Vulnerability Management

June 19, 2020 “Unsafe” Code Uncovered in Chrome Browser (and Chromium-Based Browsers)

Google has identified “unsafe” code in the Chromium web browser engine. This flaw introduces a potential vulnerability that effects Google Chrome, as well as all Chromium-based web browsers.

June 01, 2020 Acronis Cyber Protect Cloud Turns Managed Service Providers Into Managed Security Providers

More than ever, cybersecurity solutions are core to any MSPs offering. No longer should technology service providers be farming this out to dedicated security providers. Trust and peace of mind are the core tenets of what they are selling and solutions like Acronis Cyber Protect Cloud can provide the platform upon which to deliver on those promises.

May 27, 2020 Kenna Security Offers Vulnerability Management Options: Kenna.VM & Kenna.VI

Kenna Security deployed their new data driven vulnerability management program, Kenna.VM and accessory program, Kenna.VI. Released on April 28th, Kenna.VM was created with the purpose to set service-level agreements (SLAs) with risk tolerance in mind.

May 11, 2020 Rapid7 Penetration Tests Show That Businesses Are Getting Better at Network Security

We often hear that businesses are continually cyber insecure or under attack. However, recent penetration testing from Rapid7 shows that businesses are getting better at securing their networks against cyberattacks. While organizations continue to have exploitable weaknesses, attackers are having greater difficulty penetrating deeper into businesses’ networks.

April 30, 2020 IBM Zero-Day Vulnerabilities Leave Enterprises Open to Remote Execution Attacks

Four zero-day vulnerabilities were discovered in IBM’s Data Risk Manager. While the vulnerabilities are concerning, more so is IBM’s response when addressed. The company simply stated, “It’s out of scope.” – meaning it had no intention to rectify or address the issue.

April 30, 2020 Will New IoT Security Frameworks Push Compliance Obligations to the Forefront of Security Discussions?

The Internet of Things is increasingly embedded with our daily lives. While these devices make life more accessible, for every new device, a new attack vector for cyberattackers is created.

April 23, 2020 Qualys VMDR Is Now Live: Increasing Security Threats Requires Strong Vulnerability Management Software

Qualys VMDR has hit the live market. Originally unveiled in February 2020 at Qualys Security Conference, VMDR is now publicly available as of April 16, 2020. Partnering with both large and small MSSPs, VMDR is designed to be scalable to any business enterprise and to automate the entire management cycle on all endpoints.

April 13, 2020 Global Vulnerability Management Market Outlook 2020-2023

Market researcher ResearchandMarkets.com has published its market outlook for vulnerability management tools.

April 07, 2020 Apple iOS and iPadOS VPN Bypass Vulnerability

A vulnerability has been discovered in Apple iOS and iPadOS where VPN (virtual private networking) can be bypassed, thereby not securing all traffic within the secure VPN tunnel.

March 29, 2020 SC Awards 2020: Qualys Wins Best Vulnerability Management Solution Award

SC Media had its recent 2020 SC Awards Honored in the U.S. event and has awarded Qualys recognition for Best Vulnerability Management Solution in the “Trust Awards” category.

March 24, 2020 Qualys Announces New Flagship Product, Qualys VMDR

Qualys announced its new flagship product, Qualys VMDR, at RSA Conference 2020. According to the Qualys website, VMDR will be available after March 30, 2020.

March 17, 2020 Kr00k Wi-Fi Vulnerability Leads to Widespread Concerns

There is a vulnerability at the layer 2 Wi-Fi encryption level called Kr00k (formally CVE-2019-15126 in the NIST National Vulnerability Database) affecting Broadcom and Cypress Semiconductor Wi-Fi devices.

March 17, 2020 Windows 7 End-of-Life Troubles Continue: ESUs Don’t Apply to Enterprises That Purchased Licences

Microsoft’s end-of-life support for Windows 7 has run into its first set of issues with its extended security updates (ESUs). Administrators who paid for the ESU found out their downloads are not applying.

March 17, 2020 Qualys Unveils Its New Vulnerability Management, Detection, and Response Matrix

Qualys’ newest product, VMDR (Vulnerability Management, Detection, and Response), will be available in March and will provide an all-in-one cloud-based solution for vulnerability management. VMDR will automate the entire management cycle on all endpoints.

March 16, 2020 Microsoft Unveils Tamper Support for Windows 10 Defender Advanced Threat Protection

Microsoft has added its Windows 10 Tamper Protection controls to the public version of Microsoft Defender. Previously available only to enterprise users, Tamper Protection is intended to better detect threats that make it past other defences and to provide remediation suggestions.

March 11, 2020 Qualys Discovers Critical Flaw With OpenBSD Mail Server, Multiple Programs Vulnerable

Qualys Research Labs, a vulnerability management provider, discovered a vulnerability in the OpenSMTPD Mail server used in conjunction with the OpenBSD operating system. This flaw allows for an attacker to execute arbitrary code with command privileges.

March 03, 2020 United Nations Faces Cyber-Espionage; Failure to Patch Causes Breach

A leaked UN report showed that servers were compromised during a cyberattack that exploited an older version of Microsoft SharePoint. This breach is a case study in the importance of both patch management and transparency.

February 24, 2020 Microsoft Troubles Continue; Zero-Day Vulnerability Places Windows Users at Risk

Reported by Microsoft on January 17, the company admitted to another vulnerability in the older versions of its Windows products. A vulnerability in the remote code execution (RCE) was found in the scripting engine of Internet Explorer (IE).

February 24, 2020 Windows 7 Reaches End of Life; Are You About to Pay the Price?

Last fall, Microsoft announced that it would be ending support for Windows 7 on January 14, 2020.

February 04, 2020 Citrix Systems Remain Vulnerable Despite Patching Attempts

A Citrix vulnerability first discovered on December 17, 2019 is being continually exploited by ransomware attackers despite patching attempts by Citrix.

February 04, 2020 Project Zero Extends Its Vulnerability Disclosure Agreement to 90 Days, Changes to Follow

Project Zero is changing its vulnerability disclosure policy to give software developers more time to patch vulnerabilities. The policy is now shifted to a stringent 90-day policy.