Collaborate Disseminate
Less than a month after the patching of a critical RCE flaw in OpenSMTPD, OpenBSD’s mail server, comes another call to upgrade to the latest version, as two additional security holes have been plugged. Discovered by Qualys researchers, one is a less se… Continue reading A new RCE in OpenSMTPD’s default install, patch available
Microsoft today released updates to plug nearly 100 security holes in various versions of its Windows operating system and related software, including a zero-day vulnerability in Internet Explorer (IE) that is actively being exploited. Also, Adobe… Continue reading Microsoft Patch Tuesday, February 2020 Edition
February 2020 Patch Tuesday is here. To mark the occasion, Microsoft has released fixes for 99 vulnerabilities – 12 critical, one of which is being exploited in the wild – and Adobe 42, most of which are critical and none actively exploited… Continue reading February 2020 Patch Tuesday: Microsoft fixes 99 vulnerabilities, Adobe 42
Qualys researchers have discovered a critical vulnerability (CVE-2020-7247) in OpenBSD’s OpenSMTPD mail server, which can allow attackers to execute arbitrary shell commands on the underlying system as root. “We developed a simple proof of concep… Continue reading Critical RCE flaw in OpenSMTPD, patch available
Microsoft today released updates to plug 50 security holes in various flavors of Windows and related software. The patch batch includes a fix for a flaw in Windows 10 and server equivalents of this operating system that prompted an unprecedented public warning from the U.S. National Security Agency. This month also marks the end of mainstream support for Windows 7, a still broadly-used operating system that will no longer be supplied with security updates. Continue reading Patch Tuesday, January 2020 Edition
As forecasted, January 2020 Patch Tuesday releases by Microsoft and Adobe are pretty light: the “star of the show” is CVE-2020-0601, a Windows flaw flagged by the NSA that could allow attackers to successfully spoof code-signing certificate… Continue reading January 2020 Patch Tuesday: Microsoft nukes Windows crypto flaw flagged by the NSA
IT teams appreciate it when vendors or security researchers discover new vulnerabilities and develop patches for them. So do attackers. The same information that lets IT teams know where they may be vulnerable so they can take action, also lets attacke… Continue reading The importance of proactive patch management
The authentication bypass (CVE-2019-19521) is remotely exploitable. Continue reading OpenBSD Hit with Authentication, LPE Bugs
Qualys is a sponsor of TechSpective Qualys customers and executives are gathered in Las Vegas this week for the annual Qualys Security Conference. The event officially kicks off with an opening keynote on Wednesday morning, but Qualys wanted to get the… Continue reading Qualys Introduces VMDR: Vulnerability Management, Detection, and Response
Cybersecurity is a significant challenge for companies of all sizes and across all industries around the world. As challenging as cybersecurity can be with modern or cutting-edge technology, it is often harder to secure and protect legacy hardware and … Continue reading OTCSA Launches to Improve Cybersecurity for OT and Critical Infrastructure