See Resources

USA Media Coverage


‘Tis the Season for Security Resolutions, Not Predictions

As 2012 comes to a close, many security vendors have issued predictions on what security issues and trends would dominate our collective attention in the New Year.

Be Prepared: 4 Steps to Better Data Disaster Planning

While more than a month has gone by since the devastating Hurricane Sandy hit the East Coast, the photographs and videos of the incredible destruction will be hard to forget.

Microsoft Patches Critical Remote Flaws in Word, IE and Windows

A rare critical Microsoft Word vulnerability was patched today by Microsoft, one of seven security updates pushed out repairing 11 flaws.

The Last Patch Tuesday of 2012

Today is the last Patch Tuesday of 2012. Its seven bulletins bring the total count for the year to 83, significantly down from last year’s 100 bulletins and even more from the 2010 count, which ended at 117 bulletins.

Windows 8, RT to Receive More Critical Patches Next Tuesday

Windows 8 and RT are set to receive their second lineup of bug fixes when next week's Patch Tuesday rolls around.

Microsoft Fixing 11 Vulnerabilities for December Patch Tuesday

Microsoft announced today that it plans on shipping seven bulletins, five critical, two important, for the December edition of its monthly patch Tuesday security bulletin release cycle.

Major Exploit Hits Tumblr, Affects Over 8,600 Users

A massive attack against Tumblr appears to have impacted more than 8,600 users whose blogs are apparently becoming infected through the act of clicking on an infected site.

Don’t Get SaaS-y with Me: 5 CloudBeat Lessons you Need to Know

Big business is embracing the cloud more than ever. Cloud tech has reached a level of acceptance in the past year, with many companies moving out of pilot projects and into full-on deployments of critical parts of their business onto cloud-based systems.

Cloud Security Experts: Use Multi-Factor Authentication, You Dummies

If you’re not using multi-factor authentication as a company or as a consumer, you really need to start. No, seriously, go turn it on now if you can.

Updates Browsers Still Vulnerable to Attack if Plugins are Outdated

Psst. Is your browser up-to-date? You may think you are safe because you update the Web browser regularly, but chances are you are still surfing the Web with highly vulnerable software.

A Chat with Wolfgang Kandek, CTO, Qualys…

On November 8th, I attended the Qualys Security Conference 2012 at the Berkeley hotel in London. At the end of the day, I was lucky enough to catch up with Wolfgang Kandek, CTO of Qualys.

Cybergangs Target Online Shoppers

Here's how cybergangs are targeting online holiday shoppers, and here's what you can do to protect yourself.

SMBs Face the Biggest Threats from Cyber Monday Shopping

Many employees will spend a portion of their day hunting for bargains on the Monday following Thanksgiving weekend, and companies should prepare for the increased security risks.

With Shopping Scams on the Rise, Watch for These Threats

Holiday shopping means a spike in online scams, fraud, and malware, so you need to be aware of the risks and threats, and exercise some common sense to avoid a cyber-Grinch incident.

Half Of Machines Shopping On Cyber Monday Likely Contain Vulnerabilities

Meanwhile, businesses more worried about productivity than security threats

Facebook Praised for Encrypting Web Access by Default

Move to HTTPS will protect users accessing the social network via public Wi-Fi networks

Facebook to Roll Out HTTPS by Default to all Users

The connections of all Facebook users with the website will be encrypted by default

Adobe to Fix Flash Player on Patch Tuesdays

Adobe has changed its schedule for releasing Flash Player security updates to coincide with Microsoft's Patch Tuesday schedule.

Facebook Adopts Secure Web Pages by Default

Facebook has finally started using HTTPS by default, following a 2010 FTC demand and in the distant footsteps of Google, Twitter, and Hotmail

Courtot Mixes Business with Extreme Skiing, Hurricane Chasing

Most Admired CEO Profile on Qualys' Philippe Courtot

Beyond Antivirus Software: Eclectic PC Security Tools for System-Wide Audits

Welcome to a harsh reality: Relying on an ostensibly comprehensive antivirus suite just doesn't cut it in 2012.

'Multiple Vulnerabilities' Found in Windows 8

Security firm Vupen says it has found several serious security loopholes in the new Windows 8 operating system (OS).

Despite Windows 8 Zero-Day, Vendors Laud Security of New Microsoft OS

Security experts at several security firms are heralding Windows 8, Microsoft's new endpoint platform, as the safest operating system to date.

Adobe, Now ‘Married’ to Microsoft, Moves Flash Updates to Patch Tuesday

Will sync Flash security updates with partner's monthly schedule

Vupen Claims “Remote Code Executiion” on Windows 8

Reminds the industry that Windows is unlikely to ever be bulletproof, says one security expert

Flaws patched in Apple's Safari browser and iOS 6

Apple has released updates to address flaws in its Safari 6 web browser and iOS 6 mobile operating system.

Government-Funded Hackers Say They've Already Defeated Windows 8's New Security Measures

Last week’s Windows 8 launch wasn’t just a major product release for Microsoft. It seems to have been a banner day for the government-funded hackers who take Microsoft’s software apart, too.

Windows 8 Security: Mostly Good, Some Bad

Even though Microsoft's Windows 8 is not specifically a security release, the new Secure Boot and better memory management hardens the desktop against attackers.

Windows 8 Raises the Bar for PC Security

Security features in Windows 8 that will keep your PC and data safe.

Windows 8 Security Focuses on Early Malware Detection

In Windows 8, Microsoft has greatly improved the operating system's ability to detect malware before it has a chance to run, experts say.

Qualys Adds Vulnerability Prediction Capabilities To QualysGuard Platform

Qualys has updated two of its products to help administrators better manage vulnerabilities and mitigation, the company said Wednesday at its own Qualys Security Conference in Las Vegas

SSL Implementation Flaws Found in Many Android Apps

A study conducted by German researchers found that more than 1,000 out of 13,500 Android applications contained serious flaws in their SSL implementation

inShare Permalink RSS Russian Service Rents Access To Hacked Corporate PCs

Service provides stolen remote desktop protocol credentials, letting buyers remotely log in to corporate servers and PCs, bypassing numerous security defenses.

Zero-Day Attacks Long-Lived, Presage Mass Exploitation

Zero-day attacks escape detection for an average of 10 months; once they go public, attacks multiply dramatically, researchers find

Apple Tries to Kill its Own Java on Most Macs

Apple took other measures to shove Mac owners towards Oracle, including removing Java options from the Preferences window.

Zero-Day Arracks Escape Detection for Nearly a Year: Symantec Study

Attacks using undisclosed “zero-day” vulnerabilities remain hidden for anywhere from 19 days to 30 months, according to new research that found eleven previously undetected attacks.

Oracle Squashes 109 Bugs in Quarterly Patch Batch

Hot fresh Java will flush parasites from your system

3 Must-Fix Vulnerabilities Top Oracle CPU Patches

Two CVSS 10.0 and one 9.0 flaws top the charts on a Critical Patch Update list chock full of remotely exploitable vulnerabilities

Web App Design at the Core of Coding Weaknesses, Attacks, Says Expert

Developers need to work on creating strong designs for Web applications by rethinking their coding practices and the process in place to fix bugs

More Banks Come Under Denial-of-Service Attack

Capital One and SunTrust came under attack this week using denial-of-service techniques that are evading defenses meant to blunt such attacks

Mozilla Praised for Pulling Flawed Firefox 16

Move shows commitment to privacy, but experts say Google's Chrome and Microsoft's Internet Explorer are more secure

Qualys Expands QualysGuard PCI Cloud Platform

Qualys has expanded QualysGuard PCI to assist organizations of all sizes to meet Payment Card Industry (PCI) Data Security Standards (DSS), including new internal scanning requirements.

Application Vulnerability Disclosures Rise, Microsoft Finds

Application vulnerabilities are on the rise in 2012

U.S. Security Vendors Wary of Chinese Telecom Suppliers, Call for Transparency

Qualys CEO: Huawei needs to "disconnect" from Chinese government

Your October 2012 Patch Tuesday Update from Microsoft

Microsoft released seven bulletins in Windows, Office and SQL Server today as part of its monthly update cycle.

1 'Critical' Item and 2 Advisories in Microsoft's October Security Update

For the second month in a row, Microsoft is releasing an uncharacteristically light security update.

Microsoft Patches Critical Word Flaw; Certificate Key Length Changes are Official

Microsoft rolled out seven security updates today, including a fix for a critical remotely exploitable Word vulnerability

Microsoft Addresses Critical Word Flaws, New RSA Key Length

Microsoft will begin requiring digital certificates to support an RSA key length of at least 1024 bits today, in accordance with a security advisory being pushed through Windows Update.

25 Critical Updates in Adobe Flash Fix

Just slightly out of kilter with today’s Microsoft ‘Patch Tuesday’, Adobe yesterday issued a patch for 25 Flash vulnerabilities

The Challenges of Securing Enterprises in a BYOD World

BYOD is a growing reality, as employees are connecting a greater number of devices to enterprise networks on a daily basis, and CIOs and CSOs must prepare accordingly.

October Patch Tuesday Preview

After a very light September, October’s Patch Tuesday will revert to normal with seven security bulletins from Microsoft: one labeled critical and six labeled important.

Patch Tuesday: Microsoft's October Update Will Fix Security Vulnerabilities in Office

This month's release has seven bulletins--just one of them critical.

Microsoft to Patch 20 Bugs Next Week in Month of Office Updates

Single critical update will fix serious flaws in Office 2007, 2010 on Windows that hackers could use to hijack PCs

October 2012 Patch Tuesday: One Critical Bulletin Expected

Microsoft's October 2012 Patch Tuesday release will include seven bulletins, one deemed critical and six as important

Malicious Copy of MySQL Tool Distributed Through SourceForge Mirror

A compromised copy of the MySQL administration tool phpMyAdmin was being served up via a SourceForge mirror site based in Korea that has since been taken out of the rotation, officials said.

inShare Permalink RSS Microsoft IE Patch Fixes Flaw Under Active Attack

Microsoft wins praise for quickly addressing five remote-execution security vulnerabilities, one of which is being used now in attacks

Clues, Experts Say Microsoft Knew of IE Zero-Day for Weeks Before Patching

Bug-bounty program may have reported the browser flaw to Redmond in July

The Geography of HTML5 Security

Book author and Qualys Director of Engineering Mike Shema outlines HTML5 security

Microsoft Releases Emergency IE Patch

Microsoft has released an out-of-band update fixing at least five vulnerabilities in Internet Explorer

Apple Goes Against Grain, Extends Support for Snow Leopard

'Might be a Windows XP-like effect,' notes one security expert of Apple's patching of OS X 10.6

Redmond Promised Emergency IE Bug Fix on Friday (zero day +5)

Keep calm and carry on, advise security types

Huge iTunes Patch: Apply It and Move On

Although 163 security fixes is a big update for any product, Apple users should be more concerned with recent Java issues

Apple Plugs 163 iTunes Security Holes

Security researcher Wolfgang Kandek said he doesn't believe iTunes is high on the priority list of attackers -- and it is possible none of the vulnerabilities could actually be exploited through iTunes.

The Perfect CRIME? New HTTPS Web Hijack Attack Explained

BEASTie boys reveal ingenious login cookie gobble

'CRIME' Attack Abuses SSL/TLS Data Compression Feature to Hijack HTTPS Sessions

SSL/TLS data compression leaks information that can be used to decrypt HTTPS session cookies, researchers say

Microsoft to Patch Adobe Flash Player in Windows 8 'Shortly'

Microsoft said it will update Adobe Flash Player to close security holes before Windows 8 is generally available

Crack in Internet’s Foundation of Trust Allows HTTPS Session Hijacking

Attack dubbed CRIME breaks crypto used to prevent snooping of sensitive data

Microsoft Changes Mind; Will Patch Flash on IE 10 Before Windows 8 Ships

Microsoft has reversed course and said it will patch a serious Adobe Flash vulnerability in Windows 8 and Internet Explorer 10 before the new Microsoft OS ships Oct. 26.

Experts Urge Prep for Microsoft’s Cert-Blocking Update

Scan networks for too-short keys, audit systems, test Oct. update before it rolls out, urge security pros

Microsoft to Patch Windows 8 Flash Bug Before OS Released

No patching before release meant the forthcoming operating system would be vulnerable to attack immediately after it was made available

Web Application Firewalls and IPv6

Does your WAF protect against IPv6 attacks?

Microsoft’s September Patch Tuesday Load Lighter Than Usual

With only two updates released on September's Patch Tuesday, Microsoft is going easy on IT departments this month

The September Lull: Microsoft Releases But Two Bulletins for This Month’s Patch Tuesday

Today Microsoft announced and detailed the updates component to the latest edition of its monthly security update cycle

Microsoft Ships Two Bulletins in September Security Update

The Microsoft security team shipped just two bulletins - resolving as many holes - in the September, 2012 edition of Patch Tuesday.

RSA Key Length Change Should be Priority in September 2012 Patch Tuesday

Microsoft will be restricting Windows certificate acceptance rules next month and security experts indicate that since September has few software updates, security teams should prepare for the changes.

Why Are Web Applications a Security Risk?

The CTO of Qualys explains how the shift from traditional to Web applications will require developers to raise their security games.

September’s Patch Tuesday is a Lightweight

But “we’d like to remind you about an important change to Windows’ certificate requirements,” says Microsoft – so September is still going to be a busy month for sys admins.

Microsoft’s September Patch Tuesday Easy; October, Not So Much

September's Microsoft Patch Tuesday preview is shaping up to be a fairly simple one

Get Ready: Microsoft is Raising the Bar for Encryption Keys

Next Tuesday is already Patch Tuesday for September, but Microsoft only has a couple of relatively minor updates lined up. Don’t get too comfortable, though—you need to prepare for the changes Microsoft is making next month for cryptographic keys.

Microsoft Gives Users a Patch Break, and Time to Prep for Certificate Slaying

Use the light Patch Tuesday to get ahead of key invalidation update slated for October, say experts

Microsoft Plans Two 'Important' Security Updates for Foxprom, System Management Server

Compared to what we've seen for much of this year, September is shaping up to be quiet on the Microsoft patching front.

Malware Analysis Tools and Techniques Failing But Researchers Aim For Improvement

Hardened cryptographic algorithms and other defensive capabilities are making reverse engineering and analysis increasingly difficult for malware researchers

ABCs Of Factoring Risk Into Cloud Service Decisions

Taking an empirical, risk-based approach to deciding on third-party, shared-infrastructure services

Java Sandboxing Could Thwart Attacks, but Design May be Impossible

Cybercriminals are targeting known Java vulnerabilities and discovering zero-day exploits

Six Ways to Protect Against the New Actively Exploited Java Vulnerability

Methods for users to protect their computers from attacks that target a new and yet-to-be-patched vulnerability in all versions of Java Runtime Environment 7

Newly Discovered Java Flaw Seen Exploited in Wild

Information on a Java flaw that has been seen in targeted attacks in the wild

Dropbox Going Two-Factor, Becoming De Facto

Move comes four weeks after the popular online file sharing service was hit by an embarrassing spam attack

Attack Code Surfaces Targeting Java Zero-Day Flaw

Security researchers at FireEye Inc. are warning of a new zero-day vulnerability affecting the latest version of Java

Serious New Java Vulnerability Discovered

An attack that targeted a previously unknown security hole in Java has recently been spotted.

Java 7 Under Attack: Researchers Advise It Be Disabled During the Interim

Security researchers are urging channel partners and administrators to limit use of Java 7 while they work to resolve a new zero-day exploit in Java 7

Warning: Java Zero Day Flaw Under Attack

A zero-day vulnerability in Java is being actively exploited in the wild.

Emergency Adobe Update APSB12-19 Addresses More Flash Player Flaws

Adobe Systems Inc. has released six security updates in Security bulletin APSB12-19

New Patches for Adobe Flash Player

Adobe has issued new patches for Flash on Windows, Mac, Linux and Android, for Air on Windows and Mac, and for the Air SDK.

Patch Tuesday Déjà vu: Adobe Patches Flash…Again

Double-Take for IT Admins

How To Protect Your Commercial Web Server

Public Internet servers are among criminals’ favorite targets. Is your security strategy up to the challenge?

Apache Patches Fifty Bugs, Two Security Flaws, in Web Server

The Apache Software Foundation has fixed over fifty bugs, including two security vulnerabilities, in its venerable Web server software.

Former White House Cybersecurity Official Joins Start-Up

Former cybersecurity officials work with start-ups

August 2012 Patch Tuesday Fixes Flaw Being Actively Targeted By Attackers

Microsoft issued nine security bulletins, addressing 26 vulnerabilities in its August 2012 Patch Tuesday

August Patch Tuesday: Microsoft Fixes XML, IE, and Oracle Flaws

Microsoft patches 26 vulnerabilities -- and revisits the XML patch from the July update.

Ready, Set, Patch! Microsoft Releases Nine Security Updates for Multiple Products

This month's patch load: Nine bulletins, 5 of which are critical, that address 27 vulnerabilities.

August’s Patch Tuesday Brings 9 Bulletins, Fixes 27 Vulnerabilities

This month’s updates include 9 total bulletins, 5 of which are rated as ‘critical,’ addressing a total of 27 vulnerabilities.

8 of 9 Microsoft August Bulletins Battle RCE Flaws

Microsoft's monthly Security Update arrived today with nine bulletins addressing 26 vulnerabilities.

Critical Security Fixes from Adobe, Microsoft

Adobe and Microsoft each issued security updates today to fix critical vulnerabilities in their software.

5 Benefits of IT Compliance Programs

Non-security benefits of compliance include improved asset management, streamlined IT operations, and bolstered intelligence about technology and business processes

August Patch Tuesday Heats Up with Five Critical Security Bulletins

Five of Microsoft’s nine security bulletins set to be shipped Tuesday plug critical security flaws in a range of products.

Security Manager’s Journal: At Budget Time, you Ask and Hope to Receive

Our manager has a long wish list as the annual budget time rolls around once again.

A Sneak Peek At Microsoft’s August Patch Tuesday

Microsoft prepares to release next week's August edition of Patch Tuesday

Vendors Roll Out Mobile Security, Vulnerability and Forensics Tools

A look at some of the releases from Black Hat, as well as the latest vulnerability management and forensics products

Third Parties Are IAM's Third Wheel

Connections with suppliers, partners, and contractors need better foresight and planning Passwords: Does Length Really Matter?

U.S. Cyber Coordinator Moves on

What does the nation's first cyber security coordinator do for an encore on leaving government service?

ASEF Android Tool Analyzes App Security and Behavior

A researcher at Qualys has released a new tool designed to allow users to evaluate the security and behaviors of the apps installed on their Android devices.

Hackers Increasingly Aim for Cross-Platform Vulnerabilities

A Microsoft security researcher says malware makers seek 'economies of scale'

HTML5 WebSockets Identified As Security Risk

WebSockets offer the promise of improved TCP connections, but do they also invite new forms of attack on your applications and infrastructure?

Black Hat 2012: Rodrigo Branco on New Malware Research Database

In this interview with News Director Robert Westervelt, Rodrigo Branco, director of vulnerability and malware research at Qualys, discusses his new malware analysis system.

Qualys adds IPv6 support to FreeScan

Qualys announced at Security B-Sides Las Vegas that FreeScan now includes support for IPv6.

Qualys Adds IPv6 Support to FreeScan Service

Using FreeScan, organizations can now scan IPv6 devices to detect possible vulnerabilities and take the steps necessary to remediate them.

New Tool Gives 150 Ways to Bypass Web App Firewalls

Released at Black Hat, tool can test if web application firewalls are vulnerable to protocol-level evasion techniques

Qualys Open-Source Mobile Security Tool Debuts at Black Hat

A new open-source framework from Qualys called ASEF is set to debut at the Black Hat Security conference this week. The tool lets anyone parse Android apps and figure out if there are risks.

Qualys Announces General Availability Of Its Dynamic Asset Tagging and Management Technology

Technology enables customers to identify, categorize, and manage large numbers of assets in highly dynamic IT environments

Black Hat Makes Light of Accidental Password-Reset Email

A Black Hat volunteer mistakenly sent to 7,500 conference goers a password-reset email that was initially thought to be a phishing attempt.

Black Hat 2012: Hackers to Explore Malware Analysis, Next-Gen Attacks

Researchers will share insights into next-generation malware and hacker techniques at the 2012 Black Hat Briefings in Las Vegas next week.

Mobile and Web Security Will Be Major Topics at Black Hat

Mobile and Web Security Will Be Major Topics at Black Hat

Ten Must-See Black Hat 2012 Sessions

A selection of talks, recommended for all audiences and guaranteed to be hits.

Firefox 14 Gets Kudos for Security

'They're doing great work in the security area,' says security firm CTO of open source browser group Mozilla

'Waldo' Finds Ways To Abuse HTML5 WebSockets

Black Hat USA researchers to release free hacking tool and demonstrate how new communication channel could be used for XSS, denial-of-service, and hiding malicious or unauthorized traffic

Will Advanced Attackers Laugh At Your WAF?

Companies should not trust vendors' claims about Web application firewalls, says security engineer who at Black Hat USA will show 150 different ways attackers can get around Web defenses

How to Make Your Website Hacker-Proof

Simple steps to avoid trouble

Your Birthday Is a Terrible Password

A Qualys researcher used pattern-matching analysis to find date-based passwords in the LinkedIn hash dump

July’s Patch Tuesday Brings 9 Bulletins, Addressing Some 16 Vulnerabilities Including a Critical Fix IE9

Patch Tuesday: Microsoft Pushes Nine Fixes For 16 Flaws

Microsoft on Tuesday issued nine security bulletins to address three "critical" and six "important" security issues.

Microsoft’s July Security Update Arrives With Unexpected IE Fix

Microsoft released its monthly security rollout today, which includes three fixes rated "critical" and six designated "important."

Microsoft Fixes XML Flaw as Attackers Circle in Patch Tuesday Update

Microsoft plugged a number of security holes today impacting Windows, Internet Explorer and other products as part of its monthly security update.

Microsoft Patches XML Flaw Under Attack and 15 More Vulnerabilities

July Patch Tuesday: XML 5 Still Vulnerable

Microsoft fixes some -- but not all -- XML flaws in the July Patch Tuesday security update. Meanwhile, Internet Explorer is set to get more frequent patches.

Microsoft Patch Tuesday Takes Aim At Key XML, IE9 Vulnerabilities

Microsoft has released nine bulletins addressing 16 vulnerabilities

Patch Tuesday Preview, July 2012

Malware Monday: Last-Minute Checks to Avoid Internet Shutdown

Malware Monday is July 9

How To Test Your Computer For DNS Changer Malware

The malware could cause as many as 64,000 Americans' computers to lose Internet service on Monday.

Microsoft's XML 0-day fix expected in July Patch Tuesday

Hack attack smack

There Is No Excuse for Still Being Infected with DNSChanger

The FBI estimates that as many as 275,000 PCs are still at risk of losing access to the Web on Monday

Patch Tuesday: Time to Use the Flame-Retardant Windows Update Client

Updated Windows Update software fixes vulnerabilities exploited by Flame malware

Microsoft Prepping 9 Fixes for July's Patch

Microsoft is readying three "critical" bulletins and six "important" items for this month's security update

Researchers Use Cloud To Clear Up Malware Evasion

An analysis project surveys the techniques used by malware to evade security software and plans to turn the research into a service to analyze malware

Former White House Cyber Czar Rejoins Private Sector

Former White House Cyber Coordinator Howard Schmidt, who retired in May, has landed back in the private sector.

If Security Were The Only Factor, a Windows 8 Upgrade Would Be A No-Brainer

Windows 8 benefits from a decade of Microsoft security focus

4 Signs That Apple's Sharpening Its Security Game

Apple is quietly making some subtle, incremental security moves in the face of new threats to its products

Former Cybersecurity Czar Howard Schmidt Joins Qualys Board of Directors

Qualys announced this week that former cybersecurity czar Howard Schmidt will join the company’s Board of Directors

Changes to PCI rules: What you need to know

Changes to PCI rules: What you need to know

Howard A. Schmidt, Former White House Cybersecurity Coordinator, Joins Qualys Board of Directors

Distinguished global authority on Internet security and critical infrastructure to bring public sector expertise and help expand industry collaboration

Qualys helps businesses comply with Cookie Directive

QualysGuard WAS identifies cookies that have been issued without the user’s consent

Qualys Helps Organizations Comply With EU Cookie Directive

QualysGuard Web Application Scanning (WAS) service will be able to help customers identify Web application cookies in order to help organizations comply with the European Union (EU) Cookie Directive

The 50 Most Powerful People In Enterprise Tech

The 50 biggest movers and shakers in enterprise tech

Microsoft Windows Update SSL Certificate Gets Failing Grade

Nonetheless, there's no hard evidence Win Update is unsafe, crypto expert says.

VMware Patches Virtualization Flaws

Bugs would allow attackers with administrator-level access to cause a denial of service or even take control of a targeted environment.

Vulnerabilities in Open Source WAF ModSecurity

Guest post from Qualys' Ivan Ristic on ModSecurity update

Qualys Brings Security, Compliance Platform to Private Clouds

Qualys recently introduced a private cloud version of its QualysGuard Cloud Platform

Qualys Unveils Private Cloud Version of Security Package

Qualys introduced this week a private cloud version of its QualysGuard Cloud Platform

Oracle and Apple Update Java – and So Should You

Of particular note with the Oracle June Java update is the fact that Apple is also updating Java at the same time.

Microsoft Readies Post-Flame Windows Update Changes

Paused limited test update for Patch Tuesday, will feed more secure update client 'in a few days' to stymie Flame-like attacks

Your June 2012 Patch Tuesday Update

Microsoft released seven security bulletins addressing approximately 27 vulnerabilities scattered across Windows, Internet Explorer, Dynamics AX, Microsoft Lync, and the .NET Framework

June’s Patch Tuesday Brings in 7 Bulletins, Addresses 27 Vulnerabilities

June’s Patch Tuesday has some seven bulletins, of which three are rated critical, that address some 27 vulnerabilities.

Internet Explorer RCP Fix Highlights June’s Security Update

Microsoft released its June patch today, which includes three "critical" security items and four "important" bulletins

Stolen LinkedIn Passwords Can Sell for as Low as $1

Qualys Introduces Private Cloud Version of QualysGuard Platform

Customers can host and operate the security and compliance platform within their data centers

Qualys Launches Private Cloud Version of Security and Compliance Platform

Security provider Qualys has launched its QualysGuard Private Cloud Platform

Qualys Releases Virtualized Private Cloud

Allows customers to host and operate the security and compliance platform within their data centers to meet the varying needs of Private, Community, Public, and Hybrid Cloud services

Qualys Launches Private Cloud Version of QualysGuard Platform

Qualys today introduced a private cloud version of its QualysGuard Cloud Platform

Lessons Learned From Cracking 2 Million LinkedIn Passwords

Dissecting LinkedIn's Response to the Password Breach

PCI Requires Merchants to Pass Internal Vulnerability Assessments

The PCI Standards Security Council will require merchants to show proof of passing an internal vulnerability assessment beginning June 30, noted Alex Quilter, director of PCI at Qualys.

Microsoft to Repair Internet Explorer Fault Discovered at Hacking Contest

Patch Tuesday will deal with exploit demoed at Pwn2Own competition

Microsoft’s June Security Patch To Deliver 3 Critical Windows Fixes

Microsoft's monthly security update will be arriving this Tuesday, and it's already turning out to be a replay of sorts.

Microsoft's Reaction to Flame Shows Seriousness of 'Holy Grail' Hack

Company's fast, sweeping response proves how critical it considers Windows Update

5 Ways You’re Wasting Compliance Dollars

Fighting redundancy and ineffectual practices leaves more money for meaningful security

Passing the Internal Scan for PCI DSS 2.0

Insight on the updated PCI DSS requirement, highlighting the need for internal vulnerability scanning

Tips to Speed up Your Security Patching

Software patching is a relatively simple task, and is an increasingly critical key to defend against security breaches by hackers armed with vulnerability scanners.

Project Finds, Purges Vulnerable Code Snippets From The Net

Community effort hopes to clean up insecure code found in the public domain

Top 10 Patching Hurdles and How to Overcome Them

Common hurdles for patching and tips that organizations can use to move toward a better patching posture.

Apple Releases QuickTime 7.7.2 for Windows, Fixes 17 Flaws

Apple QuickTime version 7.7.2 is out, fixing 17 security vulnerabilities in the multimedia framework.

Apple Security Update Fixes QuickTime Vulnerabilities

Guest post from Rodrigo Branco, Director of Vulnerability and Malware Research at Qualys, about Apple's latest advisory.

Apple Issues QuickTime Patch for Windows, OSX Users Safe

Apple issued a QuickTime update for Windows users on Tuesday night, patching 17 vulnerabilities that were not known to be in the wild yet.

Google Unleashes Chrome 19, Flattens 20 Bugs

Hot fuzz spawns QuickTime patch

Qualys Adds Security Experts to CTO/CSO Advisory Board

Apple's OS X, Safari Updates Improve OS X Security

Apple is legendary for its iron-fist control over what can or cannot run on its operating system. However, there are signs the company is beginning to relinquish some of the responsibility back to the vendors.

Why Do Software Holes Take So Long to Fix?

Experts weigh in about how long it takes for vendors to patch vulnerabilities.

New .secure Internet Domain On Tap

'Safe neighborhood' top-level domain will require SSL, DNSSEC, and other security measures for websites

Apple OS X Update Puts Elderly Flash Out Of Its Misery

Security fixes include new Safari that executes old plugins

Apple Auto-Disables Outdated Versions of Flash Player In Latest Software Update

Following a recent update to its iOS software that addressed several security issues with Apple’s mobile devices, the Cupertino tech titan pushed another significant software update today, this time for its flagship Mac OS X operating system and Safari Web browser.

10 Years of Trustworthy Computing: The Current State of Windows Security

A decade after launching its Trustworthy Computing initiative, Microsoft has come a long way but faces new challenges.

Your May 2012 Patch Update from Microsoft

Microsoft has just released seven bulletins -- three critical and four important -- addressing 23 vulnerabilities, as part of its monthly Patch Tuesday rollout.

Microsoft Releases Seven Security Updates

This month, Microsoft released seven bulletins, three critical and four important, that addressed a total of 23 vulnerabilities.

Microsoft Fixes Critical Flaws with Patch Tuesday Updates

Microsoft released a total of seven new security bulletins for May’s Patch Tuesday.

Adobe and Apple Patch Vulnerabilities

Adobe released a patch to cover a critical update in Flash at the end of last week.

‘May Day, May Day’: Microsoft Scrambles to Plug Critical Holes

Microsoft plans to ship in May seven security bulletins, including three critical bulletins to plug remote code execution holes in Microsoft Windows, Office, .NET Framework, and Silverlight.

Adobe Patches Flash Player Bug as Hackers Attack IE for Windows

Adobe released an emergency update today to fix a critical vulnerability in Adobe Flash Player for Windows, which has come under attack.

May's Patch Tuesday to Address Vulnerabilities in Windows, Office

The upcoming Patch Tuesday, scheduled to take place May 8, will include seven security bulletins addressing a total of 23 vulnerabilities.

A Patch Is Not Always a Patch

Sometimes a patch is not actually a patch; it is a configuration workaround.

Most Secure Websites Aren't

Did you know that most ‘secure’ websites actually aren’t all that secure?

Microsoft Announces 7 Bulletins for May 2012 Patch Tuesday, Closes Book on MAPP Data Leak

In addition to its advance notification for Patch Tuesday, Microsoft uncovers the party responsible for leaking security information and exposing customers to attacks against RDP

May 2012 Patch Tuesday Includes 7 Bulletins, 2 Critical

Security Bulletin Advance Notification released on Thursday provides Patch Tuesday preview.

Oracle Addresses 0-day "TNS Poison"

Guest post from Wolfgang Kandek on Oracle's workaround for Oracle Database vulnerability CVE-2012-1675

Global Dashboard for Monitoring the Quality of SSL Support

Guest post from Ivan Ristic about SSL Pulse, a continuously updated dashboard that is designed to show the state of the SSL ecosystem at a glance.

Trustworthy Internet Movement Builds SSL 'Avengers'

Industry's top names in SSL development agree to join task force

8 Reasons Conficker Malware Won’t Die

Poor corporate password practices and continuing use of Autorun help explain why eradicating this three-year-old worm has been so difficult.

Sick SSL Ecosystem: 90% of HTTPS Sites Insecure, 75% Vulnerable to BEAST Attack

Trustworthy Internet Movement's SSL Pulse shows 90% of the world's 200,000 most popular websites with HTTPS-enabled are actually insecure and 75% are vulnerable to the BEAST attack.

Microsoft: Conficker Worm Still a Major Threat

Weak security passwords and overlooked security updates have kept Conficker, a malware 'worm' first reported in 2008, alive and well.

Microsoft Conficker Work Remains ‘Ongoing’ Threat

Three-year-old 'dead' Windows worm infection is still spreading -- mainly via weak or stolen passwords, new Microsoft report says

Microsoft: Conficker Worm Continues to Plague Enterprises

The notorious Conficker worm, which began infecting Windows systems in 2008 but has not had a new variant in more than two years, continues to dog enterprises more than three years later, according security experts at Microsoft.

Oracle Patches 88 Issues in Mammoth Security Update

Oracle released 88 security fixes addressing vulnerabilities in over 35 products in its portfolio as part of its Critical Patch Update.

Oracle Patches 88 Vulnerabilities

Oracle will release 88 vulnerability fixes across hundreds of its offerings as part of a scheduled quarterly security update.

SSL/TLS Deployment Best Practices

SSL/TLS is a deceptively simple technology. It is easy to deploy, and it just works… except that it does not, really.

Two Mac Trojans: Apple Patching Fast Enough?

Apple Friday released a Java security update to battle the Apple OS X malware known as Flashback.

Oracle to Issue Quarterly Patches Next Week

As part of its scheduled quarterly security update, Oracle announced that on Tuesday it will release 88 new vulnerability fixes across hundreds of its offerings, covering more than 30 product lines.

Apple Issues Software Update to Fix Flashback Vulnerabilities and Disable Java

Apple released a software update last night for Java in order to remove the most common variants of the Flashback malware.

Flashback Malware Removal Cleverly Reduces Risks for Macs

Better late than never? Apple has released the third Java update in a week for Mac OS X, and this one contains the tool to remove the Flashback malware from infected systems.

Microsoft begins final two years of support for XP

Microsoft has confirmed that it will end support for Windows XP and Office 2003 in two years.

End of Windows XP Support Era Signals Beginning of Security Nightmare

Consumer, corporate and even SCADA systems could be at risk when Microsoft stops supporting Windows XP.

Adobe, Microsoft Issue Critical Updates

Adobe and Microsoft today each issued critical updates to plug security holes in their products.

Microsoft April 2012 Patch Tuesday Repairs Critical IE Flaws, ActiveX Control Issue

Microsoft issued a major browser security update, repairing critical Internet Explorer flaws as part of its April 2012 Patch Tuesday.

Microsoft Released Six Comprehensive Security Updates

This month Microsoft issued six bulletins, four critical, two important, addressing 11 distinct vulnerabilities.

Microsoft's Patch Tuesday Brings Seven Critical Fixes

Bulletins warn of SQL Server, Visual Basic, IE threats as well

Microsoft Patches Critical Windows Zero-Day Bug That Hackers Are Now Exploiting

Fixes first security flaw in Windows 8 Consumer Preview

Tuesday Top Tips – Qualys SSL Labs

If you are configuring SSL on your website or online application (and you should be these days), use the resources over at Qualys SSL Labs.

Death, Taxes, and Microsoft's Patch Tuesday

IT administrators in the US better have their taxes done already because Microsoft is sending plenty of work on Tuesday with six security bulletins, four of which are rated critical and could lead to remote exploitation by hackers.

Microsoft's Patch Tuesday Will Address Exploits in Office 2010, IE9

4 of 6 bulletins rated critical

Patch Tuesday Preview: 6 Security Bulletins, 11 Vulnerabilities, 4 Critical

Preview of April 2012 Security Bulletin

Microsoft Slates Critical Windows, Office, IE Patches Next Week, Including 'Head-Scratcher'

Reveals Patch Tuesday's agenda, plans to fix 11 flaws with six security updates

Apple Patches Malware-Targeted Java Bug

Apple released a patch for multiple Java vulnerabilities, a couple of days after a security vendor reported that password-stealing malware exploiting the flaws was floating about the Web.

Apple Plugs Java Hole After Flashback Trojan Intrusion

6 weeks after Microsoft machines are patched...

Apple Patches OS X Java Security Flaws

Apple recently released a Mac OS X update that patches 12 Java security flaws, including a vulnerability that was being actively exploited by the latest version of the Flashback Trojan.

Apple Updates Java After Malware Spreads

One day after security researchers spotted active exploits taking advantage of gaping vulnerability in Java software running on Mac OS X machines, Apple released a fix.

1.5 Million Infected with Drive-by Malware in February

BlackHole exploit targets Java bug through browser-based attacks

A recently discovered Java exploit will have many updating, or even removing, the program.

Adobe Fixes Critical Security Flaws In Flash Player

Adobe Systems (NSDQ:ADBE) has released a Flash Player update that fixes two critical vulnerabilities and adds an automatic update feature.

Adobe Auto-Update Eases Flash Update Chore - on Windows Only

Backdoors plugged without lifting a finger

Digging into Verizon DBIR: Hacking, Malware, Cyber-Threats

While we all seized on the fact that hacktivists were reponsible for more than half of the data records stolen in 2011, Verizon's Data Breach Investigations Report had a few more gems.

Hardening the Endpoint Operating System

Qualys CTO Wolfgang Kandek, talks about the effects of hardening the endpoint operating system and improving the resilience against common attacks.

Microsoft Flaw Demonstrates Dangers Of Remote Desktop Access

Fear is that attackers will soon come up with exploits for targeted attacks, worms

Malicious Proxies May Become Standard Fare

DNSChanger shows that funneling infected network traffic to central servers can enable massive fraud, but the technique has significant weaknesses, as well

Your March 2012 Patch Update from Microsoft

Microsoft's March 2012 security update just landed.

Microsoft Issues Urgent Patch for 'Wormable' RDP Vulnerability

Microsoft released six new security bulletins today for the March 2012 Patch Tuesday.

Critical Windows Bug Could Make Worm Meat of Millions of High-Value Machines

Microsoft has plugged a critical hole in all supported versions of Windows that allows attackers to hit high-value computers with self-replicating attacks that install malicious code with no user interaction required.

Microsoft Incites Madness with March's Patch Tuesday Release

Details emerge on Microsoft's most critical patch of the year

Microsoft: Remote Desktop Protocol Vulnerability Should be Patched Immediately

Microsoft is urging organizations to apply the sole critical update in this month’s Patch Tuesday release as soon as possible.

Patch Tuesday: Microsoft Fixes Critical Bug in Remote Desktop Protocol

This month's update from Redmond includes six security advisories, but a pair of IE zero-day exploits demonstrated at last week's Pwn2Own hacking contest remain unpatched.

Dangerous Microsoft RDP Vulnerabilities Repaired in Patch Tuesday

Microsoft issued six security bulletins, including one critical update that addresses two serious Windows Remote Desktop Protocol (RDP) vulnerabilities that could be exploited by an attacker to take complete control of a system or prevent it from working properly.

RDP Flaws Lead Microsoft’s March Patch Batch

Microsoft today released updates to sew up at least seven vulnerabilities in Windows and other software.

Microsoft to Patch Windows Bug Called 'Holy Grail' by One Researcher

Announces next week's Patch Tuesday line-up, will fix 7 flaws in Windows, developer software

The Week in Security: Microsoft, Google and Adobe

Although the number of patches in Microsoft's Patch Tuesday this month is relatively low, the pain point may come in the rebooting.

Microsoft Plans Light Patch Tuesday for March

Microsoft has a relatively quiet Patch Tuesday planned for this month, with just six bulletins on the way for next week.

March’s Patch Tuesday to Contain 6 Bulletins, Only One of Which is ‘Critical’

It’s that time of the month again, friends, when gather round the table to stare at the batch of fixes that Microsoft has compiled to respond to newly uncovered security issues in its products.

DNSChanger-infected Machines Won't Be Disconnected, for Now

It's good news for the owners of the computers still infected by the DNSChanger malware

Major Phishing Contributors and Enablers

Agari announced the first Annual Sumo Awards to dishonor phishing's biggest contributors and enablers.

Virtual Scanners for Consultants, Enterprises and the Cloud

Qualys announced virtual scanner appliances for its QualysGuard Cloud Platform and suite of integrated applications for security and compliance.

IT Security & Network Security News & Reviews: RSA 2012: eWEEK Labs Picks the 21 Hottest Security Vendors

The RSA Conference 2012 (Feb. 27-March 2) will set the security agenda for the year. More than 300 companies are at the expo, but I've picked the 21 stops I'm making while in San Francisco.

In Pictures: RSA Conference 2012 (Day 2)

Highlights from RSA Day 2

Surveying Policies, Controls and Compliance

Qualys unveiled a new service for its QualysGuard Cloud Platform and suite of integrated applications for security and compliance to help businesses further automate their compliance tasks and reduce the time and effort for manual assessment of IT and non-IT controls.

RSA 2012: Qualys Updates Cloud Platform, Launches Web Application Firewall Service

The increasing adoption of cloud-based security services is an ongoing trend at RSA this year, and cloud security service provider Qualys chose the conference to announce a host of new modules for their QualysGuard cloud security platform and to take the wraps of their new QualysGuard Web Application Firewall (WAF) service.

Automated managing of enterprise assets

Qualys announced the availability of hierarchical Dynamic Asset Tagging for its QualysGuard Cloud Platform and suite of applications for security and compliance.

BSidesSF: Amol Sarwate on SCADA Security Challenges

In a presentation at the Security BSides San Francisco event, Amol Sarwate - Security Research Manager at Qualys - examined how SCADA security and advance persistent threats have now taken center stage.

Expert Panel at RSA 2012: Who's Responsible for Cloud Security?

Experts discuss cloud security questions at CSA Summit

0-day analysis service by Qualys

Qualys launched Zero-Day Risk Analyzer, a new service to help companies protect their IT systems against zero-day attacks which is delivered as part of the QualysGuard Cloud Platform

#BSidesSF: Why SCADA security is such an uphill struggle

We've covered the troubles with SCADA security at length, but have yet to see a real consensus on how to proceed. Amol Sarwate, security research manager at Qualys, took a crack at making sense of things at BSidesSF Monday morning.

Eradicating Malware from Enterprise Web Sites

Qualys announced a new service to help enterprises detect and eradicate malware from their web sites.

IT Security & Network Security News & Reviews: RSA Conference 2012: Hot Security Products for Cloud, BYOD

This year marks the 20th anniversary of the RSA conference, and companies are descending on San Francisco's Moscone Convention Center with product announcements and demonstrations highlighting the latest and greatest in their security portfolios.

Qualys Pushes Major Enhancements to its Flagship QualysGuard Suite

Qualys has a history of making major product announcements at the RSA Conference in San Francisco each year, and this year is no exception.

RSA Conference 2012 Opens in San Francisco

The world’s top information security professionals and business leaders gathered for the opening of the annual RSA Conference being held at San Francisco’s Moscone Center.

What's Hot at RSA This Week

Slideshow of hot products at RSA Conference 2012, including enterprise edition of the QualysGuard Malware Detection Service and QualysGuard Zero-Day Risk Analyzer

Do you need to worry about the advanced persistent threat?

Qualys CTO discusses how to reduce susceptibility to attacks

Web Encryption That Works

SSL technology isn't perfect, but it can be an effective security tool for your organization. Here are four tips for optimizing its performance

Better Information Sharing is the Future of Security, Experts Say

Potential seen for more proactive security following release of free threat intelligence feed

Five Schemes for Redeeming Trust in SSL

Creativity loves constraint and for security thinkers trying to shore up Web authentication today, that constraint is SSL/TLS

Open Source Tool Detects Videoconferencing Equipment Vulnerabilities

New open source tool can detect whether a given videoconferencing system is vulnerable to attack

The Decision to Strip Online Certificate Revocation Checks From Chrome Is Misguided, Symantec Says

Stripping OCSP (Online Certificate Status Protocol) and CRL (certificate revocation list) checks from Google Chrome could have dangerous implications because it will turn Google into a single point of failure, according to security vendor Symantec.

Oracle Plugs 14 Holes in Java

Oracle this week issued a critical patch update (CPU) that fixes 14 vulnerabilities in its Java SE product.

Adobe Flash Flaw Under Attack, Update Issued

Cross-site scripting vulnerability in Flash is being targeted by emails containing malicious links

The 8 Best Tips You'll Ever Get On How To Launch (And Grow) A Startup

Philippe Courtot is a well-known name in the security industry and for good reason.

Oracle’s Patches Address Java SE Security Flaws

Oracle released one CPU (critical patch update), which plugs 14 security holes within one of its products namely Java SE

Microsoft, Oracle, Adobe Send Patches for Valentine's Day

Details come forward on Valentine's Day/Patch Tuesday security bulletins from Microsoft, Adobe and Oracle

February 2012 Patch Tuesday: Critical IE, Windows Kernel Flaws Fixed

Microsoft repaired 23 vulnerabilities this month

February Patch Tuesday Lighter Than Expected

It turns out that this February Patch Tuesday is lighter than we had anticipated.

Microsoft to Fix Internet Explorer Hole

Patch Tuesday to include nine fixes for 21 vulnerabilities.

Microsoft to Fix Internet Explorer Hole

Patch Tuesday to include nine fixes for 21 vulnerabilities

Microsoft to Patch 21 Bugs Tuesday

Microsoft previews fixes in apps including Internet Explorer and Windows.

Patch Tuesday Preview, February 2012

Qualys CTO's assessment of this month's Patch Tuesday.

Microsoft to Issue More Critical Patches Next Week for Win7 Than XP

IE update likely the one users will want to apply ASAP, say researchers

Valentine's Day Patch Tuesday: Microsoft to Issue 9 Patches, 4 Critical

Progress continues as Microsoft will issue fewest February patches since 2009

Microsoft Issues Patch Plans, Includes Internet Explorer Fix

Microsoft on Thursday posted its plans for next week's Patch Tuesday.

Microsoft's February Patch Tuesday Fixes 21 Bugs

Microsoft is expected to show some love for Windows administrators on Valentine's Day, with nine patches fixing 21 vulnerabilities in February's Patch Tuesday release.

Critics Slam SSL Authority for Minting Certificate for Impersonating Sites

Critics are calling for the ouster of Trustwave as a trusted issuer of secure sockets layer certificates after it admitted minting a credential it knew would be used by a customer to impersonate websites it didn't own.

Microsoft Ruining Valentine's Day with Nine Security Bulletins

Next Tuesday is a big deal.

Marlinspike Asks Browser Vendors to Back SSL-Validator

'Convergence' open source dev needs vendors to balance the load

Hackers May Be Able to 'Outwit' Online Banking Security Devices

Investigators probe malware threat to 2-factor authentication

FBI Prepares to Shut Down DNSChanger Temporary Servers, Infections Remain

Thousands of computers still infected with the DNSChanger Trojan will not be able to access the Internet after the FBI shuts down its temporary servers March 8.

Half of Fortune 500 Firms Infected with DNS Changer

Machines will be cut off from the Web next month, say experts

Oracle Patches DoS Flaw in Database 10g, WebLogic, iPlanet

Oracle patched three products to address a vulnerability in Web Application frameworks that could cause a denial of service due to hashing collisions.

Symantec Patches PCAnywhere, But Should You Delete

Symantec says hotfix 'eliminates known vulnerabilities,' but hackers could use source code to exploit unknown holes. Some users will want to delete the app entirely.

Detecting the DNS Changer Malware

DNS servers handling traffic of infected machines will be shutdown in March, cutting off Internet access to those infected.

CSO Interchange: Cloud Concerns Are Largely Propaganda

Last week’s CSO Interchange roundtable centered on “Barriers to Cloud Adoption”, with talks on identity issues from Jericho Forum’s Paul Simmonds and SSL from security researcher Moxie Marlinspike.

Is Oracle Neglecting Database Security?

Oracle's big critical patch update on Jan. 17 set a record for the fewest fixes for database products--only two of the 78 total fixes in the CPU.

Qualys Expands Its FreeScan Service

Qualys announced its new and improved FreeScan service to help SMBs audit and protect their web sites from security vulnerabilities and malware infections.

Oracle Scorned for Paltry Database Patches

With only two of many reported vulnerabilities fixed in Oracle's latest update, the database security community questions Oracle's patch bottleneck.

Oracle Repairs Two Database Flaws, Issues 78 Patches to Product Line

Oracle repaired two flaws in its database management system as part of its quarterly update this week that included 78 patches across its product portfolio.

Oracle Squashes 78 Software Bugs in Latest Patch

Oracle yesterday deployed 78 different security fixes aimed at patching holes throughout its various database products.

Oracle Patches 78 Vulnerabilities

Oracle publishes Critical Patch Updates (CPUs) on a quarterly schedule.

Oracle CPU Contains Lowest Number Of Database Fixes Ever

Database security community concerned about Oracle's patch bottleneck

Oracle Readies 16 Highly Critical Security Patches

Oracle (NSDQ:ORCL) plans to release next week dozens of security patches, 16 highly critical, for most of the software maker's products.

Reactions from the Security Community to the Trustworthy Computing Initiative

Comments on the Trustworthy Computing Initiative that Help Net Security received from industry veterans.

Slow Read Attack: A New HTTP Denial of Service Attack

A new HTTP-based threat, dubbed a "Slow Read attack" aims to cause an undetected Denial of Service (DoS) by exploiting a transmission control protocol (TCP) persist timer vulnerability.

Microsoft and Adobe Release First Major Patch Bundles of 2012

Microsoft released seven bulletins last night to fix one critical issue on its first Patch Tuesday of 2012.

Adobe Plugs 6 Critical Holes in Reader

Also gives IT admins more control over PDF docs' oft-exploited JavaScript

Microsoft Slays the BEAST, and Six Other Patch Tuesday Updates

Microsoft has released a total of seven security bulletins – one ranked as “critical”, with the remaining 6 designated merely as “important”

Microsoft January 2012 Patch Tuesday Issues Windows Media Fix, Resolves SSL Protocol Weakness

Microsoft issued seven security bulletins, including one “critical” bulletin, repairing a serious Windows Media Player flaw that could be exploited in dangerous drive-by website attacks.

Microsoft Releases Seven Bulletins

Qualys CTO Wolfgang Kandek on this month's Patch Tuesday

Adobe Repairs Critical Reader, Acrobat Flaws, Adds JavaScript Control

Adobe Systems Inc. issued its quarterly security update Tuesday, repairing six critical vulnerabilities in its Reader and Acrobat software.

Media Player, Security Bypass Are Focus of Microsoft's First Patch Tuesday of 2012

Of the seven bulletins issued as part of Microsoft's first Patch Tuesday of the year, researchers agree that a vulnerability affecting Windows Media Player should be the first one patched.

Microsoft's First 2012 Patch Tuesday Offers One Critical Fix

Microsoft (NSDQ:MSFT) released Tuesday one critical bulletin in a package of seven that comprised the company's first monthly patch release of the year.

Exploit Code for Recent ASP.NET DoS Flaw Made Public

The ASP.NET DoS flaw that has recently been revealed at the Chaos Communication Congress in Berlin has been patched by Microsoft in almost record time, but users who have not already implemented the patch should definitely hop to it

New Slow-Motion DoS Attack: Just a Few PCs, Little Fear of Detection

Qualys Security Labs researcher Sergey Shekyan has created a proof-of-concept tool that could be used to essentially shut down websites from a single computer with little fear of detection.

New Denial of Service Vulnerability Detailed, Doesn't Require Many PCs

What you may not know is that there are denial of service (DoS) methods that don't need to be so distributed.

Microsoft to Start 2012 with Seven Bulletins on Patch Tuesday

Microsoft has announced that it will release seven bulletins addressing eight vulnerabilities on its first patch Tuesday of 2012.

Adobe Plans Fixes for Critical 3D Bugs in Reader, Acrobat X

Adobe will fix a slew of security flaws in Reader and Acrobat, including the critical 3D vulnerabilities that were discovered in December, as part of its quarterly update.

MetricStream, Qualys Partnership Brings Security and Risk Intelligence to IT-GRC

Qualys and MetricStream announce integration of MetricStream IT-GRC Solution with QualysGuard Vulnerability Management

Microsoft's 2012 Inaugural Security Patch to Include 7 Fixes

January's Security Update from Microsoft, arriving next Tuesday, will feature six fixes for Windows and one fix for Microsoft developer tools, according to the company's advance notice.

Microsoft to Start New Year With Seven Security Bulletins

Microsoft plans to start the new year with a relatively large number of security bulletins covering eight vulnerabilities.

Microsoft Plans 7 Fixes for January Patch Tuesday

Microsoft is planning seven fixes for January's Patch Tuesday release that will address bugs in all versions of Windows and possibly for the SSL/BEAST flaw.

Researcher Devises Hard-to-detect Denial-of-service Attack Against HTTP Servers

New HTTP denial-of-service (DoS) attack relies on prolonging the time clients need to read Web server responses.

Rated Critical: A Microsoft Security Blog

How can Microsoft's only unscheduled patch of 2011 help predict its security success in 2012?

The Year in Security: A Look Back at 2011 and Trends for 2012

Reflecting on security events of 2011 to plan for 2012

Cyberthreats Evolve, Start-ups Responding

Types of security threats companies face have shifted dramatically in recent years.

MetricStream and Qualys Partnership Brings Actionable Security and Risk Intelligence to IT-GRC

ntegration partnership enables corporations to continuously take full inventory of their IT assets

No Shelter From a Cybercrime Storm

Denial of service hole closed

Microsoft Publishes Workaround for ASP.NET Vulnerability

Advisory provides workaround to help protect ASP.NET customers from a publicly disclosed vulnerability that affects various web platforms

Email or call us at +1 800 745 4355 or try our Global Contacts
Subscription Packages
Qualys Solutions
Qualys Community
Free Trial & Tools
Popular Topics