New research commissioned by Qualys and conducted by Dark Reading shines new light on the various ways information security professionals are coping — or struggling — with the difficulties and nuances of safeguarding cloud and SaaS assets, including measuring, communicating, and eliminating cyber risk in the cloud. Key findings fromRead More…

Qualys has announced the Managed Risk Operations Center (mROC) Partner Alliance, allowing select Qualys partners to expand their revenue streams by offering advisory, onboarding, integration, and remediation through a unified managed service to help their clients identify, quantify, assess, and mitigate cyber risks. This provides qualified Qualys Managed Service SolutionRead More…

The Qualys Threat Research Unit (TRU) has identified five Local Privilege Escalation (LPE) vulnerabilities within the needrestart component, which is installed by default on Ubuntu Server. These vulnerabilities can be exploited by any unprivileged user to gain full root access without requiring user interaction. The identified flaws have been assigned the CVERead More…

Qualys has launched the industry’s first Risk Operations Center (ROC) with Enterprise TruRisk Management (ETM) at the Qualys Security Conference. The solution enables CISOs and business leaders to manage cybersecurity risks in real time, transforming fragmented, siloed data into actionable insights that align cyber risk operations with business priorities. TheRead More…

Qualys has unveiled TruRisk Eliminate, a comprehensive remediation solution that extends beyond patching to help organisations further reduce risk. It provides additional innovative remediation methods when patching isn’t feasible. This approach uses patchless patching, targeted isolation, and other mitigation strategies to ensure robust protection. Patch management is a core capabilityRead More…

Qualys has announced it is expanding its portfolio with Qualys TotalAI, designed to address the growing challenges and risks associated with securing generative AI and large language model (LLM) applications. As organisations increasingly integrate AI and LLMs into their products and solutions, they face an expanded attack surface and heightenedRead More…

Qualys has announced the launch of its API security platform that leverages AI-powered scanning and deep learning-based web malware detection to secure web apps and APIs across the entire attack surface, including on-premises web servers, databases, hybrid, multi-cloud environments, API gateways, containerised architectures, and microservices. APIs are integral to digitalRead More…

The Qualys Threat Research Unit (TRU) has discovered a Remote Unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387. The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that presents aRead More…

Qualys has announced the launch of CyberSecurity Asset Management 3.0, an expansion of the Enterprise TruRisk Platform. This update integrates its leading vulnerability assessment capability into its External Attack Surface Management (EASM) solution delivering an accurate, real-time view of the external attack surface that eliminates more false positives to mitigateRead More…

Qualys has announced it is offering free 30-day access to the Qualys Enterprise TruRisk Platform to aid organisations in efficiently discovering and classifying internet-facing and internal-facing assets, and prioritising vulnerabilities for swift and safe remediation, aligning with the UK’s National Cyber Security Centre (NCSC) 5-7 days guidance. NCSC recently released guidance recommending patchingRead More…