Qualys CyberSecurity Asset Management brings security teams the automation they need

Qualys announced CyberSecurity Asset Management (CSAM), built on the Qualys Cloud Platform, to inventory the complete IT ecosystem, detect security gaps and respond to the risk, all from a unified platform. Over the past year, organizations have rapidl… Continue reading Qualys CyberSecurity Asset Management brings security teams the automation they need

21 vulnerabilities found in Exim, update your instances ASAP!

A code audit of Exim, a widely used mail transfer agent, has revealed 21 previously unknown vulnerabilities, some of which can be chained together to achieve unauthenticated remote code execution on the Exim Server. They have all been fixed in Exim v4…. Continue reading 21 vulnerabilities found in Exim, update your instances ASAP!

Qualys researchers uncover 21 bugs in Exim mail servers

Researchers have found 21 unique vulnerabilities in Exim, a popular mail transfer agent, some of which would allow hackers to run full remote unauthenticated code execution against targets, the Qualys Research Team announced Tuesday. If used properly, attackers could execute commands to install programs, manipulate data, create new accounts or change settings on the mail servers, according to the research. CVE-2020-28017, one of the vulnerabilities, dates as far back as 2004, according to the findings. Qualys and Exim recommend users apply the patches immediately. The Exim Mail Transfer Agent (MTA) vulnerabilities, which Qualys is referring to collectively as 21Nails, affect all versions before Exim-4.94.1. Ten of the flaws can be executed to gain root privileges, while 11 of them can be used to exploit victim systems locally. Hackers could link several of the vulnerabilities together in an attack to run full remote unauthenticated code execution against vulnerable mail servers, Qualys […]

The post Qualys researchers uncover 21 bugs in Exim mail servers appeared first on CyberScoop.

Continue reading Qualys researchers uncover 21 bugs in Exim mail servers

Qualys Expands Its Endpoint Security Solution with Real-Time Malware Protection

Qualys Multi-Vector EDR combines proactive anti-malware technology with real-time, cloud-based detection and response providing comprehensive endpoint protection against the latest malicious threats like ransomware FOSTER CITY, Calif. May 3, 2021 &#821… Continue reading Qualys Expands Its Endpoint Security Solution with Real-Time Malware Protection

PlexTrac raises $10M Series A round for its collaboration-centric security platform

PlexTrac, a Boise, ID-based security service that aims to provide a unified workflow automation platform for red and blue teams, today announced that it has raised a $10 million Series A funding round led by Noro-Moseley Partners and Madrona Venture Group. StageDot0 ventures also participated in this round, which the company plans to use to […] Continue reading PlexTrac raises $10M Series A round for its collaboration-centric security platform

IT Security firm Qualys extorted by Clop gang after data breach

By Waqas
Qualys has confirmed that the Clop ransomware gang is behind the cyber attack that exploited Accellion exploit.
This is a post from HackRead.com Read the original post: IT Security firm Qualys extorted by Clop gang after data breach
Continue reading IT Security firm Qualys extorted by Clop gang after data breach

Cloud security firm Qualys reportedly victimized by prolific scammers

A set of cybercriminals behind a string of recent hacks involving Accellion-made software is now claiming responsibility for a breach of Qualys, a major cloud computing security vendor.   As proof of the access to data, an extortion site maintained by hackers has leaked documents claiming to contain information on Qualys customers. Attackers affiliated with the extortion site have previously been linked to the Clop ransomware, a file-locking malware that emerged two years ago. This month, thieves claimed responsibility for a series of incidents that have relied on data leaks, rather than ransomware, as an extortion tactic, according to security firm FireEye. With some 19,000 clients, including major financial firms like Capital One and Experian, Qualys represents an attractive target for extortionists keen on making sensitive data public. It was not immediately clear Wednesday how, if at all, the reported breach affected Qualys’ customers, or if ransomware was deployed. The […]

The post Cloud security firm Qualys reportedly victimized by prolific scammers appeared first on CyberScoop.

Continue reading Cloud security firm Qualys reportedly victimized by prolific scammers

How do I select a cloud security solution for my business?

Attackers increasingly strive to leverage cloud weaknesses that enable them to deliver malware to end users, gain unauthorized access to production environments or their data, or completely compromise a target environment. This strategy is known as a w… Continue reading How do I select a cloud security solution for my business?