Labs Internet-wide SSL survey and their recent release of the raw data from the survey.

Nemean Networks Sold to California Company

Nemean Networks, a Madison software development company created as a result of UW-Madison research, has been purchased by Qualys.

Qualys Buys Nemean Networks for Behavoir-Aware Malware Detection

The acquisition expands Qualys’ IDS signatures and increases its threat data.

Security Firm Qualys Goes Shopping

Qualys to expand its research capabilities further into intrusion and malware detection

Madison's Nemean Networks Bought by Qualys

Madison developer of malware detection and computer security software, has been acquired by Qualys

Qualys Acquires Nemean Networks

Qualys announced the acquisition of Nemean Networks,completed on August 31, 2010

Web Apps and Governments Are Most Cyber-Attacked in 2010

Cyber-criminals are still looking for networks to infiltrate and information to take, but according to new research, Web applications are increasingly being targeted.

Qualys Partners with Cyber-Ark to Integrate Identity Management with Scanning Technology

Qualys has announced the integration of its QualysGuard technology with Cyber-Ark's Privileged Identity Management (PIM) Suite.

Stuxnet Compromise at Iranian Nuclear Plant May Be By Design

A worm that targets controls used at Iranian nuclear facilities is driving speculation that the US targeted Iran

Microsoft Releases Emergency ASP.NET Patch to Block Attacks

Microsoft pushed out an out-of-band patch to address a security issue with ASP.NET that has come under attack.

Microsoft Releases Patch for

Microsoft released an "important" patch to address an information disclosure security vulnerability associated with ASP.NET systems.

Second Qualys Annual Report Shows Increasing Hacker Sophistication

Research just released by cloud security specialist Qualys, highlights the increasing sophistication of hackers in their cyberattacks

Adobe Reader More Secure After Version 9

But old versions hang on for a long time

Malicious Code that Comes with Release Notes?

New security report shows that’s how sophisticated cybercriminals have become

CSRF Vulnerabilities Rise, Overall Vulnerability Disclosures Dip

Old-school attacks still alive and well, too, report says

With OS's More Secure, Cyber Criminals Target Applications

Online attacks are crimes of opportunity — and plenty of them — according to a new report from SANS, Qualys and HP TippingPoint.

Microsoft Patches New Windows Bug Exploited by Stuxnet

Fixes 11 flaws, reveals that July worm used four zero-days to infect PCs

Defeating Combined Attacks

Is Your SME Prepared for New Cyber Attacks?

MS Preps 9 Bulletins for September Patch Tuesday

Microsoft is planning another busy Patch Tuesday this month.

Microsoft to Issue Nine Patches, Four for "Critical" Bugs

Microsoft is planning to release nine patches on Tuesday to plug 13 holes as part of the software giant's monthly security update.

Microsoft Plans Windows Security Fixes for Patch Tuesday

Microsoft is planning to release nine security bulletins next week to cover 13 vulnerabilities.

Digital Arms Dealer

NSS Labs has a plan to secure the Internet: Build a Nasdaq for hackers.

Snort Creator Remains Guiding Force Behind Network Detection System

Q&A with Sourcefire's Martin Roesch about upcoming changes to the backbone of Snort's engine and closer integration with QualysGuard

Intel/McAfee Deal Signals Growing Appeal for Online Security Sector

Observers are still talking about the deal and what it means for the security industry overall.

Microsoft Confirms Windows DLL Hijacking Vulnerabilities

Proof-of-concept code for the remote execution attack hits the wild; numerous applications at risk.

Microsoft Confirms Windows DLL Hijacking Vulnerabilities

Proof-of-concept code for the remote execution attack hits the wild; numerous applications at risk.

Adobe Patches Zero Day Vulnerabilities

Out-of-cycle updates fix bugs in Reader and Acrobat affecting Windows, Mac, and Unix.

McAfee Rivals Respond to Intel Acquisition

McAfee competitors weigh in with insight and opinion regarding the Intel acquisition.

Free Software Tools Can Add to Your Anti-Virus Protection

There are new software tools that can help you clean up and repel the latest cyberattacks.

The State of SSL on the Web: Qualys' Ivan Ristic Discusses the Good and the Bad

Video interview on Ristic's Black Hat 2010 talk, including research findings into the state of SSL

PCI Council Outlines Proposed Changes

The PCI Security Standards Council's proposed revisions for PCI DSS include additional guidance and clarifications to existing requirements in areas such as data discovery and virtualization.

Patch Tuesday Packs in Solutions to 34 Serious Microsoft Flaws

Yesterday's Patch Tuesday update from Microsoft was a packed one

Microsoft: Big Patch Tuesday for IT Administrators

Microsoft issued one of its largest collections of security fixes.

Microsoft Issues Biggest Security Patch Yet

IT administrators have plenty of work to do if they want to close up the holes in their systems.

Microsoft Previews Record-Setting Patch Tuesday

Microsoft will release a record number of patches next week, as part of its monthly Patch Tuesday bug-busting cycle.

Prepare for Record Patch Tuesday

Next Tuesday Microsoft will unleash 14 new security bulletins, addressing a record-tying 34 vulnerabilities.

Microsoft Slates Record-Setting Monster Patch Tuesday Next Week

14 updates, 8 critical, will quash 34 bugs in Windows, Office, IE, Silverlight

Microsoft to Issue Record Number of Patches

Microsoft will issue 14 security bulletins on Tuesday to plug 34 holes, including eight that are critical, in Windows, Office, Internet Explorer, SQL and Silverlight

Microsoft Issues Out-of-Band Patch for Windows Shortcut Flaw

Microsoft on Monday issued a "critical" out-of-band patch for its previously disclosed Windows Shell vulnerability.

Microsoft Issues Emergency Patch for Million Dollar Windows Flaw

Microsoft today rushed out an emergency patch for Windows Vista and Windows 7 PCs just eight days before its next Patch Tuesday.

Microsoft Rushes Unscheduled Patch for Shortcut Flaw

Microsoft is issuing an out-of-band patch today to address rising attacks against the Windows shortcut vulnerability discovered last month.

Microsoft Releases Patch for Windows Shell Vulnerability

One week before the monthly set of patches from Redmond, Microsoft has issued a patch for the widely covered Windows Shell vulnerability.

Qualys Does More than Complain About Insecure Open Source

Qualys is offering a free, open source tool to help people and companies keep their open source up to date.

Open Source Web Apps Called Often Insecure

Qualys has released a new open source tool, "BlindElephant," which can accurately fingerprint web applications down to version level in order to better manage the security issues which now plague such software.

Most SSL Sites Poorly Configured

Half of all SSL servers run older, insecure version of SSL; attacks against HTTPS browser sessions detailed at Black Hat

Open Source Web Apps Often Insecure, New Tool Discovers

Qualys BlindElephant released new open source tool to accurately fingerprint web applications

SSL Study Shows Most Sites Incorrectly Configured

According to Qualys security researcher Ivan Ristic, most SSL sites are actually misconfigured

Black Hat USA 2010 Preview

Qualys security researcher Ivan Ristic is scheduled to detail the final results of a large study on SSL security validity.

Mobile Threats, SSL Weaknesses, Web Application Bugs at Black Hat

Ivan Ristic of Qualys SSL Labs to present results of his research analyzing SSL use at Black Hat.

Qualys Offers Additional Layer of Security to Consumers

Qualys has released a browser plugin that promises a fast and bloat-free check for security issues.

Free Browser Security Check

The free BrowserCheck add-on from Qualys helps make sure you're not surfing around half-patched.

Free Web Browser and Plug-in Security Service Launched

Cloud security specialist Qualys has launched an interactive and online web browser checking service.

Microsoft Confirms 'Nasty' Windows Zero-Day Bug

But it won't patch the vulnerability for Windows XP SP2 or Windows 2000

Black Hat 2010: Study Tests SSL Protocol Use, Finds SSL Errors

Q&A with Qualys Director of Engineering Ivan Ristic about SSL Labs research

Microsoft Plugs Critical Windows, Office Holes

Microsoft issued four security bulletins on Tuesday to fix five holes in Windows and Office

One Final Patch for Windows XP Service Pack 2 Before It Reaches End-of-Life

Last XP SP2 patch prevents remote code executions

Microsoft Windows XP Service Pack 2 Updates to Stop This Week

Hundreds of millions of PCs worldwide, including tens of millions in the U.S., are instantly becoming riper targets for hackers.

Microsoft to Patch Google Engineer's Zero-Day Next Week

Sped up patch job originally slated for August release

Poor SSL Set-Up Can Kill e-Commerce

Black Hat talk to show how poor SSL implementation can hurt online business

'BlindElephant' to ID Outdated or Unknown Web Apps, Plus-Ins

Qualys researcher to demonstrate new tool and discuss findings at Black Hat.

SSL Certificates in Use Today Aren't All Valid

Security research firm Qualys is attempting to paint a detailed picture of SSL deployments with a new, still under-development study

Microsoft Patching Tamed by Qualys Tool

Qualys has added a new reporting feature to its vulnerability management service that helps IT staff work out which Microsoft patches to apply and in what order.

Patch Management Enhancement Tools and Best Practices

For systems administrators, it is tough to find much appreciation for patch management. Unfortunately, this necessary evil has to be done. IT pro Rick Vanover shares a few tips on patch management.

Microsoft Leaves Some Office XP Users Patchless

Microsoft skips fix for flaw in nine-year old suite, but patches Office 2003, 2007.

Microsoft Finally Fixes Pwn2Own Browser Flaw

The Microsoft Patch Tuesday train rolled into town today, dropping off a massive 10 security bulletins with fixes for at least 34 documented vulnerabilities.

SP1 Coming Soon to a Windows 7 PC Near You

Microsoft revealed at TechEd that it is working on SP1 for Windows 7.

Microsoft to Fix 34 Holes in Windows, Office, IE

Qualys CTO says this month's Patch Tuesday will keep systems admins busy.

Would Google's Windows Exodus Make the World More or Less Secure?

How big a role does choice of OS play in the big picture of a corporation's data security?

Windows XP, The Operating System That Just Won't Die

Windows XP is in its tenth year and still large numbers of businesses stick by a service pack that became obsolete over two years ago.

Microsoft Rushes to Patch Zero-Day IE Hole on Tuesday

Qualys CTO Wolfgang Kandek discusses Microsoft's emergency update and the need to patch as quickly as possible if you are still using IE6 or IE7.

Free Website Malware Detection Service

In this video, Qualys CTO Wolfgang Kandek discusses how QualysGuard Malware Detection works to keep web sites malware-free.

RSA Roundup: 7 New Channel Friendly Security Services

The new Qualys GO Secure service puts web sites through their paces by scanning for malware and vulnerabilities, as well as SSL certification validation.

Security in the Computing Cloud a Top Concern

Cloud computing, the role of government in securing cyberspace and a growing concern over the potential for cyber-warfare dominated conversations at this year's RSA conference.

Psst, Mister, Scan Your Site for Malware - For Free

Qualys, the 10-year-old SaaS security pioneer, has started offering to scan web sites for free looking for malware.

Experts Laud IPS Virtual Patching, but Warn Against Misuse

Security pros at RSA discuss virtual patching as a fix for network vulnerabilities.

Qualys Offers Free Malware Testing Service

Free offer is designed to highlight managed services capabilities.

Qualys to Offer Free Domain Scanning and Security Assurance Seals

The first item that will be sure to grab some attention on the conference floor this week at RSA is Qualys' new GO SECURE offering.

Cyber Defenders of the World Unite

As instances of cyber attacks continue to grow more prevalent, cyber warriors and national security officials are gathering in California to examine methods to enhance cyber defenses.

Qualys Launches Cloud-Based Scanner to Detect Drive-by Malware on Your Site

Qualys is launching two new services today - Qualys Guard Malware Detection and Qualys Go Secure - to detect drive-by malware.

Free Service Keeps Your Web Site Healthy

Now in beta, QualysGuard Malware Detection scans any web site for malware and reports in detail when any threats are found. If your family or small business web site gets hacked Qualys will sound the alarm.

Email or call us at +1 800 745 4355 or try our Global Contacts
Subscription Packages
Qualys Solutions
Qualys Community
Free Trial & Tools
Popular Topics