Microsoft Patch Tuesday, June 2024 Security Update Review
Qualys Security Blog
by Diksha Ojha
6d ago
Microsoft’s June Patch Tuesday is here, bringing fixes for vulnerabilities impacting its multiple products. This month’s release highlights the ongoing battle against cybersecurity threats, from critical updates to important fixes. Let’s dive into the crucial insights from Microsoft’s Patch Tuesday updates for June 2024. Microsoft Patch Tuesday for June 2024 Microsoft Patch Tuesday’s June 2024 edition addressed 58 vulnerabilities, including one critical and 50 important severity vulnerabilities. In this month’s security updates, Microsoft has addressed one zero-day vulnerability known to ..read more
Visit website
Check Point Security Gateway Information Disclosure Vulnerability (CVE-2024-24919)
Qualys Security Blog
by Sheela Sarva
1w ago
Check Point Security Gateway is a secure web gateway that is an on-premises or cloud-delivered network security service. Check Point enforces network security policies, including firewall, VPN, and intrusion prevention capabilities. Check Point published a zero-day advisory on May 28, 2024, regarding CVE-2024-24919 with a CVSS score of 8.6. As per the advisory, the vulnerability results in attackers accessing sensitive information and gaining domain privileges.  The vulnerability impacts various products from Check Point like CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis ..read more
Visit website
TotalCloud Insights: Securing Your Data—The Power of Encryption in Preventing Threats
Qualys Security Blog
by Atul Parmar
1w ago
Introduction Did you know there is a 90% failure rate for encryption-related controls of MySQL Server in Microsoft Azure? The issue isn’t confined to Azure; in Google Cloud Platform (GCP) environments there is a 98% failure rate of encryption-related controls for both compute engine and storage services. Amazon Web Services (AWS) is not exempt, with a LAMBDA failure rate of 71%, which indicates a significant gap in securing serverless functions, highlighting the need for users to enhance their understanding of encryption in these environments. What Does This Mean? In today’s digital landscape ..read more
Visit website
2024 Cybersecurity Trends: What’s Observable Already?
Qualys Security Blog
by Thomas Nuth
2w ago
2024 has already witnessed a staggering number of cyber incidents, with over 29.5 billion records breached across 4,645 publicly disclosed incidents in January alone, according to the IT Governance Security Spotlight. Moreover, CVEs are growing significantly year over year, with 13% growth from 2022 to last year, and an expected 25% increase from 2023 to 2024. With such growth in vulnerabilities, staying on top of the latest trends that attackers may be using is vital.    So, what trends are we observing so far in 2024? Ransomware-as-a-Service (RaaS) Among the most significant trends ..read more
Visit website
TotalCloud Insights: Uncovering the Hidden Dangers in Google Cloud Dataproc
Qualys Security Blog
by Rahul Pareek
3w ago
Summary The Apache Hadoop Distributed File System (HDFS) can be vulnerable to data compromise when a Compute Engine cluster is in a public-facing virtual private cloud (VPC) or shares the VPC with other Compute Engine instances. Google Cloud Platform (GCP) provides a default VPC called ‘default.’ This VPC allows inbound connections only on ports 22 and 3389 while permitting all inbound connections within the internal subnet. This configuration can pose a significant security risk when both Dataproc clusters and Compute Engine instances share the default subnet VPC. It can lead to potential da ..read more
Visit website
Introducing FIM 4.0 with File Access Monitoring (FAM) and Agentless FIM
Qualys Security Blog
by Lavish Jhamb
1M ago
File Integrity Monitoring (FIM) solutions are essential for virtually any organization to help identify suspicious activities across critical system files and registries, diagnose changes, and send alerts. However, not all FIM solutions are created equal. To ensure adequate compliance and cybersecurity resilience, any FIM solution should include File Access Monitoring (FAM) and support for agentless devices.   With File Integrity Monitoring 4.0, Qualys has introduced the most comprehensive FIM solution, which includes real-time File Access Monitoring (FAM) and Agentless FIM, starting with ..read more
Visit website
How the Qualys Enterprise TruRisk™ Platform Extends CISA Vulnrichment
Qualys Security Blog
by Ashish Kar
1M ago
Introduction In today’s interconnected digital landscape, cybersecurity threats pose significant risks to organizations across various sectors. Recognizing the need for a structured approach to identify, prioritize, and address vulnerabilities, the Cybersecurity and Infrastructure Security Agency (CISA) has developed the “Vulnrichment Project.” This project is a public repository of CISA’s enrichment of public CVE records by adding key SSVC (Stakeholder-Specific Vulnerability Categorization) decision points. SSVC uses a decision tree to evaluate if the security team should defer or act immedia ..read more
Visit website
TotalCloud Container Security Best Practices
Qualys Security Blog
by Nirav Kamdar
1M ago
Qualys Container Security (CS), an integral part of TotalCloud 2.0, provides a comprehensive view of the security posture of containerized applications.  Operationalizing a new technology tool in an enterprise often presents its own challenges. This blog seeks to help the operations team familiarize themselves with a few important processes and configure key parameters early in the rollout. Please note this is not a definitive guide; instead, it highlights a few points to consider. Here are some of the best practices to follow when using Qualys Container Security. Maintaining Sensor ..read more
Visit website
TotalCloud Insights: A Wake-Up Call on Cloud Database Security Failure Rates
Qualys Security Blog
by Rahul Pareek
1M ago
In part 1 of this two-part blog, we explored how to safeguard cloud databases from SQL Server threats and lateral movement risks. In this second part, we turn our focus to a comparative analysis of database security across three major cloud service providers (CSPs), AWS, Azure, and GCP, as well as the varying failure rates of database security controls. For this analysis, “failure rates” are the rates at which users are not following database security best practices, as enumerated in part 1. Failure Rates Across CSPs The Qualys research team’s study on database-related control failures across ..read more
Visit website
Elevating Security: Qualys Unveils First Solution for Scanning AWS Bottlerocket in Amazon EKS and Amazon ECS
Qualys Security Blog
by Spencer Brown
1M ago
With this new offering, Qualys establishes itself as the first and only vendor solution with the unique ability to scan AWS Bottlerocket instances directly using the Qualys Cloud Agent and TotalCloud Agent-less Snapshot-Based Scan. This innovative capability empowers organizations to comprehensively manage and mitigate risks at both the host OS and container levels. In this article, we delve into the distinct security challenges associated with Bottlerocket in Amazon Elastic Kubernetes Service (Amazon EKS) and Amazon Elastic Container Service (Amazon ECS) and explore how Qualys, through its fu ..read more
Visit website

Follow Qualys Security Blog on FeedSpot

Continue with Google
Continue with Apple
OR