Qualys

Table of Contents Security professionals employed by a federal agency, supplier, or regulated private sector firm are often challenged by long lists of required cybersecurity rules that can seem endless and unchanging. White House Executive Orders, FedRAMP requirements, CISA Binding Operational Directives, NIST guidelines, FISMA modernization mandates – and Inspector Generals with local, state, or […]

Table of Contents Over the last few years, the volume of software developed and the surge in vulnerabilities has been staggering. Combine this with a shortage of cybersecurity professionals, and organizations are left with the daunting challenge of keeping up with the sheer volume of information coming at them.   At our inaugural 2023 Qualys Cyber

Table of Contents Cybersecurity professionals from all over are making their way to RSA’s annual conference this week in search of inspiration and expert advice on bolstering their security postures. But for those who could not disrupt their schedules to make the trip, Qualys is providing IT and security practitioners with an easy way to

Table of Contents Microsoft released security updates to address 114 vulnerabilities in the April Patch Tuesday edition. The security advisories cover various vulnerabilities in different products, features, and roles. Let’s know more about this month’s Patch Tuesday details. Microsoft Patch Tuesday for April 2023 Microsoft has addressed 114 vulnerabilities in this month’s Security Update, including

Table of Contents Originally published in 2017 as an evolution of the Australian Signals Directorate’s Strategies to Mitigate Cyber Security Incidents, the Australian Cyber Security Centre (ACSC) Essential 8 (E8) consists of a set of strategies that can make it harder for threat actors to compromise a firm’s cybersecurity defenses. This blog examines specific aspects

Table of Contents Web applications reign the internet universe, but also bring new risks that let attackers poke holes in an ever-expanding attack surface.  Stolen credentials have been the historical culprit. Recent analysis saw a spike in exploits targeting web applications directly through specially-crafted attacks against vulnerable source code. According to Verizon in their most recent

Table of Contents The increasing number of vulnerabilities poses a significant challenge for most organizations trying to effectively manage and mitigate Cyber risks. According to NVD, the number of vulnerabilities in 2022 increased by approximately 25% as compared to 2021. As we are in start of March the vulnerabilities count of 2023 is almost reaching

Table of Contents How To Deal With the Next Open-Source Vulnerability Using Custom Scripts [embedded content] A critical vulnerability in Apache’s Log4j Java-based logging utility (CVE-2021-44228) was previously referred to as the “most critical vulnerability of the last decade.” In the wake of Log4Shell exploits, many security professionals are concerned about the next potential open-source

Table of Contents With a growing number of cyber-attacks and the push to stay ahead of adversaries, the Vulnerability Management lifecycle has become necessary for ensuring enterprise-grade cyber resiliency. For many organizations, there is a persistent challenge in supporting vulnerability assessment and remediation programs after implementation. Current solutions are far from set it and forget

Table of Contents Organizations today cannot detect real-time threats at runtime due to the multi-cloud infrastructure, resulting in the possibility of malicious actors exploiting the environment. It is imperative for the modern organization to have a solution to detect advanced run-time threats in real-time to protect their systems.  As a result of our commitment to