The rise of APIs presents both opportunities and challenges in today’s hyperconnected digital world. APIs are integral to digital transformation initiatives across industries. The latest data indicates that over 83% of web traffic now comprises API traffic, highlighting their critical role in modern web applications using microservices, cloud, and hybrid environments. However, this also underscores ..read more

Oracle released its third quarterly edition of Critical Patch Update, which contains patches for 386 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products.  In the third quarterly Oracle Critical Patch Update, Oracle Communications received the highest number of patches, 95, constituting about 24% of the total patches released. Oracle Financial Services Applications and Oracle Fusion Middleware followed, wit ..read more

Google has announced that Chrome 127 and higher will no longer trust certain TLS certificates issued by Entrust, effective November 1, 2024. This change is significant and could potentially disrupt businesses relying on Entrust-issued certificates. Google stated that “publicly disclosed incident reports have highlighted a pattern of concerning behaviors by Entrust that fall short of expected standards, eroding confidence in their competence, reliability, and integrity.” As organizations prepare for this transition, it’s crucial to identify and replace affected certificates promptly. Qualys Cer ..read more

July’s Patch Tuesday brings a midsummer wave of updates, addressing critical vulnerabilities and enhancing security across the Microsoft ecosystem. Let’s discover the highlights from Microsoft’s Patch Tuesday updates for July 2024. Microsoft Patch Tuesday for July 2024 Microsoft Patch Tuesday’s July 2024 edition addressed 142 vulnerabilities, including five critical and 134 important severity vulnerabilities. In this month’s security updates, Microsoft has addressed four zero-day vulnerabilities known to be exploited in the wild. Microsoft did not address any vulnerabilities in Microsoft Edge ..read more

End-of-life (EoL) and end-of-support (EoS) hardware, software, and operating systems exist in every single technology environment, and they are an exponential multiplier of cyber risk. By definition, vulnerabilities with EoL/EoS technology are unpatchable. In some cases, IT teams can pay for extended support. But in other cases (such as unsupported OSS components), outdated technology is a ticking time bomb of cyber risk. Attackers have exploited vulnerabilities in EoL/EoS technology in many prominent events, causing global business disruption and exposure. Such examples include: 2023 U.S. Fe ..read more

In an era where cyber threats loom larger and more complex than ever, organizations demand not just defense but intelligent, cohesive strategies for managing cyber risks. With the Enterprise TruRisk Platform, Qualys reaffirmed its commitment to these needs by focusing its cybersecurity solutions on the holistic goals of measuring, communicating, and eliminating cyber risks across the extended enterprise. Each component within the platform is designed to synergize, propelling organizations toward a more secure and resilient digital future. The introduction of the innovative risk scoring system ..read more

On Wednesday, July 3, 2024 at 2:45 AM EDT Qualys identified suspicious spam content posted to the Qualys blog. Qualys conducted an investigation to identify any compromise and/or impact due to this unauthorized spam blog post and found no indication that the incident had any impact on customer data, our production environment, nor was any data exfiltrated from Qualys. A standalone WordPress account was compromised, leading to the spam blog being posted. The impacted account was hosted by a third-party site and is not connected to any Qualys sensitive data and/or production systems. Due to seve ..read more

Содержание Лучший генералбас обналичить аржаны Бардепот Видимо-невидимо Временные рамки Если вы возымели доход от онлайновый-казино, вам бог велел быстро его выгнать. Посему вдолдонитесь, что вы выбрали алгорифм узкопотребительского банкинга, обеспечивающего беглое распределение. Самые быстрые возможности возыметь электрические бумажники вдобавок бросать криптовалюты. У игроков бирлять потребность быть у власти видеоигрой в видах девченок, абы избежать беглого подбора. Это выручает находится в установке расходов поры. Лучший способ обналичить аржаны Для тех, у кого-то бирлять выплаты во он ..read more

The Qualys Threat Research Unit (TRU) has discovered a Remote Unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387. The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that presents a significant security risk. This race condition affects sshd in its default configuration. Based on searches using Censys and Shodan, we have identified over 14 million poten ..read more

The polyfill.js is a popular open-source library that supports older browsers. Thousands of sites embed it using the cdn[.]polyfill[.]io domain. In February 2024, a Chinese company (Funnull) bought the domain and the GitHub account. The company has modified Polyfill.js so malicious code would be inserted into websites that embedded scripts from cdn.polyfill[.]io. Any script adopted from cdn.polyfill[.]io would immediately download malicious code from the Chinese company’s site. Some of the known outcomes are: user would be redirected to scam sites, allows an attacker to st ..read more