Articles about qualys

Stack Clash flaws blow local root holes in loads of top Linux programs

Powerful programs run daily by users of Linux and other flavors of Unix are riddled with holes that can be exploited by logged-in miscreants to gain root privileges, researchers at Qualys have warned. Essentially, it's possible to pull off a "Stack Clash" attack in various tools and applications to hijack the whole system, a …
Iain Thomson, 20 Jun 2017

Apache Struts 2 needs patching, without delay. It's under attack now

Infosec researchers have found a “dire” zero-day in Apache Struts 2, and it's under active attack. If you're a sysadmin using the Jakarta-based file upload Multipart parser under Apache Struts 2, Nick Biasini of Cisco's Talos advises applying the latest upgrade immediately. CVE-2017-5638 is documented at Rapid7's Metasploit …

Evil OpenSSH servers can steal your private login keys to other systems – patch now

Malicious OpenSSH servers can silently steal people's private SSH keys as they try to login, it emerged today. This means criminals who compromise one server can secretly grab keys needed to log into other systems from a user's computer – allowing crooks to jump from server to server. The security cockup, present in the …
Iain Thomson, 14 Jan 2016
GHOST vulnerability

BOO! Grave remote-code exec flaw in GNU C Library TERRIFIES Linux

Security researchers have uncovered a critical bug in the GNU C Library (glibc), a key component of Linux and some other operating systems, which could render countless machines vulnerable to remote code execution attacks. The flaw, which was discovered by Qualys and assigned CVE-2015-0235, is known as the GHOST vulnerability …
Neil McAllister, 27 Jan 2015

Social sniffer predicts which Nigerian prince has the best chance of scamming you

Kiwi penetration tester Laura Bell has released a social engineering analysis tool to allow analysis of risky behaviour by punters. The platform dubbed "AVA" and billed as an "automated three-phase human vulnerability scanner" will soon be released as open source and made usable for both hackers using Kali Linux and less tech- …
Darren Pauli, 18 Dec 2014

Apple splats 'new' SSL snooping bug in iOS, OS X - but it's no Heartbleed

Apple has squashed a significant security bug in its SSL engine for iOS and OS X as part of a slew of patches for iThings and Macs. The so-called "triple handshake" flaw quietly emerged yesterday amid panic over OpenSSL's Heartbleed vulnerability, and soon after the embarrassing "goto fail" blunder in iOS and OS X. Apple's " …
John Leyden, 23 Apr 2014
The Four Horsemen Apocalypse ride up the grassy mound that adorns the WinXP desktop

Win XP usage down but not out as support cutoff deadline looms

Windows XP usage on the web is decreasing as the venerable operating system edges ever closer towards its "end of life" from Microsoft support next week. Data from cloud security firm's Qualys QualysGuard shows that the percentage of XP on machines decreased from 35 per cent as of January 2013 to 14 per cent in February 2014. …
John Leyden, 4 Apr 2014
More flaws found in Java

Oracle drops shedload of CRITICAL vuln-busting Java patches

Oracle's autumn batch of quarterly updates included no fewer than 127 security fixes, including 51 for Java alone. The arrival of the Critical Patch Update (CPU) from Oracle means pretty much all of the enterprise server packages from the software giant need patching. Oracle Database Server, Oracle E-Business Suite, Oracle …
John Leyden, 16 Oct 2013

Oracle releases July patch batch... with 27 fixes for remote exploits

Oracle has pushed out a quarterly patch batch of 89 updates that mean almost all of its enterprise software products need updating for one reason or another. Craig Young, a security researcher at Tripwire, noted that most of the vulnerabilities were picked up by third-party researchers. “The constant drumbeat of critical …
John Leyden, 17 Jul 2013
The Register breaking news

Windows kernel bug-squish, IE update star in July Patch Tuesday

Microsoft's Patch Tuesday for July landed overnight with a bumper crop of seven bulletins, six of which cover critical flaws that carry remote code execution risks. And the Windows 8 giant today revealed that one of these, CVE-2013-3163, is currently under active attack online. Every supported operating system, every version …
John Leyden, 10 Jul 2013
The Register breaking news

A simple SSL tweak could protect you from GCHQ/NSA snooping

An obscure feature of SSL/TLS called Forward Secrecy may offer greater privacy, according to security experts who have begun promoting the technology in the wake of revelations about mass surveillance by the NSA and GCHQ. Every SSL connection begins with a handshake, during which the two parties in an encrypted message …
John Leyden, 26 Jun 2013
The Register breaking news

Adobe auto-update eases Flash update chore - on Windows only

Adobe has introduced an auto-updater for its Flash software packages that reduces the chore of updating the widely-used application by automating the process for all supported browsers on Windows machines. Previously users had to apply individual updates to Chrome, Firefox and IE add-ons and plug-ins, a process that often went …
John Leyden, 29 Mar 2012
For Sale sign detail

Qualys pushes out cloud-based tech for website protection

Security software-as-a-service specialist Qualys has branched out from vulnerability assessment and policy compliance for corporate networks with a cloud-based website protection service. QualysGuard Web Application Firewall (WAF) is designed to protect sites from threats including SQL injection and DDoS. The service is also …
John Leyden, 27 Feb 2012
The Register breaking news

MS inadvertently offers early peep at September patches

Microsoft inadvertently published details of the patches it plans to publish on Tuesday following a slip-up by its security gnomes last week. Patch Tuesday pre-alerts normally reveal little more than the applications Microsoft intends to update and the severity of the vulnerabilities addressed. However this month the software …
John Leyden, 12 Sep 2011
The Register breaking news

4 in 5 surfers open to browser exploits from fixed flaws

Eight in 10 browsers remains vulnerable to attacks targeting already patched bugs, with the majority of problems stemming from plug-ins such as Java. The figures come from real world scans by users of Qualys's BrowserCheck service, a free of charge consumer-focused scanning utility released last year. The web-based service …
John Leyden, 18 Feb 2011
channel

Dell sandboxes Firefox to boost corporate security

Dell has applied application virtualisation technology to Firefox in order to offer corporates what it claims is a more secure browsing experience. The Dell KACE Secure Browser, which is available for download at no charge from Tuesday, aims to boost enterprise security while introducing businesses to the PC maker's recently …
John Leyden, 20 Jul 2010
globalisation

Qualys crawls into the malware scanning biz

Qualys is inviting sys admins to sign up to a new free service, QualysGuard Malware Detection, which provides alerts about drive-by-download attacks and malicious scripts on monitored websites. The service is based on behaviour analysis and offers automated alerts when it finds websites with rogue JavaScript, character …
John Leyden, 2 Mar 2010
channel

How secure are your applications?

Let’s be blunt. The fine heritage of application development has not traditionally incorporated the pre-emptive creation of secure code, i.e. programs that are built from the ground up to be secure. There are a number of potential reasons for this – not least that in the old days, before every system was connected (either …
Jon Collins, 30 Jun 2009

Create a news alert about qualys, or find more stories about qualys.

Biting the hand that feeds IT © 1998–2017