feedly.com Open in urlscan Pro
104.20.59.241  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Skip to Content







VULNERABILITIES AND THREAT RESEARCH – QUALYS SECURITY BLOG
EXPERT NETWORK SECURITY GUIDANCE AND NEWS

15K followers1 article per week#security#threat-research#tech



MOST POPULAR

Atlassian Confluence: Questions for Confluence App Hardcoded Credentials
Vulnerability (CVE-2022-26138)

by Mayank Deshmukh / 5d
Over the last few months, Atlassian Confluence has increasingly become a target
for attackers. In June 2022, a critical severity OGNL Remote Code Execution
vulnerability was disclosed (CVE-2022-26134). More recently, CVE-2022-26138 was
disclosed on social media platforms in July 2022. In CVE-2022-26138, a
Confluence user account is created by the Questions for Confluence app with
hardcoded creden
Russia-Ukraine Crisis: How to Strengthen Your Security Posture to Protect
against Cyber Attack, based on CISA Guidelines

34by Nagi Prabhu / 5mo
CISA has created Shields Up as a response to the Russian invasion of Ukraine.
Qualys is responding with additional security, monitoring and governance
measures. This blog details how and what our enterprise customers can do to
immediately strengthen their security posture and meet CISA’s recommendations.
With the invasion of Ukraine by Russia, the U.S. Cybersecurity & Infrastructure
Security Agen
Infographic: Log4Shell Vulnerability Impact by the Numbers

by Qualys Research Team / 5mo
The full scope of risk presented by the Log4Shell vulnerability is something
unprecedented, spanning every type of organization across every industry. Hard
to find but easy to exploit, Log4Shell immediately places hundreds of millions
of Java-based applications, databases, and devices at risk. Remediating this
vulnerability has turned out not to be a simple, one-and-done process. Multiple
detecti


AUG 16

AsyncRAT C2 Framework: Overview, Technical Analysis & Detection

by Pawan Kumar N / 5d
In this blog we describe the AsyncRAT C2 ( command & control ) Framework, which
allows attackers to remotely monitor and control other computers over a secure
encrypted link. We provide an overview of this threat, a technical analysis, and
a method of detecting the malware using Qualys Multi-Vector EDR . What is
AsyncRAT C2 Framework? AsyncRAT C2 Framework is a Remote Access Trojan (RAT)
designed


AUG 09

August 2022 Patch Tuesday | Microsoft Releases 121 Vulnerabilities with 17
Critical, plus 20 Microsoft Edge (Chromium-Based); Adobe Releases 5 Advisories,
25 Vulnerabilities with 15 Critical.

PatchTuesday
•
by Debra M. Fezza Reed / 12d
Microsoft Patch Tuesday Summary Microsoft has fixed 121 vulnerabilities (aka
flaws) in the August 2022 update, including 17 vulnerabilities classified as
Critical as they allow Elevation of Privilege (EoP) and Remote Code Execution
(RCE). This month’s Patch Tuesday fixes two (2) zero-day vulnerabilities, with
one (1) actively exploited in attacks ( CVE-2022-34713 , CVE-2022-30134 ).
Earlier this


AUG 01

Here’s a Simple Script to Detect the Stealthy Nation-State BPFDoor

by Harshal Tupsamudre / 20d
In this blog, the Qualys Research Team explains the mechanics of a Linux malware
variant named BPFdoor. We then demonstrate the efficacy of Qualys Custom
Assessment and Remediation to detect it, and Qualys Multi-Vector EDR to protect
against it. BPFDoor is a Linux/Unix backdoor that allows threat actors to
remotely connect to a Linux shell to gain complete access to a compromised
device. It suppo


JUL 29

New Qualys Research Report: Evolution of Quasar RAT

by Viren Chaudhari / 23d
The Qualys Threat Research Team continues to inform enterprise cybersecurity
teams of emerging threats that could impact their business. These threat
intelligence reports summarize individual threat exploits and provide practical
recommendations for protecting against them. In this free research report , we
analyze Quasar RAT which has been widely leveraged by multiple threat actor
groups targeti


JUL 12

July 2022 Patch Tuesday | Microsoft Releases 84 Vulnerabilities with 4 Critical,
plus 2 Microsoft Edge (Chromium-Based); Adobe Releases 4 Advisories, 27
Vulnerabilities with 18 Critical.

by Debra M. Fezza Reed / 40d
Microsoft Patch Tuesday Summary Microsoft has fixed 84 vulnerabilities (aka
flaws) in the July 2022 update, including four (4) vulnerabilities classified as
Critical as they allow Remote Code Execution (RCE). This month’s Patch Tuesday
cumulative Windows update includes the fix for one (1) actively exploited
zero-day vulnerability ( CVE-2022-22047 ). Earlier this month, July 6, 2022,
Microsoft al


JUN 29

Atlassian Confluence OGNL Injection Remote Code Execution (RCE) Vulnerability
(CVE-2022-26134)

by Mayank Deshmukh / 53d
On June 02, 2022, Atlassian published a security advisory about a critical
severity Unauthenticated Remote Code Execution vulnerability affecting
Confluence Server and Data Center. According to the advisory, the vulnerability
is being actively exploited and Confluence Server and Data Center versions after
1.3.0 are affected. The vulnerability is tracked as CVE-2022-26134 with 9.8
CVSSv3 score wit


JUN 21

Defending Against Scheduled Task Attacks in Windows Environments

by Harshal Tupsamudre / 2mo
Scheduling tasks is one of the most popular attack techniques used by threat
actors to establish persistence on a victim’s machine. The Qualys Research Team
investigated different ways that attackers could use to conceal scheduled tasks.
In this blog, we describe three new techniques to hide and delete scheduled
tasks in a Microsoft Windows environment. Adversaries abuse task scheduling
functiona


JUN 15

New Qualys Research Report: Inside a Redline InfoStealer Campaign

by Akshat Pradhan / 2mo
The Qualys Threat Research Team continues its efforts to identify and document
previously unseen adversary activity to better understand their tactics,
techniques, and procedures (TTPs) and defend against them. Recently we
identified a new Redline InfoStealer campaign that spreads via fake cracked
software hosted on Discord’s content delivery network. The campaign was actively
observed from the e


JUN 14

June 2022 Patch Tuesday | Microsoft Releases 55 Vulnerabilities with 3 Critical;
Adobe Releases 6 Advisories, 46 Vulnerabilities with 40 Critical.

by Debra M. Fezza Reed / 2mo
Microsoft Patch Tuesday Summary Microsoft has fixed 55 vulnerabilities (aka
flaws) in the June 2022 update, including three (3) vulnerabilities classified
as Critical as they allow Remote Code Execution (RCE). This month’s Patch
Tuesday cumulative Windows update includes the fix for one (1) zero-day
vulnerability ( CVE-2022-30190 ). Microsoft also released an advisory for Intel
Processor MMIO Sta


MAY 10

May 2022 Patch Tuesday | Microsoft Releases 75 Vulnerabilities with 8 Critical

by Debra M. Fezza Reed / 3mo
Microsoft Patch Tuesday Summary Microsoft has fixed 75 vulnerabilities in the
May 2022 update, including one advisory ( ADV220001 1 ) for Azure in response to
CVE-2022-29972 , a publicly exposed Zero-Day Remote Code Execution (RCE)
Vulnerability, and eight (8) vulnerabilities classified as Critical as they
allow RCE or Elevation of Privileges. This month’s Patch Tuesday release
includes fixes for


MAY 09

Ursnif Malware Banks on News Events for Phishing Attacks

by Amit Gadhave / 3mo
Ursnif (aka Gozi, Dreambot, ISFB) is one of the most widespread banking trojans.
It has been observed evolving over the past few years. Ursnif has shown
incredible theft capabilities. In 2020 Ursnif rose to prominence becoming one of
the top ten most prolific pieces of malware. Among its core functionalities are
stealing credentials, downloading other malware, working as a keylogger, among
others


MAY 06

CISA Alert: Top 15 Routinely Exploited Vulnerabilities

by Swapnil Ahirrao / 3mo
The U.S. Cybersecurity & Infrastructure Security Agency has published its report
on the top exploited vulnerabilities of 2021. This blog summarizes the report’s
findings and how you can use Qualys VMDR to automatically detect and remediate
these risks in your enterprise environment. The Cybersecurity & Infrastructure
Security Agency (CISA) releases detailed alerts of critical vulnerabilities and


MAY 04

Ransomware Insights from the FBI’s 2021 Internet Crime Report

by Swapnil Ahirrao / 3mo
The FBI has published its annual report on Internet crime. Qualys has analyzed
its trends and statistics. In this post, we review our findings, especially with
regards to the prevalence of Ransomware, and our recommendations for actions
that enterprises should take to mitigate their risk. Every year the U.S. Federal
Bureau of Investigation publishes an Internet crime report which summarizes its
i


APR 20

Implications of Windows Subsystem for Linux for Adversaries & Defenders (Part 2)

by Akshat Pradhan / 4mo
This post is the second of a multi-part blog series that explores and highlights
the different risks that Windows Subsystem for Linux (WSL) poses to an
enterprise IT environment. Here we examine different TTPs that abuse WSL and
assess different methods to defend against such threats. ← Go to Part 1 Attack
Tactics, Techniques & Procedures Using Windows Subsystem for Linux In our
previous blog pos


APR 12

April 2022 Patch Tuesday: Microsoft Releases 145 Vulnerabilities with 10
Critical; Adobe Releases 4 Advisories, 78 Vulnerabilities with 51 Critical.

by Debra M. Fezza Reed / 4mo
Microsoft Patch Tuesday Summary Microsoft has fixed 145 vulnerabilities,
including 17 Microsoft Edge vulnerabilities, in the April 2022 update, with ten
(10) classified as Critical as they allow Remote Code Execution (RCE). This
month’s Patch Tuesday release includes fixes for two (2) zero-day
vulnerabilities as well, one (1) known to be actively exploited ( CVE-2022-24521
) and the other to be p


MAR 31

Spring Framework Zero-Day Remote Code Execution (Spring4Shell) Vulnerability

by Bharat Jogi / 4mo
Update: On March 31, Spring provided official confirmation and CVE-2022-22965 is
now assigned to this vulnerability. Qualys Research Team has released QIDs as of
March 30 and will keep updating those QIDs as new information is available. On
March 30, a new zero-day Remote Code Execution (RCE) vulnerability,
“Spring4Shell” or “SpringShell” was disclosed in the Spring framework. An
unauthorized att


MAR 22

Implications of Windows Subsystem for Linux for Adversaries & Defenders (Part 1)

by Akshat Pradhan / 5mo
This post is the first of a multi-part blog series that will explore and
highlight the different risks that Windows Subsystem for Linux (WSL) poses to an
enterprise IT environment. Here we examine a new Microsoft feature for GNU\Linux
that increases the attack surface and introduces a lot more complexity to
detection. Go to Part 2 → About Windows Subsystem for Linux Windows Subsystem
for Linux (W


MAR 18

Qualys Study Reveals How Enterprises Responded to Log4Shell

by Mehul Revankar / 5mo
On December 9, 2021, a critical zero-day vulnerability affecting Apache’s Log4j2
library, a Java-based logging utility, was disclosed to the world. This was no
small announcement. As the third most used computer language, Java is
practically ubiquitous. Its Log4j2 library is extremely popular. Billions of
devices around the globe currently run Java. Most enterprises likely have
multiple versions


END OF FEED


YOU MIGHT ALSO LIKE

360 Netlab Blog - Network Security Research Lab at 360
14K followers
AlienVault Labs Blog
16K followers
CXSECURITY Database RSS Feed - CXSecurity.com
12K followers
Explore


READ ALL YOUR FAVORITE SECURITY SOURCES IN ONE PLACE
CREATE A FREE FEEDLY ACCOUNT TO KEEP UP WITH THE TOPICS AND TRENDS YOU CARE
ABOUT

Continue with Google

Terms of service