Ransomware Insights from the FBI’s 2021 Internet Crime Report The FBI has published its annual report on Internet crime. Qualys has analyzed its trends and s... 2022-5-4 17:40:56 | 阅读: 30 | 收藏 | blog.qualys.com ransomware software qualys exposure

Implications of Windows Subsystem for Linux for Adversaries & Defenders (Part 2) This post is the second of a multi-part blog series that explores and highlights the different... 2022-4-21 03:26:35 | 阅读: 53 | 收藏 | blog.qualys.com windows ssh fig microsoft powershell

April 2022 Patch Tuesday: Microsoft Releases 145 Vulnerabilities with 10 Critical; Adobe Releases 4 Advisories, 78 Vulnerabilities with 51 Critical. Microsoft Patch Tuesday Summary Microsoft has fixed 145 vulnerabilities, including 17 Microsoft... 2022-4-13 04:7:30 | 阅读: 156 | 收藏 | blog.qualys.com microsoft security remote windows

Spring Framework Zero-Day Remote Code Execution (Spring4Shell) Vulnerability A new zero-day Remote Code Execution (RCE) vulnerability, “Spring4Shell” or “SpringShell” is fo... 2022-4-1 01:39:18 | 阅读: 99 | 收藏 | blog.qualys.com qid remote vulnsigs 438

Implications of Windows Subsystem for Linux for Adversaries & Defenders (Part 1) This post is the first of a multi-part blog series that will explore and highlight the differen... 2022-3-22 22:25:16 | 阅读: 38 | 收藏 | blog.qualys.com fig windows wsl2 wsl1 sysmon

Infographic: Log4Shell Vulnerability Impact by the Numbers The full scope of risk presented by the Log4Shell vulnerability is something unprecedented, spa... 2022-3-18 21:1:0 | 阅读: 65 | 收藏 | blog.qualys.com log4shell infographic reveals exposure qualys

Qualys Study Reveals How Enterprises Responded to Log4Shell On December 9, 2021, a critical zero-day vulnerability affecting Apache’s Log4j2 library, a Jav... 2022-3-18 21:0:0 | 阅读: 26 | 收藏 | blog.qualys.com log4shell qualys cloud security

Casdoor SQL Injection (CVE-2022-24124) On Jan 22, 2022, a high severity SQL Injection vulnerability was reported in Casdoor which affe... 2022-3-9 18:31:26 | 阅读: 44 | 收藏 | blog.qualys.com casdoor github injection qualys 24124

March 2022 Patch Tuesday: Microsoft Releases 92 Vulnerabilities with 3 Critical; Adobe Releases 3 Advisories, 6 Vulnerabilities with 5 Critical. Microsoft Patch Tuesday Summary  Microsoft has fixed 92 vulnerabilities, including 21 Microsoft... 2022-3-9 06:20:59 | 阅读: 44 | 收藏 | blog.qualys.com remote microsoft tuesday security

AvosLocker Ransomware Behavior Examined on Windows & Linux AvosLocker is a ransomware group that was identified in 2021, specifically targeting Windows ma... 2022-3-7 13:18:46 | 阅读: 48 | 收藏 | blog.qualys.com fig avoslocker encryption ransomware network

Ukrainian Targets Hit by HermeticWiper, New Datawiper Malware The Ukrainian Government has been targeted by HermeticWiper, a new ransomware-like data wiper.... 2022-3-2 12:59:37 | 阅读: 37 | 收藏 | blog.qualys.com windows privileges mbr wiper

Russia-Ukraine Crisis: How to Strengthen Your Security Posture to Protect against Cyber Attack, based on CISA Guidelines CISA has created Shields-Up as a response to the Russian invasion of Ukraine. Qualys is respond... 2022-2-27 04:20:32 | 阅读: 63 | 收藏 | blog.qualys.com security qualys sponsored exploited

Oh Snap! More Lemmings: Local Privilege Escalation Vulnerability Discovered in snap-confine (CVE-2021-44731) The Qualys Research Team has discovered multiple vulnerabilities in the snap-confine functio... 2022-2-18 03:15:55 | 阅读: 358 | 收藏 | blog.qualys.com snap qualys lemmings confine

Microsoft & Adobe Patch Tuesday (February 2022) – Microsoft 70 Vulnerabilities with 0 Critical; Adobe 17 Vulnerabilities with 5 Critical Microsoft Patch Tuesday – February 2022 Microsoft addresses 70 vulnerabilities in their Februar... 2022-2-9 06:35:12 | 阅读: 30 | 收藏 | blog.qualys.com microsoft tuesday remote cvssv3

LolZarus: Lazarus Group Incorporating Lolbins into Campaigns Qualys Threat Research has identified a new Lazarus campaign using employment phishing lures ta... 2022-2-8 19:24:37 | 阅读: 60 | 收藏 | blog.qualys.com fig shellcode phishing windows lockheed

Catching the RAT called Agent Tesla For the last few years, the Qualys Research Team has been observing an infamous “Malware-as-a-s... 2022-2-3 15:22:12 | 阅读: 40 | 收藏 | blog.qualys.com fig payload stage tesla software

PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034) The Qualys Research Team has discovered a memory corruption vulnerability in polkit’s pkexec... 2022-1-26 01:36:43 | 阅读: 584 | 收藏 | blog.qualys.com qualys pwnkit pkexec envp polkit

The Chaos Ransomware Can Be Ravaging The Qualys Research Team has observed a new version of Chaos ransomware in development. This bl... 2022-1-17 21:33:43 | 阅读: 47 | 收藏 | blog.qualys.com ransomware software fig backup development

Automating Agent-less Vulnerability Assessment for Intune Enrolled Mobile Devices Most Mobile Device Management solutions lack critical functionality such as vulnerability asses... 2022-1-14 19:1:24 | 阅读: 29 | 收藏 | blog.qualys.com qualys security intune mdm

Microsoft & Adobe Patch Tuesday (January 2022) – Microsoft 126 Vulnerabilities with 9 Critical, Adobe 41 Vulnerabilities, 22 critical Microsoft Patch Tuesday – January 2022  Microsoft patched 126 vulnerabilities in their January... 2022-1-12 07:32:18 | 阅读: 55 | 收藏 | blog.qualys.com microsoft tuesday remote security