Collaborate Disseminate
Patch Tuesday came and went and, as usual, Microsoft and Adobe have released patches/security updates for vulnerabilities affecting a wide variety of their products. Adobe’s patches This April 2018 Patch Tuesday Adobe addressed vulnerabilities in… Continue reading What patches to prioritize following the April 2018 Patch Tuesday?
This week on Enterprise News, SolarWinds unveils cloud-first backup service for dedicated servers and virtual servers, VMware acquires E8 Security, NGINX simplifies the journey to microservices, and Qualys buys 1Mobility software assets. Full Show Note… Continue reading SolarWinds, Qualys, and NGINX – Enterprise Security Weekly #86
The Microsoft February 2018 security updates are for Internet Explorer, Edge, Windows, Office, Office Services and Web Apps, Adobe Flash, and ChakraCore (the core part of the Chakra Javascript engine that powers Microsoft Edge). Jimmy Graham, director … Continue reading Microsoft, Adobe February 2018 security updates: An overview
It’s Nov. 14 — the second Tuesday of the month (a.k.a. “Patch Tuesday) — and Adobe and Microsoft have issued gobs of security updates for their software. Microsoft’s 11 patch bundles fix more than four-dozen security holes in various Windows versions and Office products — including at least four serious flaws that were publicly disclosed prior to today. Meanwhile, Adobe’s got security updates available for a slew of titles, including Flash Player, Photoshop, Reader and Shockwave. Continue reading Adobe, Microsoft Patch Critical Cracks
For its October Patch Tuesday, Microsoft has patched 61 vulnerabilities (27 of them critical) and one Office zero-day labeled as “important.” The zero-day The memory corruption zero-day vulnerability in Microsoft Office (CVE-2017-11826) is reported to be actively exploited in the wild. “An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control … More → Continue reading October Patch Tuesday: 61 bugs and one zero-day fixed
Fortanix launches runtime encryption using Intel SGX Fortanix’ Self-Defending Key Management Service (SDKMS) is a cloud service delivering runtime encryption technology to protect applications and data during use. Runtime encryption allows general-purpose computation on encrypted data without exposing sensitive data to untrusted operating systems, root users, cloud providers, or malicious insiders. Manage real-time change detection for global IT environments Qualys released its highly scalable and centralized File Integrity Monitoring (FIM) Cloud App, which logs and … More → Continue reading New infosec products of the week: September 29, 2017
As part of its regular, monthly Patch Tuesday update, Microsoft has released patches for 81 new vulnerabilities, including a zero-day in the .NET Framework. The September patch dump also includes details of a spoofing vulnerability in the Windows Bluetooth driver (CVE-2017-8628), which has been disclosed as part of the BlueBorne batch of vulnerabilities. The flaw was apparently patched silently in July, but Microsoft chose to delay releasing details about it until other vendors could develop … More → Continue reading Patch Tuesday: 80+ vulnerabilities fixed, one exploited in the wild
In this podcast recorded at Black Hat USA 2017, Ankur Tyagi, senior malware research engineer at Qualys, talks about visual network and file forensics. Here’s a transcript of the podcast for your convenience. I am Ankur Tyagi from Qualys. I am the senior malware research engineer over here, and in this podcast for Help Net Security, I will be talking about visual network and file forensics. So, in recent times you might have known there … More → Continue reading Visual network and file forensics with Rudra
In this podcast recorded at Black Hat USA 2017, Hari Srinivasan, Director of Product Management at Qualys, talks about the challenges involved in securing clouds, and explains how to gain complete visibility and security of your cloud infrastructure using Qualys CloudView. Here’s a transcript of the podcast for your convenience. Hello there, my name is Hari Srinivasan, I’m the Director of Product Management with Qualys. Qualys recently launched Qualys CloudView. Qualys CloudView provides you with … More → Continue reading Complete and continuous cloud infrastructure protection
The Microsoft August 2017 Patch Tuesday update has landed and contains patches for 48 vulnerabilities, 25 of which are for critical issues. 27 of the vulnerabilities can be exploited to achieve remote code execution, but the good news is that none of them are currently under active attack – even though some exploits are already public. “Many of the vulnerabilities in this month’s release involve the Scripting Engine, which can impact both browsers and Microsoft … More → Continue reading Microsoft fixes 25 critical issues in August Patch Tuesday