See Resources

USA Media Coverage


WiFi, DDoS Vulnerabilities, Cyber-Attacks Lead Week's Security News

Vulnerabilities in Web application frameworks such as ASP.NET, and a security standard for wireless networks were among the security headlines for the last week of 2011.

Microsoft Ruins Perfect Record with Out-of-Band Patch

It was so close

Microsoft Patches Dangerous Web Flaw in Double Time

Denial of service hole closed

Microsoft Releases MS11-100 for ASP.NET DoS Attack

Microsoft released a security bulletin addressing a flaw in ASP.NET that was disclosed early morning yesterday at the Chaos Communication Congress (CCC) in Berlin.

Windows 8 Gesture Login: Can Screen Smudges Reveal Your Password?

Microsoft is preparing a new way to log in to tablet PCs by letting users perform gestures on the screen instead of typing in letters and numbers

2012: Security Predictions for the Future of Mobile, Cloud, Attacks, Data Loss and Big Data

Security Holes In Software Decreased This Year, Early Data Shows

The number of vulnerabilities disclosed to the public fell in 2011, as did the proportion of flaws that were exploited. Is secure development paying off?

App Internet and Mobile Devices to Dive Massive Technology Demands in 2012

The rise of the "app internet" -- in which users' PCs, smartphones and tablets run the business applications - will drive completely different demands from technology next year.

Microsoft Internet Explorer Will Update Automatically in 2012

Microsoft will no longer wait for users to do the secure thing and manually upgrade their Web browsers.

Silent Updating for Internet Explorer

Microsoft announced that in 2012 Internet Explorer will be updated "silently" to its newest possible version.

Auto Updates Nudge IE Users Into the Present

Micrsoft's new plan to institute automatic updates for Internet Explorer could finally pull certain users of extremely outdated version into the here and now.

IBahn, Supplier of Hotel Internet Services, Denies Breach

iBahn, a provider of internet services to some 3,000 hotels worldwide, denied on Thursday a news report that its network was breached by hackers.

Microsoft to Begin Silently Updating IE in 2012

Coming next month, Internet Explorer (IE) users will no longer have to manually upgrade their web browser.

5 Tips for Keeping Your Website and Customer Data Safe During the Holidays

Five tips for online retailers to help them prevent their websites from being hacked and to keep their customer data safe this holiday season and beyond

Microsoft Gets Silent Upgrade Religion, Will Push IE Auto-Updates

Copies Chrome and follows Firefox to get users onto the newest browser without asking permission

December Patch Tuesday Fixes Duqu Worm

Microsoft has fixed a major vulnerability exploited by the nasty Duqu Worm with its most recent Patch Tuesday series of security updates, which started rolling out yesterday.

No BEAST Fix From Microsoft in December Patch Batch

Google, Adobe join Redmond in festive fix barrage

Microsoft fixes Duqu hole, but not BEAST problem

Microsoft has finally patched a flaw being exploited by the Duqu Trojan, but a fix to protect Internet Explorer users from having their encrypted communications snooped on didn't quite make the cut.

Microsoft Scratches BEAST Patch at Last Minute, but Fixes Duqu Bug

Admits Duqu-like browser-based attacks possible

Microsoft’s 13 Decemeber Security Bulletins

Microsoft released 13 security bulletins

December’s Patch Tuesday is Live, Fixes Three Critical Windows Flaws

December set of Patch Tuesday updates contains a double-digit quantity of security bulletins.

Microsoft Patch Fest Includes Duqu Vulnerability

Security patches next week should address multiple critical vulnerabilities. Adobe will fix a Reader flaw being actively exploited to attack defense firms.

Fourteen Security Bulletins for Microsoft's 'Patch Tuesday'

Microsoft said Thursday that system administrators would have fourteen security bulletins to manage next Tuesday, three of which are critical.

Patch Tuesday Preview for December

Expect 14 security updates from Microsoft Tuesday -- three of them for critical vulnerabilities.

Merry Christmas! Microsoft Plans Massive Patch Tuesday to Close 2011

Microsoft is playing Scrooge this year for any IT admins who were hoping to relax and ride out the rest of the year.

December's Patch Tuesday to Contain a Heavy 14 Bulletins

Today Microsoft released the outline for December’s Patch Tuesday event

Qualys Partners with Multi-State Information Sharing and Analysis Center

Qualys has recently entered a partnership agreement with Multi-State Information Sharing and Analysis Center (MS-ISAC).

QualysGuard Web Application Scanning

Mike Shema, Director of Engineering at Qualys, offers insight into the latest release of QualysGuard WAS.

Qualys Enhances Web Application Scanning Tool, Partners with MS-ISAC

Software-as-a-Service (SaaS) security solutions vendor Qualys, today announced updates to its QualysGuard Web Application Scanning suite, including the ability to integrate with Selenium

RSA Security Lapse Led to March Hack, says Researcher

Exploit targeted Windows XP machines that didn't have DEP switched on

RSA Exploit Victims Likely Used Windows XP

Windows' Data Execution Prevention on Windows 7 would have stopped the SecureID breach, reports Qualys researcher.

Researcher: DEP Would Have Stopped Exploit Used in RSA Breach

Qualys research says EMC RSA phishing victims likely were running Windows XP

Hackers Launch Millions of Java Exploits, Says Microsoft

Hackers continue to launch attacks exploiting vulnerabilities in Oracle's Java software in record numbers, Microsoft said Monday.

Apache Reverse Proxy Flaw Opens Door to Internal Networks

Apache has confirmed the existence of a new reverse proxy vulnerability after it was discovered by Prutha Parikh, a security researcher with Qualys

Criminals Sabotaging Cyber Monday, Security Experts Warn

Fake UPS notices, bogus Groupon coupons, raft of other tactics deployed by bad guys

Apache Server Hit by Reverse Proxy

Dangerous flaw puts internal Web servers at risk, but there is a fix in the works.

Unpatched Apache Reverse Proxy Flaw Allows Access to Internal Network

A yet-to-be-patched flaw discovered in the Apache HTTP server allows attackers to access protected resources on the internal network if some rewrite rules are not defined properly.

Enterprises Struggle to Update Browser Plug-ins

A back door into businesses

Apache Developers Scramble to Fix Proxy Flaw

Admins, Nail Down Your Systems

Free Web Security Tools to Guard Your Business Browser

Using online security measures can be confusing and costly. But there is one easy step you can take right now: Make your browser as secure as possible.

Finance Veteran Don McCauley Guides Qualys' Rapid Growth

Private Company CFO Finalist: Don McCauley, Qualys Inc.

Microsoft to Streamline Windows 8's Patch Process

Tweaks to updating, rebooting of patched PCs will improve security, say experts

Microsoft Patches Critical Windows Bug, But Not Duqu Flaw

Microsoft released a security update to fix one critical and three less serious Windows holes but is still working on a patch for a flaw being exploited by the Duqu Trojan.

Microsoft Releases Four Security Patches, One Critical

Microsoft on Tuesday released four security bulletins as part of its November update, closing the same number of holes and expectedly leaving out a permanent fix for the flaw linked to the Duqu trojan.

Microsoft Patch Snuffs Out Major Worm Potential

Microsoft issued its four expected patches as part of its regular release cycle, including a fix for a potentially serious worm

Light Patch Tuesday Features Four Bulletins

For the November Patch Tuesday, Microsoft released four bulletins that fix vulnerabilities targeting Windows.

Microsoft Details Duqu Workaround

Patch Tuesday next week won't have a fix for the newly discovered zero-day vulnerability, but Microsoft says it will deliver one as soon as it can.

Microsoft to Patch Critical Windows 7 Bug in 'Upside Down' Update Next Week

No sign it will rush emergency update for kernel flaw exploited by Duqu malware

Microsoft Issues Temporary Duqu Workaround

Plans 4 Patch Tuesday fixes

VDI Security Supports Active Protection Strategies

Organizations are embracing virtual desktop infrastructure (VDI) with the expectation of persistent security enhancements

6 Deadly Enterprise Security Mistakes

These small, subtle security mistakes can have big data breach consequences.

Tool Lets Single Laptop Take Down an SSL Server

Yet Another Strike Against SSL Security

Risk I/O Partners with Qualys SaaS Platform

Risk I/O announces its partnership with Qualys

Patch Internet Explorer Now

Security experts are virtually unanimous that patching Internet Explorer should be priority one.

The SSL Certificate Industry Can and Should Be Replaced

Moxie Marlinspike has just the plan to revolutionize SSL certificate security

Your Patch Tuesday Update, October 2011

Microsoft issued eight security bulletins today that include patches for 23 vulnerabilities.

Microsoft’s October 2011 Patch Tuesday Fixes 23 Flaws, Releases SIRv11

Microsoft released eight security bulletins today, patching 23 vulnerabilities across its product line

IE Security Hole Sewn up for Patch Tuesday

Microsoft is planning eight security updates next week – two critical – as part of its regular Patch Tuesday programme.

Critical Updates Coming from Microsoft Next Week

Next Tuesday is a moderate month in terms of patch volume, but the couple that are rated as Critical should be addressed quickly to prevent exploits.

Manulife Outsources VM Scanning

A growing number of organizations are using vulnerability management (VM) solutions to scan their networks for weaknesses and assist with updating and remediation processes.

Facebook Enlists Websense for Neighborhood Watch

Boffins propose an alternative to security certificates

Adobe: Crashing 100 Million Machines Not an Option

Zero-day vulns get 6,000 man-hours of testing

SSL Labs Launches Two Convergence Notaries

Guest blog from Qualys Director of Engineering Ivan Ristic

New SSL Alternative: Support Grows for Convergence

Convergence, Moxie Marlinspike's crowdsourced approach to improving SSL security, wins fans. But Google's still not on board.

Qualys Endorses Alternative to Crappy SSL System

Moxie Marlinspike's Convergence gets show of support

Experts Suggest SSL Changes to Keep BEAST at Bay

Google protected. PayPal? Not so much

Patch Tuesday, Financial Cyber-Crime, APT Lead Week's Security News

A recap of the past week's IT security news features Patch Tuesday updates from Microsoft and Adobe, financial cyber-crime trends and discussions of APTs against enterprises.

Hackers break SSL encryption used by millions of sites

Beware of BEAST decrypting secret PayPal cookies

Microsoft and Adobe Issue Patch Tuesday Updates

Microsoft and Adobe take aim at DigiNotar in latest round of patch updates

Microsoft, Adobe Patch Vulnerabilities

Microsoft patches 15 important vulnerabilities, Adobe update fixes critical Reader and Acrobat vulnerabilities, and multiple vendors block more DigiNotar-related certificates.

Microsoft Fixes Excel, Office Flaws During September Patch Tuesday Update

Microsoft's September Patch Tuesday release had no "critical" patches for the first time in a long time.

Microsoft Fixes Office, Excel Flaws In 'Non-Critical' Patch Tuesday Release

Microsoft (NSDQ:MSFT) issued a modest patch load for its September Patch Tuesday release, but coupled the security bulletin with yet another update blacklisting more fraudulent DigiNotar SSL certificates.

Microsoft, Adobe release scheduled security patches

Microsoft on Tuesday released five security bulletins, along with an update revoking six more DigiNotar certificates, while Adobe issued critical updates for Reader and Acrobat.

Microsoft Patches 15 Flaws, Blacklists Additional DigiNotar Certificates

Microsoft issued five security bulletins for its September 2011 Patch Tuesday, addressing 15 vulnerabilities in Windows and Office.

Microsoft's Full Monty: Five security bulletins, 15 vulnerabilities

Microsoft just pushed out its September security update to address some 15 vulnerabilities in Windows and Office. Here's the full breakdown from Microsoft, followed by additional guidance from security vendors Qualys and Symantec:

Microsoft patches 15 bugs, nukes more SSL certificates

Officially ships security updates four days after leaking detailed info

MS inadvertently offers early peep at September patches

Kimono hastily snatched closed again 'til Tuesday

Microsoft posts security bulletins 4 days early, scrambles to fix mistake

Each month, there is a clearly defined process Microsoft uses to release security patches to fix flaws in Windows and its other products. On a Thursday, Microsoft releases an advance notification, listing the software affected by the upcoming patches and the type of threat fixed ...

Office and Windows fixes star in quiet Patch Tuesday

No criticals for once among the backdoor plugs

Certificate hacks: PKI didn't fail us, humans did

After latest attack, GlobalSign stopped issuing SSL certificates. But the real problem is that few pay attention to warnings anyway

Cloud Control

You want your cloud provider to share security risk. Your provider wants to limit its liability. The result is a negotiation. Here's what CFOs should know to gain the upper hand.

Microsoft Patch Tuesday Update Contains No Critical Fixes

Microsoft (NSDQ:MSFT) is planning to issue a light five patches for its September Patch Tuesday, in a release that doesn’t include any critical updates, according to the company’s advanced notification bulletin Thursday.

Advanced persistent threats call for a reality check

Continued hype surrounding the topic of so-called advanced persistent threats (APTs) is causing alarm and confusion as to what an APT actually is.

Comodo Hacker Takes Credit For Massive DigiNotar Hack

Even as the number of rogue digital certificates skyrockets to more than 500 -- with some spoofing major domains -- overall impact so far has mostly been minimal outside of Iran, experts say

Qualys offers tool to spot server DDoS weaknesses

Security company Qualys is offering a tool admins can use to work out how vulnerable their servers might be to simple but often hard-to-detect a types of DDoS attack that exploit vulnerabilities in the design of HTTP.

Slow HTTP DoS vulnerability test tool

Slow HTTP DoS attacks rely on the fact that the HTTP protocol, by design, requires requests to be completely received by the server before they are processed.

Slow HTTP DoS vulnerability test tool

Slow HTTP DoS attacks rely on the fact that the HTTP protocol, by design, requires requests to be completely received by the server before they are processed.

Researcher To Release Free ‘Slow HTTP Attack’ Tool – Dark Reading

‘Slowhttptest’ could be expanded to test for so-called “ApacheKiller” hack. Slow HTTP attacks can be a lethal form of denial of service to Web servers: they are easy to perform and require minimal computing resources, and they are tough to detect until it’s too late. So a researcher is releasing a new open-source tool he wrote that checks a server’s vulnerability to such an attack.

Researcher To Release Free 'Slow HTTP Attack' Tool

Slow HTTP attacks can be a lethal form of denial of service to Web servers: they are easy to perform and require minimal computing resources, and they are tough to detect until it's too late. So a researcher is releasing a new open-source tool he wrote that checks a server's vulnerability to such an attack

Next generation security as a service

The new UI for the QualysGuard IT Security and Compliance SaaS Suite features interactive dashboards, streamlined workflows, actionable menus and filters with improved visual feedback, making it easier for customers to utilize the comprehensive services in the QualysGuard Suite.

Hackers could reverse-engineer Microsoft patches to create DoS attacks

The security company Qualys this week demonstrated how to reverse-engineer a Microsoft patch in order to launch a denial-of-service attack on Windows DNS Server.

Hackers could reverse-engineer Microsoft patches to create DoS attacks

The security company Qualys this week demonstrated how to reverse-engineer a Microsoft patch in order to launch a denial-of-service attack on Windows DNS Server.

Hackers could reverse-engineer Microsoft patches to create DoS attacks

The security company Qualys this week demonstrated how to reverse-engineer a Microsoft patch in order to launch a denial-of-service attack on Windows DNS Server.

Microsoft patches reverse-engineered to create DoS attack

Security vendor Qualys this week demonstrated how it reverse-engineered a Microsoft (NASDAQ: MSFT) patch to successfully create a denial-of-service attack against a Windows DNS server.

Improper SSL Implementations Leave Websites Wide Open to Attack

Improper configuration is rendering SSL nearly useless as organizations are transmitting sensitive information online without any security. Security researchers are buzzing about the flaws in the Secure Sockets Layer system and the fact that a significant portion of the Internet is vulnerable to attack.

The SSL Implementation Equation

Many SSL servers aren't as secure as you'd think, according to new data from Qualys' SSL Labs. Only about one-fifth of SSL websites actually redirect to SSL for authentication, according to new data released at Black Hat USA last week.

Microsoft Fixes 22 Flaws in August Patch Tuesday

Microsoft released 13 patches addressing issues in the Windows operating system, Internet Explorer, Office and its development tools. - Microsoft released 13 security bulletins addressing 22 unique vulnerabilities for its August Patch Tuesday update.

Microsoft patches Ping of Death bug in Windows

Patch Tuesday also brings Internet Explorer, Office fixes - Microsoft has issued 13 security updates that patched 22 vulnerabilities in Internet Explorer, Windows, Office and other software, including one that harked back two decades to something dubbed "Ping of Death."..

Your Microsoft Patch Tuesday update for August 2011

Qualys - Today Microsoft released 13 security updates, which we are considering a normal workload for the heavier Patch Tuesdays every other month.

Microsoft Security Patch Fixes 20-Year-Old Flaw

Microsoft today issued 13 security updates that patched 22 vulnerabilities in Internet Explorer, Windows, Office and other software, including one that harked back two decades to something dubbed "Ping of Death."

Hefty Microsoft August Patch Delivers 13 Security Fixes

The August patch is a bulky one as Microsoft released 13 fixes today. The two "critical," nine "important" and two "moderate" items are targeted at 22 vulnerabilities.

Microsoft expects Internet Explorer exploits within 30 days

Patch Tuesday features 13 patches for 22 vulnerabilities - Microsoft's monthly patches released today include a critical fix for seven holes in Internet Explorer which, if left unpatched, are considered "likely to see reliable exploits developed within the next 30 days."

Microsoft patches 1990s-era 'Ping of Death'

Also plugs critical holes in IE9, Windows' DNS service in 22-fix collection - Microsoft today issued 13 security updates that patched 22 vulnerabilities in Internet Explorer, Windows, Office and other software, including one that harked back two decades to something dubbed "Ping of Death."

Microsoft releases 13 security bulletins, fixes 22 vulnerabilities

Today Microsoft released 13 security bulletins, two rated Critical, nine Important and two Moderate.

Microsoft Offers $250,000 in BlueHat Prizes for Security Technology

Microsoft announced the Blue Hat contest to encourage researchers to develop runtime mitigation technologies to prevent attackers from exploiting memory vulnerabilities.

Most SSL Sites Vulnerable

SSL certificates and encryption are supposed to protect websites and users, but there is a catch.

IT administrators labor with 13 Microsoft security bulletins in August

IT administrators will need their Labor Day break after struggling with 13 security bulletins covering a broad range of Microsoft platforms, to be released on Tuesday.

DefCon Kids Guides Young Hackers to Do Good

Children 8 to 16 were welcomed for the first time ever at the DefCon hackers conference

Products of the Week

Our round-up of intriguing new products from Radiant Logic, Beyond Trust, Qualys among others. -- QualysGuard Web Application Scanning (WAS) 2.0

Photos show the cultural difference between Black Hat and Defcon hacker events

Black Hat: Philippe Courtot started Qualys a decade ago to focus on cloud security.

Microsoft to Fix 22 Software Flaws in Its August Patch Tuesday Update

Microsoft will fix bugs in Internet Explorer, desktop and server editions of Windows and Visio for August Patch Tuesday.

Microsoft preps 13 updates for August Patch Tuesday alert print comment tweet Unloads baker's dozen after quiet July

Microsoft is fuelling up 13 bulletins for release next week, including an update that guards against critical flaws in Internet Explorer. Another "critical" bulletin affects Windows server operating systems, and addresses a code-execution risk on unpatched systems.

Web application security on a new level

Qualys announced QualysGuard WAS 2.0, enabling organizations to leverage the power and scalability of the cloud to discover, catalogue and scan large numbers of web applications.

Virtualized scanners and report customization for security assessment

Qualys announced a new edition of the QualysGuard Consultant service, featuring virtualized scanner appliances (vScanners) and a report customization module.

Qualys Announces User Interface For Vulnerability Management Services

Compliance software-as-a-service vendor also upgrades its Web application scanning service.

Black Hat 2011: Attack vectors, vulnerabilities and malware analysis

Rodrigo Branco, director of vulnerability and malware research at Qualys Inc. talks about vulnerabilities, malware sophistication and whether the move to cloud-based services will change the way cybercriminals conduct attacks.

Qualys Announces UI For VM Services, Upgrades Web Application Scanning Service

Qualys has announced a new user interface to streamline management of its QualysGuard suite of vulnerability management and compliance software-as-a-service (SaaS) offerings.

Context-Based Web UI Ushers in Qualys' New SaaS Platform

Qualys showcased its new UI

Oracle Patches 78 Vulnerabilities in July

Oracle is out this week with its July critical patch update (CPU)

Oracle Issues Substantial Critical Patch Update with 78 Security Fixes

Oracle is fixing 78 security flaws across scores of its product in its latest critical patch update

Bug Warnings: Vendor Security Bulletins Unclear

Adobe, Apple, and Oracle have been slammed by security experts for a lack of information, transparency, and clarity in security bulletins.

Microsoft Squashes Bluetooth Bug

Patch Tuesday sees 22 Microsoft vulnerabilities fixed, while Mozilla pushes a Mac-only Firefox update.

Microsoft Warns of Critical Security Hole in Bluetooth Stack

Microsoft today shipped four security bulletins with patches for 22 serious security flaws and called special attention to a vulnerability in the Windows Bluetooth stack

Microsoft Fixes 22 Vulnerabilities

In today's Patch Tuesday, Microsoft released 4 bulletins addressing vulnerabilities affecting Windows and Office.

Microsoft Patch Tuesday to Fix 22 Vulnerabilities, One Critical

Microsoft is preparing to release four security updates for patching 22 vulnerabilities affecting its Windows and Visio 2003 platforms.

Critical Update for Windows 7 Coming Tuesday

Qualys' Amol Sarwate discusses the highest priority update

Microsoft to Issue 'Light' Four-Patch Update Tuesday

Microsoft plans to release a relatively light patch load for its upcoming Patch Tuesday

How to Fight Back Against a Cyber Attack

How are cyber attacks attacks carried out, what are the real risks, and what companies can do to protect themselves

Striving for Better Information Security Intelligence

Turning big data from a threat into an opportunity

SQL Injection Most Dangerous Software Error

SANS is out this week with its annual CWE/SANS Top 25 Most Dangerous Software Errors Report for 2011.

Are All of Your Company's Browsers Up to Date?

Keeping browsers up-to-date isn't always as easy as it should be. Today, Qualys is expanding that effort with the BrowserCheck Business Edition

Dell SecureWorks Cooperates with Qualys for VMS

SecureWorks signed a strategic partnership deal with Qualys

New SMB Browser Tool Hunts Down Insecure Plugins

Qualys has invited small businesses to sign up to use a free online tool that can scan browsers for out-of-date versions and plugins that might be putting users at risk.

Do You Know Where Your Security Holes Are?

Qualys and McAfee lead the way in six-vendor test of automated tools that scan and report on vulnerabilities

Qualys Extends Free BrowserCheck Service to Businesses

Qualys has extended its free BrowserCheck service into the business space, adding a number of extra features to the browser service for IT security admins.

Qualys Unveils BrowserCheck Business Edition

Qualys has just announced a Business Edition of their free BrowserCheck web browser vulnerability assessment tool

How To Prioritize Microsoft Patch Bonanza

Patch Tuesday weighed in as a doozy, but IT administrators also face fixes for major bugs in Acrobat, Flash, Java, and more. Here's expert advice on what's most key.

Patch Tuesday - Microsoft hits 34 vulnerabilities in 16 bulletins

Microsoft has released 16 security bulletins for the month of June

A Tool to Help Secure Your Browser

A new free tool for consumers from Qualys called BrowserCheck helps secure your browser

Microsoft Issues 16 Bulletins, 9 Critical Including SMB, IE Fixes

Microsoft unleashed 16 bulletins on June’s Patch Tuesday, issuing major operating system repairs and addressing other serious coding errors across its product line.

Your Patch Tuesday Update

The latest on Microsoft's June 2011 Security Update, based on what the vendors are saying

Patch Tuesday Sees 16 Fixes

Microsoft's June Patch Tuesday was released Tuesday to address 34 vulnerabilities in 16 bulletins

Microsoft Fixes 24 Bugs in June Patch Tuesday

Microsoft fixed 24 bugs in June’s Patch Tuesday release, closing critical security holes in Internet Explorer, Windows and Excel with nine rated as “critical.”

Adobe Fixes 36 Critical Bugs in Quarterly Security Update

As part of its regularly scheduled quarterly security updates, Adobe patches its Reader, Acrobat, Shockwave and Flash products.

Microsoft 'Patch Tuesday' Fixes 24 Flaws in 16 Updates

IT administrators will have their hands full this month

MS Patch Tuesday: Gaping holes haunt Internet Explorer browser

Guest Post by Wolfgang Kandek, CTO for Qualys

Microsoft Patches Critical IE9, Windows Bugs

Fixes 34 flaws, including multiple 'drive-by' vulnerabilities, in host of products

Microsoft Patches 34 Vulnerabilities

Microsoft released 16 bulletins addressing 34 vulnerabilities in Microsoft Windows, Microsoft Office, Internet Explorer, .NET, SQL, Visual Studio, Silverlight, VML and ISA.

Brace Yourself for a Big Patch Tuesday

Whether you're an IT admin in charge of deploying Windows updates across your firm's entire department or simply a home user with a Windows rig or three, prepare yourself for what's coming tomorrow.

Just in Time for Father's Day - Some Microsoft Patch Tuesday Overtime for IT Administrators

On Tuesday, Microsoft will release 16 security bulletins patching 34 flaws, including nine critical vulnerabilities, just days before Father’s Day.

Patch Tuesday: Fixing Critical Vulnerabilities

It's looking like a busy summer for systems administrators

Adobe Preps Quarterly Security Update for Reader, Acrobat

Adobe will release its quarterly update to address security vulnerabilities in all versions of Reader and Acrobat.

MS Lines up Bumper Patch Tuesday

Microsoft is preparing a bumper Patch Tuesday for next week, with 16 security bulletins that collectively address 34 vulnerabilities.

Microsoft Patch Tuesday To Address 34 Security Risks

The next Patch Tuesday will include a whopping 34 fixes, including critical vulnerabilities in all versions of Microsoft Windows, Internet Explorer, and Excel.

Microsoft Plans 16 Security Bulletins for June's Patch Tuesday

Microsoft will release 16 bulletins next week to fix 34 security vulnerabilities in all versions of Windows, Excel, Internet Explorer and SQL Server.

Oracle Updates Java for Security

This week Oracle released a Critical Patch Update (CPU) for Java, fixing 17 security flaws in Java SE.

Microsoft Planning 16 Fixes for Patch Tuesday

Windows IT pros can expect a really busy June if the advance notification for this month's security update is any indication.

Microsoft Planning 16 Fixes for Patch Tuesday

Windows IT pros can expect a really busy June if the advance notification for this month's security update is any indication.

Patch Tuesday Will Be Busy for IT Pros

Microsoft's regular monthly advance security bulletin was released as expected Thursday, and from the look of things, June will be a busy one for Windows IT pros.

Qualys Recertifies Its Cloud Computing FDCC Auditing Service

QualysGuard streamlines process of meeting FDCC compliance and USGCB

Web Security: Why You Should Always Use HTTPS

The importance of HTTPS and encrypting traffic to your browser

Is MacDefender Malware a Sign of the Macpocalypse?

There is a new world order. MacDefender, and subsequently MacGuard, demonstrate that the inherent security by obscurity of the Mac is fading, and that attackers are looking at the bigger picture.

Microsoft Patches Critical Windows Vulnerability

The software maker also tweaked its exploitability index, which predicts the likelihood that vulnerabilities will soon be compromised.

Modest Patch Tuesday Batch Tackles Windows and Office Issues

Includes critical WINS component update

Microsoft Patches Critical Server Flaw, Revises Index

Microsoft issued two bulletins this week, one critical, repairing a serious vulnerability affecting its server line.

Microsoft Releases Patch Tuesday Fixes for Windows Server and PowerPoint

Microsoft fixed bugs in the WINS name server resolution protocol and a file format vulnerability in PowerPoint for its May Patch Tuesday.

Microsoft's May 2011 Security Update

Microsoft released its May 2011 security update: Two bulletins covering three vulnerabilities.

Patch Tuesday Will Be Light, with Only Two Vulnerabilities

After April's backbreaking Patch Tuesday, May's version will be light, with only two security bulletins.

Wall Street Journal Leak Site Works on Security Fixes

The Wall Street Journal's SafeHouse web site, which invites whistle-blowers to submit tips and documents, addresses security problems

Microsoft Gives IT Admins a Break for May Patch Tuesday

Microsoft is only planning to release two new security bulletins for the May Patch Tuesday next week.

How Web Security Will Change with HTML5

Qualys' Mike Shema discusses the changes with HTML5 and what they mean for web security

One-Fourth of SSL Websites Are at Risk

Many sites haven't applied patches for well-known 'renegotiation' flaw

Adobe Updates Acrobat, Reader to Guard Against Flash Zero-Day

Adobe is once again releasing software updates to address a zero-day vulnerability in Adobe Flash.

Breaking Dawn Attack: How To Avoid Getting Bit

A new attack is spreading its way across Facebook, targeting fans of the epic vampire series Twilight.

Microsoft Delivers Monster Security Update for Windows, IE

Experts urge everyone to patch SMB bug pronto before hackers release another Conficker-style worm

Microsoft April 2011 Security Update is Live

Microsoft released its April 2011 security update a few minutes ago

Microsoft to Ship Record Updates for April Patch Tuesday

Bulletins address a record of 64 vulnerabilities

Microsoft to Fix 64 Flaws on Patch Tuesday Next Week

Microsoft is set to fix a bumper crop of 64 vulnerabilities

Record Patch Tuesday with 17-Bulletin Bumper Crop

Microsoft is lining up a record equaling 17 security bulletins

Prepare for Microsoft's Mammoth Patch Tuesday

Mammoth. That's the word that most accurately describes what Microsoft has in store for this Patch Tuesday.

Microsoft Preps 17 Security Bulletins For Patch Tuesday

Microsoft plans to release 17 security bulletins next week to address 64 vulnerabilities across several products, including Windows and Internet Explorer.

Microsoft Releases 17 Patches in April, 9 Critical

Microsoft's "Patch Tuesday" bug fixes were a relatively light load for security professionals to deal with in March but that seems to have been only a momentary lull.

Epsilon Breach a Treasure Trove for Phishing Attacks

While the Epsilon data breach differs from other recent breaches in that there are no credit card numbers, social security numbers or corporate secrets, the threat of phishing attacks is all too real.

Epsilon Data Breach Paves Way for Phishing, Security Pros Warn

As the list of companies affected by the Epsilon e-mail breach continues to grow, security professionals are warning that the public should expect to see an onslaught of targeted phishing attacks.

Epsilon Data Breach: Expect a Surge in Spear Phishing Attacks

Epsilon--the largest distributor of permission-based email in the world--revealed that millions of individual email addresses were exposed in an attack on its servers.

Getting Rid of Scareware

Don't wait until you get hit by scareware. Prevention is always the best cure.

LizaMoon Attack: What You Need to Know

A little information and common sense are all you need to make sure that LizaMoon is nothing more than a minor annoyance.

New Vulnerabilities Are on the Rise

According to a new report from IBM (NYSE:IBM), 2010 was a good year -- for new security vulnerabilities.

Qualys Joins with StopBadware to Fight Malware on the Internet

The two organizations will leverage one another’s strengths to improve the web’s collective defenses against malware.

Qualys Partners with StopBadware

Qualys is partnering with the non-profit anti-malware organization StopBadware.

Experts Weigh in on Comodo SSL Certificate Fraud

Reactions are running rampant after security firm Comodo revealed it was tricked into issuing rogue digital certificates

How Secure is Your Browser

Video coverage of Qualys CTO Wolfgang Kandek on the state of browser security.

IronBee Versus ModSecurity

The difference between ModSecurity and IronBee

Hackers Exploit Flash Zero-Day, Adobe Confirms

Plans to patch Flash, Reader next week, but cites Reader X's sandbox as reason why it won't update newest version

Adobe Promises Flash, Acrobat and Reader Fix for Zero-Day Bug

Adobe issued a security bulletin about a critical vulnerability that could compromise user systems and promised a fix next week.

Report: Internet Explorer Used to Exploit Windows MHTML Vulnerability

A vulnerability in the way Internet Explorer parses MHTML content is now targeting users as part of a "drive-by" browser attack.

Patch Tuesday Unleashes Three Bulletins

Microsoft has announced that it has issued three bulletins to fix four vulnerabilities in Microsoft Windows and Office as part of March's Patch Tuesday.

Microsoft Issues Security Bulletins for Vulnerabilities in Windows, Office

Microsoft has issued three security bulletins, one rated "critical" and two "important"

Microsoft Patches Critical Windows Drive-by Bug

Microsoft today shipped three security updates that patched four vulnerabilities in Windows and Office, but did not patch IE ahead of the Pwn2Own hacking contest that begins Wednesday.

Microsoft Patch Tuesday Leaves MHTML Bug Unchecked

Microsoft issued three security bulletins, addressing two critical vulnerabilities

Microsoft Patches Four Vulnerabilities in Windows and Office

Today Microsoft released three security bulletins: one is rated Critical and two are rated Important.

Microsoft's March 2011 Security Update

Quick update on the patch bundle Microsoft released a short time ago

Microsoft Fixes Critical Windows Hole, Others

Microsoft today released three bulletins fixing four vulnerabilities in Windows and Microsoft Office, including one that is rated "critical" for Windows XP, Vista, and Windows 7. Read more:

Microsoft Warns of Windows Media Video Attacks

Hackers could use malicious video files to take over Windows computers

Qualys Unveils IronBee Open Source Web Application Firewall

One of the most compelling (and arguably overlooked) bits of news from last month's RSA Conference was the arrival of IronBee

What is the WAF? IronBee Wants To Be the WAF Standard

How's your WAF? What you don't have one? You probably should.

80% of Browsers Have Known Vulnerabilities

Most problems are caused by insecure plug-ins, such as Java, Adobe Reader, QuickTime, and Flash, finds Qualys.

Qualys Launches Open Source Web App Firewall Project

Qualys last week unveiled IronBee

Open Source Report from RSA 2011

Open source is alive and well in the security industry

Most Vulnerable Browser Plugin? Think Java, not Flash

Adobe's Flash has a reputation for requiring regular security updates, but the sleeper vulnerabilities in browsers may be in Java.

Most Users Leave Web Browsers Open to Cyberattack

Most people don't keep Web browsers secure, according to new report

4 in 5 Surfers Open to Browser Exploits from Fixed Flaws

Patchy patches provide pretty paltry protection

Researcher: 80 Percent of Browsers Need Updating

80 percent of Web browsers run by consumers are vulnerable to exploits of already-patched bugs

RSA: Java is the Most Vulnerable Browser Plug-in

Are your browser plug-ins up-to-date?

Bulk of Browsers Found to Be at Risk of Attack

About 80% of browsers and their plug-ins need updating, says researcher.

Sun Java by Far the Most Vulnerable Plug-in

oday at the RSA Conference in San Francisco, Qualys CTO Wolfgang Kandek presented research which clearly shows that browser security is alarmingly bad.

Qualys Announces Security-as-a-Service Platform

The new Qualys security-as-a-service platform offers an integrated framework with new functionality in all Qualys security and compliance applications

Open Source Web Firewall Launched by Qualys

Qualys has set out its alternative vision based on building a new generation using open source development.

Qualys Releases Report on Faulty Browser Plugins

Qualys's BrowserCheck tool, released last summer, reports on any security problems with your browser. A new report, released Wednesday, shows the most vulnerable plugins.

Virtualized Software-Based Scanner Appliances Introduced by Qualys

Qualys introduces virtualized software-based scanner appliances for QualysGuard

Qualys Starts an Open Source WAF Project

IronBee open sourced, community under construction

Open Source Web Application Firewall Unveiled by Qualys

Next-generation of WAF technology will be provided by a new open source project, IronBee.

Free e-Book: Web Application Security for Dummies

New e-book helps readers understand web application security - including how to find and fix vulnerabilities

Security: Latest Network Forensics Products Keep Tireless Watch for Malware Threats

At the RSA Conference in San Francisco Feb. 14-18, a number of networking companies are shining the spotlight on network forensics and packet analysis.

Best SME Security Solution

Winner: Qualys for QualysGuard Express

IronBee Open Source WAF Project Launches

Web Application Firewall (WAF) technology is seen by many as a much needed technology for Web application security.

Best Vulnerability Management Tool

Winner: Qualys for QualysGuard Vulnerability Management

Web Application Scanning on a New Level

QualysGuard WAS 2.0 enhancements to help customers catalog web applications on a global scale and scan them for vulnerabilities that can lead to exploitation.

Qualys Debuts Its Next Generation Security-as-a-Service

For a decade, Philippe Courtot, chairman and chief executive of Qualys, has been singing the praises of cloud-based security.

Qualys Revamps Managed Security Platform with Java Back-End

Qualys unveiled its second-generation security-as-a-service platform that uses Java and a number of open-source technologies. The company also announced a new open-source application firewall project.

Security: RSA Conference 11 Products to Watch

There are more than 450 expo vendors showing wares or hawking programs at the 20th annual RSA Conference now underway in San Francisco.

RSA Conference 2011: Cloud Security Challenges Dominate

Security in the cloud is a hot topic, so it's no surprise that RSA Conference 2011 in San Francisco Feb. 14-18 will feature a number of sessions devoted to the issue.

How to Prioritize Microsoft Patch Tuesday

Following a very light Patch Tuesday in January which left a number of exposed zero-day vulnerabilities unpatched, Microsoft is bouncing back with 12 security bulletins for February.

ZDI Releases Details on Five Unpatched Microsoft Flaws

The Tipping Point Zero Day Initiative released details on 25 vulnerabilities this week

Microsoft Security Fixes Arrive With More Vulnerabilities

Computer security looks more and more like a game of Whac-A-Mole.

Microsoft to Patch Three Zero Day Vulnerabilities

Tuesday will bring 22 fixes from Microsoft, as well as Adobe patches for Acrobat and Reader

Zero-Day Update Duo to Star in Upcoming Patch Tuesday Update

But MHTML Fix Remains MIA

Microsoft to Seal 22 Security Holes This Month

Next week's Patch Tuesday will address 22 vulnerabilities, three of which are critical

Your Patch Tuesday Preview

Analysis on Microsoft's February security update by Qualys CTO Wolfgang Kandek

Microsoft Offers FixIt Tool to Address Newest Vulnerability

New tool mitigates issue behind new vulnerability that impacts nearly all supported versions of Windows

Windows Vulnerable to Zero-Day XSS Attacks

Advisory addresses flaw in the MHTML protocol handler which opens all versions of Windows to potential cross-site scripting (XSS) attacks.

Attack Code Surfaces for New Windows MHTML Zero-Day Vulnerability

Vulnerability could be exploited if a victim clicks on a malicious link in a website

Microsoft: Exploit Published for Windows Flaw

Hackers have published instructions for attacking a previously unknown security hole in all versions of Windows

Microsoft Warns of New Windows Zero-Day Bug

Only Internet Explorer users at risk; other browsers can't be exploited, say researchers

Busy Patch Tuesday Sees 16 Microsoft Fixes Coincide with Adobe Security Update Release

IT administrators will find their hands full this month

Microsoft Patches Critical Windows Drive-by Bug

Also repairs 'DLL load hijacking' flaw in Vista, but leaves several vulnerabilities unfixed

Cloud Security Alliance Plans RSA Summit

At RSA Conference 2011, CSA will provide updates on progress in several research areas

Fixes for Two Windows Flaws Coming from Microsoft

Microsoft's first security update of the New Year should be relatively easygoing for administrators

Qualys Combines QualysGuard Saas Platform with BeyondTrust PowerBroker

Integration enables customers to manage user access and privileges while expanding coverage of security scans

QualysGuard Integration with BeyondTrust PowerBroker

Customers to use PowerBroker root delegation functionality for authenticated vulnerability and compliance scans on Unix systems

Developer Best Practices for Protecting Data in the Cloud

Moving data to the cloud means making sure that security is as good or better than your data center.

Email or call us at +1 800 745 4355 or try our Global Contacts
Subscription Packages
Qualys Solutions
Qualys Community
Free Trial & Tools
Popular Topics