‘Tis the Season for Security Resolutions, Not Predictions
As 2012 comes to a close, many security vendors have issued predictions on what security issues and trends would dominate our collective attention in the New Year.
Be Prepared: 4 Steps to Better Data Disaster Planning
While more than a month has gone by since the devastating Hurricane Sandy hit the East Coast, the photographs and videos of the incredible destruction will be hard to forget.
Microsoft Patches Critical Remote Flaws in Word, IE and Windows
A rare critical Microsoft Word vulnerability was patched today by Microsoft, one of seven security updates pushed out repairing 11 flaws.
The Last Patch Tuesday of 2012
Today is the last Patch Tuesday of 2012. Its seven bulletins bring the total count for the year to 83, significantly down from last year’s 100 bulletins and even more from the 2010 count, which ended at 117 bulletins.
Windows 8, RT to Receive More Critical Patches Next Tuesday
Windows 8 and RT are set to receive their second lineup of bug fixes when next week's Patch Tuesday rolls around.
Microsoft Fixing 11 Vulnerabilities for December Patch Tuesday
Microsoft announced today that it plans on shipping seven bulletins, five critical, two important, for the December edition of its monthly patch Tuesday security bulletin release cycle.
Major Exploit Hits Tumblr, Affects Over 8,600 Users
A massive attack against Tumblr appears to have impacted more than 8,600 users whose blogs are apparently becoming infected through the act of clicking on an infected site.
Don’t Get SaaS-y with Me: 5 CloudBeat Lessons you Need to Know
Big business is embracing the cloud more than ever. Cloud tech has reached a level of acceptance in the past year, with many companies moving out of pilot projects and into full-on deployments of critical parts of their business onto cloud-based systems.
Cloud Security Experts: Use Multi-Factor Authentication, You Dummies
If you’re not using multi-factor authentication as a company or as a consumer, you really need to start. No, seriously, go turn it on now if you can.
Updates Browsers Still Vulnerable to Attack if Plugins are Outdated
Psst. Is your browser up-to-date? You may think you are safe because you update the Web browser regularly, but chances are you are still surfing the Web with highly vulnerable software.
A Chat with Wolfgang Kandek, CTO, Qualys…
On November 8th, I attended the Qualys Security Conference 2012 at the Berkeley hotel in London. At the end of the day, I was lucky enough to catch up with Wolfgang Kandek, CTO of Qualys.
Cybergangs Target Online Shoppers
Here's how cybergangs are targeting online holiday shoppers, and here's what you can do to protect yourself.
SMBs Face the Biggest Threats from Cyber Monday Shopping
Many employees will spend a portion of their day hunting for bargains on the Monday following Thanksgiving weekend, and companies should prepare for the increased security risks.
With Shopping Scams on the Rise, Watch for These Threats
Holiday shopping means a spike in online scams, fraud, and malware, so you need to be aware of the risks and threats, and exercise some common sense to avoid a cyber-Grinch incident.
Half Of Machines Shopping On Cyber Monday Likely Contain Vulnerabilities
Meanwhile, businesses more worried about productivity than security threats
Facebook Praised for Encrypting Web Access by Default
Move to HTTPS will protect users accessing the social network via public Wi-Fi networks
Facebook to Roll Out HTTPS by Default to all Users
The connections of all Facebook users with the website will be encrypted by default
Adobe to Fix Flash Player on Patch Tuesdays
Adobe has changed its schedule for releasing Flash Player security updates to coincide with Microsoft's Patch Tuesday schedule.
Facebook Adopts Secure Web Pages by Default
Facebook has finally started using HTTPS by default, following a 2010 FTC demand and in the distant footsteps of Google, Twitter, and Hotmail
Courtot Mixes Business with Extreme Skiing, Hurricane Chasing
Most Admired CEO Profile on Qualys' Philippe Courtot
Beyond Antivirus Software: Eclectic PC Security Tools for System-Wide Audits
Welcome to a harsh reality: Relying on an ostensibly comprehensive antivirus suite just doesn't cut it in 2012.
'Multiple Vulnerabilities' Found in Windows 8
Security firm Vupen says it has found several serious security loopholes in the new Windows 8 operating system (OS).
Despite Windows 8 Zero-Day, Vendors Laud Security of New Microsoft OS
Security experts at several security firms are heralding Windows 8, Microsoft's new endpoint platform, as the safest operating system to date.
Adobe, Now ‘Married’ to Microsoft, Moves Flash Updates to Patch Tuesday
Will sync Flash security updates with partner's monthly schedule
Vupen Claims “Remote Code Executiion” on Windows 8
Reminds the industry that Windows is unlikely to ever be bulletproof, says one security expert
Flaws patched in Apple's Safari browser and iOS 6
Apple has released updates to address flaws in its Safari 6 web browser and iOS 6 mobile operating system.
Government-Funded Hackers Say They've Already Defeated Windows 8's New Security Measures
Last week’s Windows 8 launch wasn’t just a major product release for Microsoft. It seems to have been a banner day for the government-funded hackers who take Microsoft’s software apart, too.
Windows 8 Security: Mostly Good, Some Bad
Even though Microsoft's Windows 8 is not specifically a security release, the new Secure Boot and better memory management hardens the desktop against attackers.
Windows 8 Raises the Bar for PC Security
Security features in Windows 8 that will keep your PC and data safe.
Windows 8 Security Focuses on Early Malware Detection
In Windows 8, Microsoft has greatly improved the operating system's ability to detect malware before it has a chance to run, experts say.
Qualys Adds Vulnerability Prediction Capabilities To QualysGuard Platform
Qualys has updated two of its products to help administrators better manage vulnerabilities and mitigation, the company said Wednesday at its own Qualys Security Conference in Las Vegas
SSL Implementation Flaws Found in Many Android Apps
A study conducted by German researchers found that more than 1,000 out of 13,500 Android applications contained serious flaws in their SSL implementation
inShare Permalink RSS Russian Service Rents Access To Hacked Corporate PCs
Service provides stolen remote desktop protocol credentials, letting buyers remotely log in to corporate servers and PCs, bypassing numerous security defenses.
Zero-Day Attacks Long-Lived, Presage Mass Exploitation
Zero-day attacks escape detection for an average of 10 months; once they go public, attacks multiply dramatically, researchers find
Apple Tries to Kill its Own Java on Most Macs
Apple took other measures to shove Mac owners towards Oracle, including removing Java options from the Preferences window.
Zero-Day Arracks Escape Detection for Nearly a Year: Symantec Study
Attacks using undisclosed “zero-day” vulnerabilities remain hidden for anywhere from 19 days to 30 months, according to new research that found eleven previously undetected attacks.
Oracle Squashes 109 Bugs in Quarterly Patch Batch
Hot fresh Java will flush parasites from your system
3 Must-Fix Vulnerabilities Top Oracle CPU Patches
Two CVSS 10.0 and one 9.0 flaws top the charts on a Critical Patch Update list chock full of remotely exploitable vulnerabilities
Web App Design at the Core of Coding Weaknesses, Attacks, Says Expert
Developers need to work on creating strong designs for Web applications by rethinking their coding practices and the process in place to fix bugs
More Banks Come Under Denial-of-Service Attack
Capital One and SunTrust came under attack this week using denial-of-service techniques that are evading defenses meant to blunt such attacks
Mozilla Praised for Pulling Flawed Firefox 16
Move shows commitment to privacy, but experts say Google's Chrome and Microsoft's Internet Explorer are more secure
Qualys Expands QualysGuard PCI Cloud Platform
Qualys has expanded QualysGuard PCI to assist organizations of all sizes to meet Payment Card Industry (PCI) Data Security Standards (DSS), including new internal scanning requirements.
Application Vulnerability Disclosures Rise, Microsoft Finds
Application vulnerabilities are on the rise in 2012
U.S. Security Vendors Wary of Chinese Telecom Suppliers, Call for Transparency
Qualys CEO: Huawei needs to "disconnect" from Chinese government
Your October 2012 Patch Tuesday Update from Microsoft
Microsoft released seven bulletins in Windows, Office and SQL Server today as part of its monthly update cycle.
1 'Critical' Item and 2 Advisories in Microsoft's October Security Update
For the second month in a row, Microsoft is releasing an uncharacteristically light security update.
Microsoft Patches Critical Word Flaw; Certificate Key Length Changes are Official
Microsoft rolled out seven security updates today, including a fix for a critical remotely exploitable Word vulnerability
Microsoft Addresses Critical Word Flaws, New RSA Key Length
Microsoft will begin requiring digital certificates to support an RSA key length of at least 1024 bits today, in accordance with a security advisory being pushed through Windows Update.
25 Critical Updates in Adobe Flash Fix
Just slightly out of kilter with today’s Microsoft ‘Patch Tuesday’, Adobe yesterday issued a patch for 25 Flash vulnerabilities
The Challenges of Securing Enterprises in a BYOD World
BYOD is a growing reality, as employees are connecting a greater number of devices to enterprise networks on a daily basis, and CIOs and CSOs must prepare accordingly.
October Patch Tuesday Preview
After a very light September, October’s Patch Tuesday will revert to normal with seven security bulletins from Microsoft: one labeled critical and six labeled important.
Patch Tuesday: Microsoft's October Update Will Fix Security Vulnerabilities in Office
This month's release has seven bulletins--just one of them critical.
Microsoft to Patch 20 Bugs Next Week in Month of Office Updates
Single critical update will fix serious flaws in Office 2007, 2010 on Windows that hackers could use to hijack PCs
October 2012 Patch Tuesday: One Critical Bulletin Expected
Microsoft's October 2012 Patch Tuesday release will include seven bulletins, one deemed critical and six as important
Malicious Copy of MySQL Tool Distributed Through SourceForge Mirror
A compromised copy of the MySQL administration tool phpMyAdmin was being served up via a SourceForge mirror site based in Korea that has since been taken out of the rotation, officials said.
inShare Permalink RSS Microsoft IE Patch Fixes Flaw Under Active Attack
Microsoft wins praise for quickly addressing five remote-execution security vulnerabilities, one of which is being used now in attacks
Clues, Experts Say Microsoft Knew of IE Zero-Day for Weeks Before Patching
Bug-bounty program may have reported the browser flaw to Redmond in July
The Geography of HTML5 Security
Book author and Qualys Director of Engineering Mike Shema outlines HTML5 security
Microsoft Releases Emergency IE Patch
Microsoft has released an out-of-band update fixing at least five vulnerabilities in Internet Explorer
Apple Goes Against Grain, Extends Support for Snow Leopard
'Might be a Windows XP-like effect,' notes one security expert of Apple's patching of OS X 10.6
Redmond Promised Emergency IE Bug Fix on Friday (zero day +5)
Keep calm and carry on, advise security types
Huge iTunes Patch: Apply It and Move On
Although 163 security fixes is a big update for any product, Apple users should be more concerned with recent Java issues
Apple Plugs 163 iTunes Security Holes
Security researcher Wolfgang Kandek said he doesn't believe iTunes is high on the priority list of attackers -- and it is possible none of the vulnerabilities could actually be exploited through iTunes.
The Perfect CRIME? New HTTPS Web Hijack Attack Explained
BEASTie boys reveal ingenious login cookie gobble
'CRIME' Attack Abuses SSL/TLS Data Compression Feature to Hijack HTTPS Sessions
SSL/TLS data compression leaks information that can be used to decrypt HTTPS session cookies, researchers say
Microsoft to Patch Adobe Flash Player in Windows 8 'Shortly'
Microsoft said it will update Adobe Flash Player to close security holes before Windows 8 is generally available
Crack in Internet’s Foundation of Trust Allows HTTPS Session Hijacking
Attack dubbed CRIME breaks crypto used to prevent snooping of sensitive data
Microsoft Changes Mind; Will Patch Flash on IE 10 Before Windows 8 Ships
Microsoft has reversed course and said it will patch a serious Adobe Flash vulnerability in Windows 8 and Internet Explorer 10 before the new Microsoft OS ships Oct. 26.
Experts Urge Prep for Microsoft’s Cert-Blocking Update
Scan networks for too-short keys, audit systems, test Oct. update before it rolls out, urge security pros
Microsoft to Patch Windows 8 Flash Bug Before OS Released
No patching before release meant the forthcoming operating system would be vulnerable to attack immediately after it was made available
Web Application Firewalls and IPv6
Does your WAF protect against IPv6 attacks?
Microsoft’s September Patch Tuesday Load Lighter Than Usual
With only two updates released on September's Patch Tuesday, Microsoft is going easy on IT departments this month
The September Lull: Microsoft Releases But Two Bulletins for This Month’s Patch Tuesday
Today Microsoft announced and detailed the updates component to the latest edition of its monthly security update cycle
Microsoft Ships Two Bulletins in September Security Update
The Microsoft security team shipped just two bulletins - resolving as many holes - in the September, 2012 edition of Patch Tuesday.
RSA Key Length Change Should be Priority in September 2012 Patch Tuesday
Microsoft will be restricting Windows certificate acceptance rules next month and security experts indicate that since September has few software updates, security teams should prepare for the changes.
Why Are Web Applications a Security Risk?
The CTO of Qualys explains how the shift from traditional to Web applications will require developers to raise their security games.
September’s Patch Tuesday is a Lightweight
But “we’d like to remind you about an important change to Windows’ certificate requirements,” says Microsoft – so September is still going to be a busy month for sys admins.
Microsoft’s September Patch Tuesday Easy; October, Not So Much
September's Microsoft Patch Tuesday preview is shaping up to be a fairly simple one
Get Ready: Microsoft is Raising the Bar for Encryption Keys
Next Tuesday is already Patch Tuesday for September, but Microsoft only has a couple of relatively minor updates lined up. Don’t get too comfortable, though—you need to prepare for the changes Microsoft is making next month for cryptographic keys.
Microsoft Gives Users a Patch Break, and Time to Prep for Certificate Slaying
Use the light Patch Tuesday to get ahead of key invalidation update slated for October, say experts
Microsoft Plans Two 'Important' Security Updates for Foxprom, System Management Server
Compared to what we've seen for much of this year, September is shaping up to be quiet on the Microsoft patching front.
Malware Analysis Tools and Techniques Failing But Researchers Aim For Improvement
Hardened cryptographic algorithms and other defensive capabilities are making reverse engineering and analysis increasingly difficult for malware researchers
ABCs Of Factoring Risk Into Cloud Service Decisions
Taking an empirical, risk-based approach to deciding on third-party, shared-infrastructure services
Java Sandboxing Could Thwart Attacks, but Design May be Impossible
Cybercriminals are targeting known Java vulnerabilities and discovering zero-day exploits
Six Ways to Protect Against the New Actively Exploited Java Vulnerability
Methods for users to protect their computers from attacks that target a new and yet-to-be-patched vulnerability in all versions of Java Runtime Environment 7
Newly Discovered Java Flaw Seen Exploited in Wild
Information on a Java flaw that has been seen in targeted attacks in the wild
Dropbox Going Two-Factor, Becoming De Facto
Move comes four weeks after the popular online file sharing service was hit by an embarrassing spam attack
Attack Code Surfaces Targeting Java Zero-Day Flaw
Security researchers at FireEye Inc. are warning of a new zero-day vulnerability affecting the latest version of Java
Serious New Java Vulnerability Discovered
An attack that targeted a previously unknown security hole in Java has recently been spotted.
Java 7 Under Attack: Researchers Advise It Be Disabled During the Interim
Security researchers are urging channel partners and administrators to limit use of Java 7 while they work to resolve a new zero-day exploit in Java 7
Warning: Java Zero Day Flaw Under Attack
A zero-day vulnerability in Java is being actively exploited in the wild.
Emergency Adobe Update APSB12-19 Addresses More Flash Player Flaws
Adobe Systems Inc. has released six security updates in Security bulletin APSB12-19
New Patches for Adobe Flash Player
Adobe has issued new patches for Flash on Windows, Mac, Linux and Android, for Air on Windows and Mac, and for the Air SDK.
Patch Tuesday Déjà vu: Adobe Patches Flash…Again
Double-Take for IT Admins
How To Protect Your Commercial Web Server
Public Internet servers are among criminals’ favorite targets. Is your security strategy up to the challenge?
Apache Patches Fifty Bugs, Two Security Flaws, in Web Server
The Apache Software Foundation has fixed over fifty bugs, including two security vulnerabilities, in its venerable Web server software.
Former White House Cybersecurity Official Joins Start-Up
Former cybersecurity officials work with start-ups
August 2012 Patch Tuesday Fixes Flaw Being Actively Targeted By Attackers
Microsoft issued nine security bulletins, addressing 26 vulnerabilities in its August 2012 Patch Tuesday
August Patch Tuesday: Microsoft Fixes XML, IE, and Oracle Flaws
Microsoft patches 26 vulnerabilities -- and revisits the XML patch from the July update.
Ready, Set, Patch! Microsoft Releases Nine Security Updates for Multiple Products
This month's patch load: Nine bulletins, 5 of which are critical, that address 27 vulnerabilities.
August’s Patch Tuesday Brings 9 Bulletins, Fixes 27 Vulnerabilities
This month’s updates include 9 total bulletins, 5 of which are rated as ‘critical,’ addressing a total of 27 vulnerabilities.
8 of 9 Microsoft August Bulletins Battle RCE Flaws
Microsoft's monthly Security Update arrived today with nine bulletins addressing 26 vulnerabilities.
Critical Security Fixes from Adobe, Microsoft
Adobe and Microsoft each issued security updates today to fix critical vulnerabilities in their software.
5 Benefits of IT Compliance Programs
Non-security benefits of compliance include improved asset management, streamlined IT operations, and bolstered intelligence about technology and business processes
August Patch Tuesday Heats Up with Five Critical Security Bulletins
Five of Microsoft’s nine security bulletins set to be shipped Tuesday plug critical security flaws in a range of products.
Security Manager’s Journal: At Budget Time, you Ask and Hope to Receive
Our manager has a long wish list as the annual budget time rolls around once again.
A Sneak Peek At Microsoft’s August Patch Tuesday
Microsoft prepares to release next week's August edition of Patch Tuesday
Vendors Roll Out Mobile Security, Vulnerability and Forensics Tools
A look at some of the releases from Black Hat, as well as the latest vulnerability management and forensics products
Third Parties Are IAM's Third Wheel
Connections with suppliers, partners, and contractors need better foresight and planning
Outlook.com Passwords: Does Length Really Matter?
U.S. Cyber Coordinator Moves on
What does the nation's first cyber security coordinator do for an encore on leaving government service?
ASEF Android Tool Analyzes App Security and Behavior
A researcher at Qualys has released a new tool designed to allow users to evaluate the security and behaviors of the apps installed on their Android devices.
Hackers Increasingly Aim for Cross-Platform Vulnerabilities
A Microsoft security researcher says malware makers seek 'economies of scale'
HTML5 WebSockets Identified As Security Risk
WebSockets offer the promise of improved TCP connections, but do they also invite new forms of attack on your applications and infrastructure?
Black Hat 2012: Rodrigo Branco on New Malware Research Database
In this interview with SearchSecurity.com News Director Robert Westervelt, Rodrigo Branco, director of vulnerability and malware research at Qualys, discusses his new malware analysis system.
Qualys adds IPv6 support to FreeScan
Qualys announced at Security B-Sides Las Vegas that FreeScan now includes support for IPv6.
Qualys Adds IPv6 Support to FreeScan Service
Using FreeScan, organizations can now scan IPv6 devices to detect possible vulnerabilities and take the steps necessary to remediate them.
New Tool Gives 150 Ways to Bypass Web App Firewalls
Released at Black Hat, tool can test if web application firewalls are vulnerable to protocol-level evasion techniques
Qualys Open-Source Mobile Security Tool Debuts at Black Hat
A new open-source framework from Qualys called ASEF is set to debut at the Black Hat Security conference this week. The tool lets anyone parse Android apps and figure out if there are risks.
Qualys Announces General Availability Of Its Dynamic Asset Tagging and Management Technology
Technology enables customers to identify, categorize, and manage large numbers of assets in highly dynamic IT environments
Black Hat Makes Light of Accidental Password-Reset Email
A Black Hat volunteer mistakenly sent to 7,500 conference goers a password-reset email that was initially thought to be a phishing attempt.
Black Hat 2012: Hackers to Explore Malware Analysis, Next-Gen Attacks
Researchers will share insights into next-generation malware and hacker techniques at the 2012 Black Hat Briefings in Las Vegas next week.
Mobile and Web Security Will Be Major Topics at Black Hat
Mobile and Web Security Will Be Major Topics at Black Hat
Ten Must-See Black Hat 2012 Sessions
A selection of talks, recommended for all audiences and guaranteed to be hits.
Firefox 14 Gets Kudos for Security
'They're doing great work in the security area,' says security firm CTO of open source browser group Mozilla
'Waldo' Finds Ways To Abuse HTML5 WebSockets
Black Hat USA researchers to release free hacking tool and demonstrate how new communication channel could be used for XSS, denial-of-service, and hiding malicious or unauthorized traffic
Will Advanced Attackers Laugh At Your WAF?
Companies should not trust vendors' claims about Web application firewalls, says security engineer who at Black Hat USA will show 150 different ways attackers can get around Web defenses
How to Make Your Website Hacker-Proof
Simple steps to avoid trouble
Your Birthday Is a Terrible Password
A Qualys researcher used pattern-matching analysis to find date-based passwords in the LinkedIn hash dump
July’s Patch Tuesday Brings 9 Bulletins, Addressing Some 16 Vulnerabilities Including a Critical Fix IE9
Patch Tuesday: Microsoft Pushes Nine Fixes For 16 Flaws
Microsoft on Tuesday issued nine security bulletins to address three "critical" and six "important" security issues.
Microsoft’s July Security Update Arrives With Unexpected IE Fix
Microsoft released its monthly security rollout today, which includes three fixes rated "critical" and six designated "important."
Microsoft Fixes XML Flaw as Attackers Circle in Patch Tuesday Update
Microsoft plugged a number of security holes today impacting Windows, Internet Explorer and other products as part of its monthly security update.
Microsoft Patches XML Flaw Under Attack and 15 More Vulnerabilities
July Patch Tuesday: XML 5 Still Vulnerable
Microsoft fixes some -- but not all -- XML flaws in the July Patch Tuesday security update. Meanwhile, Internet Explorer is set to get more frequent patches.
Microsoft Patch Tuesday Takes Aim At Key XML, IE9 Vulnerabilities
Microsoft has released nine bulletins addressing 16 vulnerabilities
Patch Tuesday Preview, July 2012
Malware Monday: Last-Minute Checks to Avoid Internet Shutdown
Malware Monday is July 9
How To Test Your Computer For DNS Changer Malware
The malware could cause as many as 64,000 Americans' computers to lose Internet service on Monday.
Microsoft's XML 0-day fix expected in July Patch Tuesday
Hack attack smack
There Is No Excuse for Still Being Infected with DNSChanger
The FBI estimates that as many as 275,000 PCs are still at risk of losing access to the Web on Monday
Patch Tuesday: Time to Use the Flame-Retardant Windows Update Client
Updated Windows Update software fixes vulnerabilities exploited by Flame malware
Microsoft Prepping 9 Fixes for July's Patch
Microsoft is readying three "critical" bulletins and six "important" items for this month's security update
Researchers Use Cloud To Clear Up Malware Evasion
An analysis project surveys the techniques used by malware to evade security software and plans to turn the research into a service to analyze malware
Former White House Cyber Czar Rejoins Private Sector
Former White House Cyber Coordinator Howard Schmidt, who retired in May, has landed back in the private sector.
If Security Were The Only Factor, a Windows 8 Upgrade Would Be A No-Brainer
Windows 8 benefits from a decade of Microsoft security focus
4 Signs That Apple's Sharpening Its Security Game
Apple is quietly making some subtle, incremental security moves in the face of new threats to its products
Former Cybersecurity Czar Howard Schmidt Joins Qualys Board of Directors
Qualys announced this week that former cybersecurity czar Howard Schmidt will join the company’s Board of Directors
Changes to PCI rules: What you need to know
Changes to PCI rules: What you need to know
Howard A. Schmidt, Former White House Cybersecurity Coordinator, Joins Qualys Board of Directors
Distinguished global authority on Internet security and critical infrastructure to bring public sector expertise and help expand industry collaboration
Qualys helps businesses comply with Cookie Directive
QualysGuard WAS identifies cookies that have been issued without the user’s consent
Qualys Helps Organizations Comply With EU Cookie Directive
QualysGuard Web Application Scanning (WAS) service will be able to help customers identify Web application cookies in order to help organizations comply with the European Union (EU) Cookie Directive
The 50 Most Powerful People In Enterprise Tech
The 50 biggest movers and shakers in enterprise tech
Microsoft Windows Update SSL Certificate Gets Failing Grade
Nonetheless, there's no hard evidence Win Update is unsafe, crypto expert says.
VMware Patches Virtualization Flaws
Bugs would allow attackers with administrator-level access to cause a denial of service or even take control of a targeted environment.
Vulnerabilities in Open Source WAF ModSecurity
Guest post from Qualys' Ivan Ristic on ModSecurity update
Qualys Brings Security, Compliance Platform to Private Clouds
Qualys recently introduced a private cloud version of its QualysGuard Cloud Platform
Qualys Unveils Private Cloud Version of Security Package
Qualys introduced this week a private cloud version of its QualysGuard Cloud Platform
Oracle and Apple Update Java – and So Should You
Of particular note with the Oracle June Java update is the fact that Apple is also updating Java at the same time.
Microsoft Readies Post-Flame Windows Update Changes
Paused limited test update for Patch Tuesday, will feed more secure update client 'in a few days' to stymie Flame-like attacks
Your June 2012 Patch Tuesday Update
Microsoft released seven security bulletins addressing approximately 27 vulnerabilities scattered across Windows, Internet Explorer, Dynamics AX, Microsoft Lync, and the .NET Framework
June’s Patch Tuesday Brings in 7 Bulletins, Addresses 27 Vulnerabilities
June’s Patch Tuesday has some seven bulletins, of which three are rated critical, that address some 27 vulnerabilities.
Internet Explorer RCP Fix Highlights June’s Security Update
Microsoft released its June patch today, which includes three "critical" security items and four "important" bulletins
Stolen LinkedIn Passwords Can Sell for as Low as $1
Qualys Introduces Private Cloud Version of QualysGuard Platform
Customers can host and operate the security and compliance platform within their data centers
Qualys Launches Private Cloud Version of Security and Compliance Platform
Security provider Qualys has launched its QualysGuard Private Cloud Platform
Qualys Releases Virtualized Private Cloud
Allows customers to host and operate the security and compliance platform within their data centers to meet the varying needs of Private, Community, Public, and Hybrid Cloud services
Qualys Launches Private Cloud Version of QualysGuard Platform
Qualys today introduced a private cloud version of its QualysGuard Cloud Platform
Lessons Learned From Cracking 2 Million LinkedIn Passwords
Dissecting LinkedIn's Response to the Password Breach
PCI Requires Merchants to Pass Internal Vulnerability Assessments
The PCI Standards Security Council will require merchants to show proof of passing an internal vulnerability assessment beginning June 30, noted Alex Quilter, director of PCI at Qualys.
Microsoft to Repair Internet Explorer Fault Discovered at Hacking Contest
Patch Tuesday will deal with exploit demoed at Pwn2Own competition
Microsoft’s June Security Patch To Deliver 3 Critical Windows Fixes
Microsoft's monthly security update will be arriving this Tuesday, and it's already turning out to be a replay of sorts.
Microsoft's Reaction to Flame Shows Seriousness of 'Holy Grail' Hack
Company's fast, sweeping response proves how critical it considers Windows Update
5 Ways You’re Wasting Compliance Dollars
Fighting redundancy and ineffectual practices leaves more money for meaningful security
Passing the Internal Scan for PCI DSS 2.0
Insight on the updated PCI DSS requirement, highlighting the need for internal vulnerability scanning
Tips to Speed up Your Security Patching
Software patching is a relatively simple task, and is an increasingly critical key to defend against security breaches by hackers armed with vulnerability scanners.
Project Finds, Purges Vulnerable Code Snippets From The Net
Community effort hopes to clean up insecure code found in the public domain
Top 10 Patching Hurdles and How to Overcome Them
Common hurdles for patching and tips that organizations can use to move toward a better patching posture.
Apple Releases QuickTime 7.7.2 for Windows, Fixes 17 Flaws
Apple QuickTime version 7.7.2 is out, fixing 17 security vulnerabilities in the multimedia framework.
Apple Security Update Fixes QuickTime Vulnerabilities
Guest post from Rodrigo Branco, Director of Vulnerability and Malware Research at Qualys, about Apple's latest advisory.
Apple Issues QuickTime Patch for Windows, OSX Users Safe
Apple issued a QuickTime update for Windows users on Tuesday night, patching 17 vulnerabilities that were not known to be in the wild yet.
Google Unleashes Chrome 19, Flattens 20 Bugs
Hot fuzz spawns QuickTime patch
Qualys Adds Security Experts to CTO/CSO Advisory Board
Apple's OS X, Safari Updates Improve OS X Security
Apple is legendary for its iron-fist control over what can or cannot run on its operating system. However, there are signs the company is beginning to relinquish some of the responsibility back to the vendors.
Why Do Software Holes Take So Long to Fix?
Experts weigh in about how long it takes for vendors to patch vulnerabilities.
New .secure Internet Domain On Tap
'Safe neighborhood' top-level domain will require SSL, DNSSEC, and other security measures for websites
Apple OS X Update Puts Elderly Flash Out Of Its Misery
Security fixes include new Safari that executes old plugins
Apple Auto-Disables Outdated Versions of Flash Player In Latest Software Update
Following a recent update to its iOS software that addressed several security issues with Apple’s mobile devices, the Cupertino tech titan pushed another significant software update today, this time for its flagship Mac OS X operating system and Safari Web browser.
10 Years of Trustworthy Computing: The Current State of Windows Security
A decade after launching its Trustworthy Computing initiative, Microsoft has come a long way but faces new challenges.
Your May 2012 Patch Update from Microsoft
Microsoft has just released seven bulletins -- three critical and four important -- addressing 23 vulnerabilities, as part of its monthly Patch Tuesday rollout.
Microsoft Releases Seven Security Updates
This month, Microsoft released seven bulletins, three critical and four important, that addressed a total of 23 vulnerabilities.
Microsoft Fixes Critical Flaws with Patch Tuesday Updates
Microsoft released a total of seven new security bulletins for May’s Patch Tuesday.
Adobe and Apple Patch Vulnerabilities
Adobe released a patch to cover a critical update in Flash at the end of last week.
‘May Day, May Day’: Microsoft Scrambles to Plug Critical Holes
Microsoft plans to ship in May seven security bulletins, including three critical bulletins to plug remote code execution holes in Microsoft Windows, Office, .NET Framework, and Silverlight.
Adobe Patches Flash Player Bug as Hackers Attack IE for Windows
Adobe released an emergency update today to fix a critical vulnerability in Adobe Flash Player for Windows, which has come under attack.
May's Patch Tuesday to Address Vulnerabilities in Windows, Office
The upcoming Patch Tuesday, scheduled to take place May 8, will include seven security bulletins addressing a total of 23 vulnerabilities.
A Patch Is Not Always a Patch
Sometimes a patch is not actually a patch; it is a configuration workaround.
Most Secure Websites Aren't
Did you know that most ‘secure’ websites actually aren’t all that secure?
Microsoft Announces 7 Bulletins for May 2012 Patch Tuesday, Closes Book on MAPP Data Leak
In addition to its advance notification for Patch Tuesday, Microsoft uncovers the party responsible for leaking security information and exposing customers to attacks against RDP
May 2012 Patch Tuesday Includes 7 Bulletins, 2 Critical
Security Bulletin Advance Notification released on Thursday provides Patch Tuesday preview.
Oracle Addresses 0-day "TNS Poison"
Guest post from Wolfgang Kandek on Oracle's workaround for Oracle Database vulnerability CVE-2012-1675
Global Dashboard for Monitoring the Quality of SSL Support
Guest post from Ivan Ristic about SSL Pulse, a continuously updated dashboard that is designed to show the state of the SSL ecosystem at a glance.
Trustworthy Internet Movement Builds SSL 'Avengers'
Industry's top names in SSL development agree to join task force
8 Reasons Conficker Malware Won’t Die
Poor corporate password practices and continuing use of Autorun help explain why eradicating this three-year-old worm has been so difficult.
Sick SSL Ecosystem: 90% of HTTPS Sites Insecure, 75% Vulnerable to BEAST Attack
Trustworthy Internet Movement's SSL Pulse shows 90% of the world's 200,000 most popular websites with HTTPS-enabled are actually insecure and 75% are vulnerable to the BEAST attack.
Microsoft: Conficker Worm Still a Major Threat
Weak security passwords and overlooked security updates have kept Conficker, a malware 'worm' first reported in 2008, alive and well.
Microsoft Conficker Work Remains ‘Ongoing’ Threat
Three-year-old 'dead' Windows worm infection is still spreading -- mainly via weak or stolen passwords, new Microsoft report says
Microsoft: Conficker Worm Continues to Plague Enterprises
The notorious Conficker worm, which began infecting Windows systems in 2008 but has not had a new variant in more than two years, continues to dog enterprises more than three years later, according security experts at Microsoft.
Oracle Patches 88 Issues in Mammoth Security Update
Oracle released 88 security fixes addressing vulnerabilities in over 35 products in its portfolio as part of its Critical Patch Update.
Oracle Patches 88 Vulnerabilities
Oracle will release 88 vulnerability fixes across hundreds of its offerings as part of a scheduled quarterly security update.
SSL/TLS Deployment Best Practices
SSL/TLS is a deceptively simple technology. It is easy to deploy, and it just works… except that it does not, really.
Two Mac Trojans: Apple Patching Fast Enough?
Apple Friday released a Java security update to battle the Apple OS X malware known as Flashback.
Oracle to Issue Quarterly Patches Next Week
As part of its scheduled quarterly security update, Oracle announced that on Tuesday it will release 88 new vulnerability fixes across hundreds of its offerings, covering more than 30 product lines.
Apple Issues Software Update to Fix Flashback Vulnerabilities and Disable Java
Apple released a software update last night for Java in order to remove the most common variants of the Flashback malware.
Flashback Malware Removal Cleverly Reduces Risks for Macs
Better late than never? Apple has released the third Java update in a week for Mac OS X, and this one contains the tool to remove the Flashback malware from infected systems.
Microsoft begins final two years of support for XP
Microsoft has confirmed that it will end support for Windows XP and Office 2003 in two years.
End of Windows XP Support Era Signals Beginning of Security Nightmare
Consumer, corporate and even SCADA systems could be at risk when Microsoft stops supporting Windows XP.
Adobe, Microsoft Issue Critical Updates
Adobe and Microsoft today each issued critical updates to plug security holes in their products.
Microsoft April 2012 Patch Tuesday Repairs Critical IE Flaws, ActiveX Control Issue
Microsoft issued a major browser security update, repairing critical Internet Explorer flaws as part of its April 2012 Patch Tuesday.
Microsoft Released Six Comprehensive Security Updates
This month Microsoft issued six bulletins, four critical, two important, addressing 11 distinct vulnerabilities.
Microsoft's Patch Tuesday Brings Seven Critical Fixes
Bulletins warn of SQL Server, Visual Basic, IE threats as well
Microsoft Patches Critical Windows Zero-Day Bug That Hackers Are Now Exploiting
Fixes first security flaw in Windows 8 Consumer Preview
Tuesday Top Tips – Qualys SSL Labs
If you are configuring SSL on your website or online application (and you should be these days), use the resources over at Qualys SSL Labs.
Death, Taxes, and Microsoft's Patch Tuesday
IT administrators in the US better have their taxes done already because Microsoft is sending plenty of work on Tuesday with six security bulletins, four of which are rated critical and could lead to remote exploitation by hackers.
Microsoft's Patch Tuesday Will Address Exploits in Office 2010, IE9
4 of 6 bulletins rated critical
Patch Tuesday Preview: 6 Security Bulletins, 11 Vulnerabilities, 4 Critical
Preview of April 2012 Security Bulletin
Microsoft Slates Critical Windows, Office, IE Patches Next Week, Including 'Head-Scratcher'
Reveals Patch Tuesday's agenda, plans to fix 11 flaws with six security updates
Apple Patches Malware-Targeted Java Bug
Apple released a patch for multiple Java vulnerabilities, a couple of days after a security vendor reported that password-stealing malware exploiting the flaws was floating about the Web.
Apple Plugs Java Hole After Flashback Trojan Intrusion
6 weeks after Microsoft machines are patched...
Apple Patches OS X Java Security Flaws
Apple recently released a Mac OS X update that patches 12 Java security flaws, including a vulnerability that was being actively exploited by the latest version of the Flashback Trojan.
Apple Updates Java After Malware Spreads
One day after security researchers spotted active exploits taking advantage of gaping vulnerability in Java software running on Mac OS X machines, Apple released a fix.
1.5 Million Infected with Drive-by Malware in February
BlackHole exploit targets Java bug through browser-based attacks
A recently discovered Java exploit will have many updating, or even removing, the program.
Adobe Fixes Critical Security Flaws In Flash Player
Adobe Systems (NSDQ:ADBE) has released a Flash Player update that fixes two critical vulnerabilities and adds an automatic update feature.
Adobe Auto-Update Eases Flash Update Chore - on Windows Only
Backdoors plugged without lifting a finger
Digging into Verizon DBIR: Hacking, Malware, Cyber-Threats
While we all seized on the fact that hacktivists were reponsible for more than half of the data records stolen in 2011, Verizon's Data Breach Investigations Report had a few more gems.
Hardening the Endpoint Operating System
Qualys CTO Wolfgang Kandek, talks about the effects of hardening the endpoint operating system and improving the resilience against common attacks.
Microsoft Flaw Demonstrates Dangers Of Remote Desktop Access
Fear is that attackers will soon come up with exploits for targeted attacks, worms
Malicious Proxies May Become Standard Fare
DNSChanger shows that funneling infected network traffic to central servers can enable massive fraud, but the technique has significant weaknesses, as well
Your March 2012 Patch Update from Microsoft
Microsoft's March 2012 security update just landed.
Microsoft Issues Urgent Patch for 'Wormable' RDP Vulnerability
Microsoft released six new security bulletins today for the March 2012 Patch Tuesday.
Critical Windows Bug Could Make Worm Meat of Millions of High-Value Machines
Microsoft has plugged a critical hole in all supported versions of Windows that allows attackers to hit high-value computers with self-replicating attacks that install malicious code with no user interaction required.
Microsoft Incites Madness with March's Patch Tuesday Release
Details emerge on Microsoft's most critical patch of the year
Microsoft: Remote Desktop Protocol Vulnerability Should be Patched Immediately
Microsoft is urging organizations to apply the sole critical update in this month’s Patch Tuesday release as soon as possible.
Patch Tuesday: Microsoft Fixes Critical Bug in Remote Desktop Protocol
This month's update from Redmond includes six security advisories, but a pair of IE zero-day exploits demonstrated at last week's Pwn2Own hacking contest remain unpatched.
Dangerous Microsoft RDP Vulnerabilities Repaired in Patch Tuesday
Microsoft issued six security bulletins, including one critical update that addresses two serious Windows Remote Desktop Protocol (RDP) vulnerabilities that could be exploited by an attacker to take complete control of a system or prevent it from working properly.
RDP Flaws Lead Microsoft’s March Patch Batch
Microsoft today released updates to sew up at least seven vulnerabilities in Windows and other software.
Microsoft to Patch Windows Bug Called 'Holy Grail' by One Researcher
Announces next week's Patch Tuesday line-up, will fix 7 flaws in Windows, developer software
The Week in Security: Microsoft, Google and Adobe
Although the number of patches in Microsoft's Patch Tuesday this month is relatively low, the pain point may come in the rebooting.
Microsoft Plans Light Patch Tuesday for March
Microsoft has a relatively quiet Patch Tuesday planned for this month, with just six bulletins on the way for next week.
March’s Patch Tuesday to Contain 6 Bulletins, Only One of Which is ‘Critical’
It’s that time of the month again, friends, when gather round the table to stare at the batch of fixes that Microsoft has compiled to respond to newly uncovered security issues in its products.
DNSChanger-infected Machines Won't Be Disconnected, for Now
It's good news for the owners of the computers still infected by the DNSChanger malware
Major Phishing Contributors and Enablers
Agari announced the first Annual Sumo Awards to dishonor phishing's biggest contributors and enablers.
Virtual Scanners for Consultants, Enterprises and the Cloud
Qualys announced virtual scanner appliances for its QualysGuard Cloud Platform and suite of integrated applications for security and compliance.
IT Security & Network Security News & Reviews: RSA 2012: eWEEK Labs Picks the 21 Hottest Security Vendors
The RSA Conference 2012 (Feb. 27-March 2) will set the security agenda for the year. More than 300 companies are at the expo, but I've picked the 21 stops I'm making while in San Francisco.
In Pictures: RSA Conference 2012 (Day 2)
Highlights from RSA Day 2
Surveying Policies, Controls and Compliance
Qualys unveiled a new service for its QualysGuard Cloud Platform and suite of integrated applications for security and compliance to help businesses further automate their compliance tasks and reduce the time and effort for manual assessment of IT and non-IT controls.
RSA 2012: Qualys Updates Cloud Platform, Launches Web Application Firewall Service
The increasing adoption of cloud-based security services is an ongoing trend at RSA this year, and cloud security service provider Qualys chose the conference to announce a host of new modules for their QualysGuard cloud security platform and to take the wraps of their new QualysGuard Web Application Firewall (WAF) service.
Automated managing of enterprise assets
Qualys announced the availability of hierarchical Dynamic Asset Tagging for its QualysGuard Cloud Platform and suite of applications for security and compliance.
BSidesSF: Amol Sarwate on SCADA Security Challenges
In a presentation at the Security BSides San Francisco event, Amol Sarwate - Security Research Manager at Qualys - examined how SCADA security and advance persistent threats have now taken center stage.
Expert Panel at RSA 2012: Who's Responsible for Cloud Security?
Experts discuss cloud security questions at CSA Summit
0-day analysis service by Qualys
Qualys launched Zero-Day Risk Analyzer, a new service to help companies protect their IT systems against zero-day attacks which is delivered as part of the QualysGuard Cloud Platform
#BSidesSF: Why SCADA security is such an uphill struggle
We've covered the troubles with SCADA security at length, but have yet to see a real consensus on how to proceed. Amol Sarwate, security research manager at Qualys, took a crack at making sense of things at BSidesSF Monday morning.
Eradicating Malware from Enterprise Web Sites
Qualys announced a new service to help enterprises detect and eradicate malware from their web sites.
IT Security & Network Security News & Reviews: RSA Conference 2012: Hot Security Products for Cloud, BYOD
This year marks the 20th anniversary of the RSA conference, and companies are descending on San Francisco's Moscone Convention Center with product announcements and demonstrations highlighting the latest and greatest in their security portfolios.
Qualys Pushes Major Enhancements to its Flagship QualysGuard Suite
Qualys has a history of making major product announcements at the RSA Conference in San Francisco each year, and this year is no exception.
RSA Conference 2012 Opens in San Francisco
The world’s top information security professionals and business leaders gathered for the opening of the annual RSA Conference being held at San Francisco’s Moscone Center.
What's Hot at RSA This Week
Slideshow of hot products at RSA Conference 2012, including enterprise edition of the QualysGuard Malware Detection Service and QualysGuard Zero-Day Risk Analyzer
Do you need to worry about the advanced persistent threat?
Qualys CTO discusses how to reduce susceptibility to attacks
Web Encryption That Works
SSL technology isn't perfect, but it can be an effective security tool for your organization. Here are four tips for optimizing its performance
Better Information Sharing is the Future of Security, Experts Say
Potential seen for more proactive security following release of free threat intelligence feed
Five Schemes for Redeeming Trust in SSL
Creativity loves constraint and for security thinkers trying to shore up Web authentication today, that constraint is SSL/TLS
The Decision to Strip Online Certificate Revocation Checks From Chrome Is Misguided, Symantec Says
Stripping OCSP (Online Certificate Status Protocol) and CRL (certificate revocation list) checks from Google Chrome could have dangerous implications because it will turn Google into a single point of failure, according to security vendor Symantec.
Open Source Tool Detects Videoconferencing Equipment Vulnerabilities
New open source tool can detect whether a given videoconferencing system is vulnerable to attack
The 8 Best Tips You'll Ever Get On How To Launch (And Grow) A Startup
Philippe Courtot is a well-known name in the security industry and for good reason.
Oracle Plugs 14 Holes in Java
Oracle this week issued a critical patch update (CPU) that fixes 14 vulnerabilities in its Java SE product.
Adobe Flash Flaw Under Attack, Update Issued
Cross-site scripting vulnerability in Flash is being targeted by emails containing malicious links
Oracle’s Patches Address Java SE Security Flaws
Oracle released one CPU (critical patch update), which plugs 14 security holes within one of its products namely Java SE
February 2012 Patch Tuesday: Critical IE, Windows Kernel Flaws Fixed
Microsoft repaired 23 vulnerabilities this month
February Patch Tuesday Lighter Than Expected
It turns out that this February Patch Tuesday is lighter than we had anticipated.
Microsoft, Oracle, Adobe Send Patches for Valentine's Day
Details come forward on Valentine's Day/Patch Tuesday security bulletins from Microsoft, Adobe and Oracle
Microsoft to Fix Internet Explorer Hole
Patch Tuesday to include nine fixes for 21 vulnerabilities
Microsoft to Fix Internet Explorer Hole
Patch Tuesday to include nine fixes for 21 vulnerabilities.
Microsoft to Patch 21 Bugs Tuesday
Microsoft previews fixes in apps including Internet Explorer and Windows.
Microsoft to Issue More Critical Patches Next Week for Win7 Than XP
IE update likely the one users will want to apply ASAP, say researchers
Critics Slam SSL Authority for Minting Certificate for Impersonating Sites
Critics are calling for the ouster of Trustwave as a trusted issuer of secure sockets layer certificates after it admitted minting a credential it knew would be used by a customer to impersonate websites it didn't own.
Microsoft Issues Patch Plans, Includes Internet Explorer Fix
Microsoft on Thursday posted its plans for next week's Patch Tuesday.
Microsoft Ruining Valentine's Day with Nine Security Bulletins
Next Tuesday is a big deal.
Patch Tuesday Preview, February 2012
Qualys CTO's assessment of this month's Patch Tuesday.
Microsoft's February Patch Tuesday Fixes 21 Bugs
Microsoft is expected to show some love for Windows administrators on Valentine's Day, with nine patches fixing 21 vulnerabilities in February's Patch Tuesday release.
Valentine's Day Patch Tuesday: Microsoft to Issue 9 Patches, 4 Critical
Progress continues as Microsoft will issue fewest February patches since 2009
Marlinspike Asks Browser Vendors to Back SSL-Validator
'Convergence' open source dev needs vendors to balance the load
Hackers May Be Able to 'Outwit' Online Banking Security Devices
Investigators probe malware threat to 2-factor authentication
FBI Prepares to Shut Down DNSChanger Temporary Servers, Infections Remain
Thousands of computers still infected with the DNSChanger Trojan will not be able to access the Internet after the FBI shuts down its temporary servers March 8.
Half of Fortune 500 Firms Infected with DNS Changer
Machines will be cut off from the Web next month, say experts
Oracle Patches DoS Flaw in Database 10g, WebLogic, iPlanet
Oracle patched three products to address a vulnerability in Web Application frameworks that could cause a denial of service due to hashing collisions.
Detecting the DNS Changer Malware
DNS servers handling traffic of infected machines will be shutdown in March, cutting off Internet access to those infected.
Symantec Patches PCAnywhere, But Should You Delete
Symantec says hotfix 'eliminates known vulnerabilities,' but hackers could use source code to exploit unknown holes. Some users will want to delete the app entirely.
CSO Interchange: Cloud Concerns Are Largely Propaganda
Last week’s CSO Interchange roundtable centered on “Barriers to Cloud Adoption”, with talks on identity issues from Jericho Forum’s Paul Simmonds and SSL from security researcher Moxie Marlinspike.
Is Oracle Neglecting Database Security?
Oracle's big critical patch update on Jan. 17 set a record for the fewest fixes for database products--only two of the 78 total fixes in the CPU.
Qualys Expands Its FreeScan Service
Qualys announced its new and improved FreeScan service to help SMBs audit and protect their web sites from security vulnerabilities and malware infections.
Oracle Scorned for Paltry Database Patches
With only two of many reported vulnerabilities fixed in Oracle's latest update, the database security community questions Oracle's patch bottleneck.
Oracle Patches 78 Vulnerabilities
Oracle publishes Critical Patch Updates (CPUs) on a quarterly schedule.
Oracle CPU Contains Lowest Number Of Database Fixes Ever
Database security community concerned about Oracle's patch bottleneck
Oracle Squashes 78 Software Bugs in Latest Patch
Oracle yesterday deployed 78 different security fixes aimed at patching holes throughout its various database products.
Oracle Repairs Two Database Flaws, Issues 78 Patches to Product Line
Oracle repaired two flaws in its database management system as part of its quarterly update this week that included 78 patches across its product portfolio.
Reactions from the Security Community to the Trustworthy Computing Initiative
Comments on the Trustworthy Computing Initiative that Help Net Security received from industry veterans.
Oracle Readies 16 Highly Critical Security Patches
Oracle (NSDQ:ORCL) plans to release next week dozens of security patches, 16 highly critical, for most of the software maker's products.
Slow Read Attack: A New HTTP Denial of Service Attack
A new HTTP-based threat, dubbed a "Slow Read attack" aims to cause an undetected Denial of Service (DoS) by exploiting a transmission control protocol (TCP) persist timer vulnerability.
Microsoft and Adobe Release First Major Patch Bundles of 2012
Microsoft released seven bulletins last night to fix one critical issue on its first Patch Tuesday of 2012.
Adobe Plugs 6 Critical Holes in Reader
Adobe Systems Inc. issued its quarterly security update Tuesday, repairing six critical vulnerabilities in its Reader and Acrobat software.
Microsoft's First 2012 Patch Tuesday Offers One Critical Fix
Microsoft (NSDQ:MSFT) released Tuesday one critical bulletin in a package of seven that comprised the company's first monthly patch release of the year.
Microsoft January 2012 Patch Tuesday Issues Windows Media Fix, Resolves SSL Protocol Weakness
Microsoft issued seven security bulletins, including one “critical” bulletin, repairing a serious Windows Media Player flaw that could be exploited in dangerous drive-by website attacks.
Exploit Code for Recent ASP.NET DoS Flaw Made Public
The ASP.NET DoS flaw that has recently been revealed at the Chaos Communication Congress in Berlin has been patched by Microsoft in almost record time, but users who have not already implemented the patch should definitely hop to it
Microsoft Slays the BEAST, and Six Other Patch Tuesday Updates
Microsoft has released a total of seven security bulletins – one ranked as “critical”, with the remaining 6 designated merely as “important”
Media Player, Security Bypass Are Focus of Microsoft's First Patch Tuesday of 2012
Of the seven bulletins issued as part of Microsoft's first Patch Tuesday of the year, researchers agree that a vulnerability affecting Windows Media Player should be the first one patched.
Microsoft Releases Seven Bulletins
Qualys CTO Wolfgang Kandek on this month's Patch Tuesday
New Denial of Service Vulnerability Detailed, Doesn't Require Many PCs
What you may not know is that there are denial of service (DoS) methods that don't need to be so distributed.
New Slow-Motion DoS Attack: Just a Few PCs, Little Fear of Detection
Qualys Security Labs researcher Sergey Shekyan has created a proof-of-concept tool that could be used to essentially shut down websites from a single computer with little fear of detection.
Adobe Plans Fixes for Critical 3D Bugs in Reader, Acrobat X
Adobe will fix a slew of security flaws in Reader and Acrobat, including the critical 3D vulnerabilities that were discovered in December, as part of its quarterly update.
Microsoft to Start 2012 with Seven Bulletins on Patch Tuesday
Microsoft has announced that it will release seven bulletins addressing eight vulnerabilities on its first patch Tuesday of 2012.
MetricStream, Qualys Partnership Brings Security and Risk Intelligence to IT-GRC
Qualys and MetricStream announce integration of MetricStream IT-GRC Solution with QualysGuard Vulnerability Management
Researcher Devises Hard-to-detect Denial-of-service Attack Against HTTP Servers
New HTTP denial-of-service (DoS) attack relies on prolonging the time clients need to read Web server responses.
Microsoft Plans 7 Fixes for January Patch Tuesday
Microsoft is planning seven fixes for January's Patch Tuesday release that will address bugs in all versions of Windows and possibly for the SSL/BEAST flaw.
Microsoft to Start New Year With Seven Security Bulletins
Microsoft plans to start the new year with a relatively large number of security bulletins covering eight vulnerabilities.
Microsoft's 2012 Inaugural Security Patch to Include 7 Fixes
January's Security Update from Microsoft, arriving next Tuesday, will feature six fixes for Windows and one fix for Microsoft developer tools, according to the company's advance notice.
Rated Critical: A Microsoft Security Blog
How can Microsoft's only unscheduled patch of 2011 help predict its security success in 2012?
The Year in Security: A Look Back at 2011 and Trends for 2012
Reflecting on security events of 2011 to plan for 2012
Cyberthreats Evolve, Start-ups Responding
Types of security threats companies face have shifted dramatically in recent years.
MetricStream and Qualys Partnership Brings Actionable Security and Risk Intelligence to IT-GRC
ntegration partnership enables corporations to continuously take full inventory of their IT assets
No Shelter From a Cybercrime Storm
Denial of service hole closed
Microsoft Publishes Workaround for ASP.NET Vulnerability
Advisory provides workaround to help protect ASP.NET customers from a publicly disclosed vulnerability that affects various web platforms