Infosec products of the month: February 2025 https://www.helpnetsecurity.com/2025/02/28/infosec-products-of-the-month-february-2025/ #PaloAltoNetworks #LegitSecurity #VeeamSoftware #SealSecurity #SafeBreach #1Password #Dynatrace #Privacera #Fortinet #Netwrix #Trustmi #Pangea #Qualys #Satori #Socure #Armor #BigID #News #Nymi

Powershell Qualys Authentication Part 1 http://dlvr.it/TJ3zpb via PlanetPowerShell #PowerShell #Qualys #VulnerabilityManagement #API

Critical OpenSSH Vulnerabilities Expose Users to MITM and DoS Attacks – Source:hackread.com https://ciso2ciso.com/critical-openssh-vulnerabilities-expose-users-to-mitm-and-dos-attacks-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #Vulnerability #Hackread #security #OpenSSH #Qualys #MITM #DoS

Critical OpenSSH Vulnerabilities Expose Users to MITM and DoS Attacks https://hackread.com/critical-openssh-flaws-expose-users-mitm-dos-attacks/ #Cybersecurity #Vulnerability #Security #OpenSSH #Qualys #MITM #DoS

New infosec products of the week: February 7, 2025 https://www.helpnetsecurity.com/2025/02/07/new-infosec-products-of-the-week-february-7-2025/ #SafeBreach #Dynatrace #Qualys #Satori #News #Nymi

DeepSeek AI Model Riddled With Security Vulnerabilities – Source: securityboulevard.com https://ciso2ciso.com/deepseek-ai-model-riddled-with-security-vulnerabilities-source-securityboulevard-com/ #AIandMachineLearninginSecurity #SecurityBoulevard(Original) #rssfeedpostgeneratorecho #AIandMLinSecurity #CyberSecurityNews #SecurityBoulevard #SocialFacebook #SocialLinkedIn #Cybersecurity #Spotlight #DeepSeek #SocialX #OpenAI #Qualys #genai #News #LLM #AI

Qualys TotalAppSec enables organizations to address risks across web applications and APIs https://www.helpnetsecurity.com/2025/02/03/qualys-totalappsec/ #Industrynews #Qualys

#needrestart 3.8 was released:
https://github.com/liske/needrestart/releases/tag/v3.8

This coordinated release contains 4 security fixes for local privilege escalations found by the Qualys Security Advisory team: https://www.qualys.com/2024/11/19/needrestart/needrestart.txt

An local attacker can trick needrestart to execute arbitrary code as root. Debian and Ubuntu already shipping security updates.

You should apply these updates in a timely manner. These issues can be mitigated by disabling the interpreter heuristic.

While not directly related to Cybersecurity Awareness Month, I want to call out #Qualys for deciding they needed to abbreviate their "Cybersecurity Asset Management" product using the forbidden acronym.

https://www.qualys.com/apps/cybersecurity-asset-management/
#Cybersecurity #CyberSecurityAwarenessMonth

Wurde der #Qualys-Blog gehackt? Werbung für Online-Casinos ist nicht das Geschäft, in dem Qualys aktiv ist, afaik.

https://www.borncity.com/blog/2024/07/03/wurde-der-blog-von-qualys-gehackt-2-juli-2024/

Has the #Qualys blog been hacked?

https://borncity.com/win/2024/07/03/has-the-qualys-blog-been-hacked-july-2-2024/

My latest #project is coming to an end, and I’ll be honest, it’s been fun and an interesting piece of work.

Inplementing a Network, Detection and Response (#ndr) platform powered by #bluehexagon (now owned by #qualys) , with full integration into #Sentinel and #defenderforendpoint.

The interesting part was creating a custom #powershell #cmdlet / toolset for security engineering to integrate data as part of security incidents. Had me brushing off my coding skills and remembering how much I actually enjoy it!

This also means, my diary is now free from the end of this month… so am #opentowork.

Check out my #blog at https://paulsanders.co.uk for some (not so much upto date) posts.

New Linux vulnerability in the GNU C library can lead to privilege escalation https://www.linux-magazine.com/Online/News/New-Linux-Vulnerability-Enables-a-Privilege-Escalation #LooneyTunables #Linux #vulnerability #patch #Qualys #glibc #Debian #Ubuntu #Fedora

#Qualys has published a privilege escalation #vulnerability on Linux systems using #glibc:

https://www.openwall.com/lists/oss-security/2023/10/03/2

Distributions are already distributing fixes.

New #Qualys #Security #Advisory!

Looney Tunables: Local Privilege Escalation in the glibc's ld.so
(CVE-2023-4911)

https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt

Lol, there's a pentesting company called qualysec... . The name's suspiciously easy to mistake for #qualys. They totally do not sound fishy at all..

In light of the recent #Qualys #advisory, I recommend reading this old #vulnerability report by @taviso that’s also cited by Qualys in their writeup.

The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads.

https://seclists.org/fulldisclosure/2010/Oct/344