Collaborate Disseminate
A code audit of Exim, a widely used mail transfer agent, has revealed 21 previously unknown vulnerabilities, some of which can be chained together to achieve unauthenticated remote code execution on the Exim Server. They have all been fixed in Exim v4…. Continue reading 21 vulnerabilities found in Exim, update your instances ASAP!
Researchers have found 21 unique vulnerabilities in Exim, a popular mail transfer agent, some of which would allow hackers to run full remote unauthenticated code execution against targets, the Qualys Research Team announced Tuesday. If used properly, attackers could execute commands to install programs, manipulate data, create new accounts or change settings on the mail servers, according to the research. CVE-2020-28017, one of the vulnerabilities, dates as far back as 2004, according to the findings. Qualys and Exim recommend users apply the patches immediately. The Exim Mail Transfer Agent (MTA) vulnerabilities, which Qualys is referring to collectively as 21Nails, affect all versions before Exim-4.94.1. Ten of the flaws can be executed to gain root privileges, while 11 of them can be used to exploit victim systems locally. Hackers could link several of the vulnerabilities together in an attack to run full remote unauthenticated code execution against vulnerable mail servers, Qualys […]
The post Qualys researchers uncover 21 bugs in Exim mail servers appeared first on CyberScoop.
Continue reading Qualys researchers uncover 21 bugs in Exim mail servers
Qualys Multi-Vector EDR combines proactive anti-malware technology with real-time, cloud-based detection and response providing comprehensive endpoint protection against the latest malicious threats like ransomware FOSTER CITY, Calif. May 3, 2021 ̵… Continue reading Qualys Expands Its Endpoint Security Solution with Real-Time Malware Protection
Long-time company executive previously served as interim CEO FOSTER CITY, Calif. April 29, 2021 – Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of disruptive cloud-based IT, security and compliance solutions, today announced that it… Continue reading Qualys Board Names Sumedh Thakar as CEO
Patch Management streamlines and accelerates vulnerability remediation from a single integrated solution for Linux and Windows devices FOSTER CITY, Calif. April 21, 2021 – Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of disruptive … Continue reading Qualys Extends VMDR to Patch Linux Workloads
PlexTrac, a Boise, ID-based security service that aims to provide a unified workflow automation platform for red and blue teams, today announced that it has raised a $10 million Series A funding round led by Noro-Moseley Partners and Madrona Venture Group. StageDot0 ventures also participated in this round, which the company plans to use to […] Continue reading PlexTrac raises $10M Series A round for its collaboration-centric security platform
By Waqas
Qualys has confirmed that the Clop ransomware gang is behind the cyber attack that exploited Accellion exploit.
This is a post from HackRead.com Read the original post: IT Security firm Qualys extorted by Clop gang after data breach
Continue reading IT Security firm Qualys extorted by Clop gang after data breach
A set of cybercriminals behind a string of recent hacks involving Accellion-made software is now claiming responsibility for a breach of Qualys, a major cloud computing security vendor. As proof of the access to data, an extortion site maintained by hackers has leaked documents claiming to contain information on Qualys customers. Attackers affiliated with the extortion site have previously been linked to the Clop ransomware, a file-locking malware that emerged two years ago. This month, thieves claimed responsibility for a series of incidents that have relied on data leaks, rather than ransomware, as an extortion tactic, according to security firm FireEye. With some 19,000 clients, including major financial firms like Capital One and Experian, Qualys represents an attractive target for extortionists keen on making sensitive data public. It was not immediately clear Wednesday how, if at all, the reported breach affected Qualys’ customers, or if ransomware was deployed. The […]
The post Cloud security firm Qualys reportedly victimized by prolific scammers appeared first on CyberScoop.
Continue reading Cloud security firm Qualys reportedly victimized by prolific scammers
Attackers increasingly strive to leverage cloud weaknesses that enable them to deliver malware to end users, gain unauthorized access to production environments or their data, or completely compromise a target environment. This strategy is known as a w… Continue reading How do I select a cloud security solution for my business?
Qualys announced it is expanding Qualys VMDR (Vulnerability Management, Detection and Response) to mobile devices with support for Android and iOS/iPadOS delivering an end-to-end solution for mobile device security. Qualys’ all-in-one VMDR provid… Continue reading Qualys expands VMDR to mobile devices with support for Android and iOS/iPadOS