Small and medium-sized businesses have increasingly become reliant on web applications – whether they are developed or procured, to drive their operations, engage customers, and scale their businesses. The increasing reliance on online operations is underscored by 84% of businesses using digital technologies. The impact of the COVID-19 pandemic forced a surge in online business activity. Nevertheless, this digital transformation journey brings with it a host of cybersecurity challenges, ranging from data breaches to phishing attacks, which can devastate an SMB’s reputation, financial health, a ..read more

On March 25th, 2024, a critical security vulnerability was discovered in the LayerSlider plugin for WordPress, marked as CVE-2024-2879. The plugins have more than 10 lakh active installations. This flaw, rated with a CVSS score of 9.8 out of 10.0, is identified as an SQL injection vulnerability impacting LayerSlider versions 7.9.11 through 7.10.0.  Qualys Web Application Scanning released a QID 150868 to address CVE-2024-2879. The detection is part of the OWASP Top 10 Injection category. SQL injections have been getting a lot of visibility recently which we h ..read more

Introduction In today’s tech-driven world, cloud computing has completely changed how businesses store and manage their data. It offers many advantages, like flexibility, scalability, and cost savings, making it a go-to choice for organizations of all sizes. Keeping your data secure, especially in databases, is crucial, as cybercriminals always seek ways to gain unauthorized access to sensitive information. Ensuring your database’s safety in the cloud is a top priority. A data breach can be disastrous, leading to financial losses, legal trouble, and damage to your reputation. Understanding com ..read more

NCSC details the importance of having asset management and remediation as key requirements of a successful VM program. “A vulnerability management process shouldn’t exist in isolation. It is a cross-cutting effort and involves not just those working in IT operations, but also security and risk teams.” In its recent vulnerability management guidance, the UK’s National Cyber Security Centre (NCSC) provided five vulnerability management principles. This guidance is intended to help all organisations, from small and medium businesses to enterprises and the public sector, understand where to focu ..read more

How Qualys Cybersecurity Solutions Ensure Compliance The European Union’s revised Network and Information Security (NIS2) Directive is a comprehensive cybersecurity regulation aimed at bolstering the resilience of critical entities and essential services across the EU. As organizations grapple with the complexities of compliance, Qualys offers a suite of powerful cybersecurity solutions that can help streamline the process and ensure adherence to NIS2 requirements. The NIS2 Directive expands upon its predecessor, NIS1, by widening the scope of covered entities and introducing more stringent cy ..read more

QIDs/CVEs When it comes to cybersecurity, speed is key in getting an edge over attackers. But when you consider that vulnerabilities weaponize 24 days faster than then they are remediated on average, cybersecurity stakeholders have a lot of catching up to do.   While there are many ways defenders can reduce their MTTR and improve their odds against attackers, perhaps none are as important as achieving an effective risk-based approach to vulnerability prioritization. However, this is easier said than done. Here’s why:  The industry-standard cataloging doctrine of Common Vulnerabi ..read more

Qualys is proud to announce that our Endpoint Detection & Response solution has earned top certifications from two of the most respected independent anti-virus testing organizations – SE Labs and AV-Test. These prestigious validations underscore Qualys’ mission to deliver best-in-class malware protection as part of our comprehensive endpoint security capabilities. The Necessity of Third-Party Testing While Qualys has long been recognized as a trusted provider of innovative and effective cybersecurity solutions, we understand the importance of independent testing. It instills confidence ..read more

What is File Access Monitoring (FAM)? FAM is a security practice that involves tracking and logging access to sensitive files. FAM should be included with any File Integrity Monitoring (FIM) solution to trigger alerts when critical host files not intended for regular use are accessed. Importance of FAM in regulatory compliance Data compliance regulations such as the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Sarbanes-Oxley Act (SOX), and Health Insurance Portability and Accountability Act (HIPAA) require that organizations monitor how sensitive data is a ..read more

Current cybersecurity challenges demand more than just reactive measures. A significant hurdle many organizations face is the effective remediation of vulnerabilities within their IT infrastructure. Recognizing this, security teams are increasingly turning to sophisticated vulnerability management solutions. These tools are crucial in accurately detecting and prioritizing vulnerabilities, yet a critical gap remains in the authority and processes required for effective remediation. The impact of proactive vs. reactive In a recent study, 60% of data breaches were caused by unpatched vulnerabilit ..read more

Welcome to another insightful dive into Microsoft’s Patch Tuesday! This month’s security updates address a vast number of vulnerabilities in multiple popular products, features, and roles. We invite you to join us to review and discuss the details of these security updates and patches. Microsoft Patch Tuesday for April 2024 Microsoft Patch Tuesday’s April 2024 edition addressed 155 vulnerabilities, including three critical and 145 important severity vulnerabilities. In this month’s security updates, Microsoft has not addressed any zero-day vulnerabilities known to be exploited in the wild. Mic ..read more