Skip navigation
Previous Next

Qualys News

December 2008
IE-Logo.gifThe out-of-band security update fixes a a vulnerability can be exploited through JavaScript code posted on malicious Web sites. Internet Explorer users may be redirected to these sites through hacked legitimate sites. If the malicious code is successful, it silently downloads malware onto the victim's computer. Microsoft security researchers estimated that as many as 1 in 500 users of Internet Explorer could have been exposed to malware attempting to exploit the flaw. Microsoft is urging users of IE to test and deploy this update as soon as possible.

Qualys customers can immediately audit their networks for this vulnerability by accessing their QualysGuard subscription and performing the following check:

QID: 100067: Microsoft Internet Explorer Pointer Reference Memory Corruption (MS08-078)

Read More
SAAS.gifOptimism around software-as-a-service appears strong, with 90 percent of organisations expecting to maintain or grow their use of software based on the model, according to Gartner.

The analyst company recently released a report on a global user survey that found cost-effectiveness, and ease and speed of deployment were "primary reasons" for enterprises adopting SaaS (software as a service).

Companies moving to SaaS also looked to the model to help lower their TCO (total cost of ownership) and to solve issues with "unmet performance expectations" with their on-premise implementations.

Sharon Mertz, research director at Gartner, said on Wednesday in a statement: "Use of SaaS has been evolving during the past decade and the SaaS model has become increasingly popular over the past three or four years."

"When asked why their organisations were transitioning from a current on-premises solution to a SaaS solution, respondents' consistent message was that the TCO [for on-premise solutions] was becoming too financially onerous."

Together with budget cuts next year, Gartner expects the focus on driving down TCO to foster greater demand for SaaS compared to on-premise purchases.

Read More
Posted by qualys on Dec 16, 2008 in Qualys News

What New PCI Standards Mean to You


If your business accepts credit card payments it must be compliant with Payment Card Industry (PCI) and the way you handle that data is now governed by Payment Card Industry Data Security Storage Standards (PCI DSS), not as a matter of law, but as part of your contract with the credit card companies whose cards you accept.'s Minda Zetlin outlines the latest requirements in "What New PCI Standards Mean to You.

  1. WEP is disallowed.
  2. All systems "commonly affected" by malware must run anti-malware software. 
  3. Application firewalls are mandatory for Web applications. 
  4. Logs must be saved for a year. 
  5. New-user passwords must be changed. 
Read More
Indusface Consulting, an end-to-end Information Security Services company, announces it has joined with Qualys to differentiate and expand its solutions offering with network security, operations efficiency and risk reduction for their clients while leveraging the flexibility of the Qualys Software-as-a-Service (SaaS) model.

"We have developed a strong consulting team that possess the technology know-how to deliver world class security services and solutions to our clients, said Ashish Tandon, Chief Executive Officer, Indusface Consulting. "Collaborating with Qualys further extends our ability to offer practical solutions that we can confidently apply across a broad range of industry verticals and customer sectors."

Read More
SC-Mag-Hot-or-Not.gifThere's been considerable discussion recently about how automatic software updates, such as those to download security patches, can be used as potential vectors of attack. This is unfortunate, as one of the primary tenets of keeping systems relatively secure is to maintain current patch levels. And when most users, including probably most businesses, need to update their systems, they tend to trust and download the updates presented to them without confirming their authenticity.

In SC Magazine's Hot or Not: Software update vulnerabilities, Amol Sarwate of the Qualys Vulnerabilities Research Lab discusses how automatic update features in many software applications are proving to be vulnerable to attack now that hackers are taking notice. 

Read Article

Qualys® Vulnerability R&D Lab has released new vulnerability checks in QualysGuard® to protect organizations against 9 new vulnerabilities present in Microsoft Windows. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their QualysGuard subscription.

Microsoft released on December 9, 8 security patches to fix newly discovered flaws in Microsoft Windows. Microsoft has also released 1 advisory that currenlty does not have a patch. The Qualys Vulnerability R&D Lab has released the following checks for these new vulnerabilities, including:

        - Microsoft Wordpad Text Converter Vulnerability
        - Microsoft Visual Basic Runtime Extended Files Remote Code Execution Vulnerability
        - Microsoft Windows GDI+ Remote Code Execution Vulnerability
        - Microsoft Word Multiple Remote Code Execution Vulnerabilities
        - Microsoft Internet Explorer Cumulative Security Update
        - Microsoft Excel Multiple Remote Code Execution Vulnerabilities
        - Microsoft Windows Search Remote Code Execution Vulnerability
        - Microsoft Windows Media Components Remote Code Execution Vulnerability

Read Alert
Listen to Podcast

Related Coverage:
Microsoft Slates 8 Bug Updates for Year's Final Patch Tuesday, by Gregg Keizer, Computerworld
Windows Users Indifferent to Microsoft Patch Alarm, by Gregg Keizer, Computerworld
Zero-Day Bug Discovered In IE7, by Tim Wilson, DarkReading
Hackers Having Field Day With IE Zero Day Attacks, by Erika Morphy, TechNewsWorld
SCAwards_09_Finalist.gifAs a finalist in the Readers Trust Awards, which honors best-in-class security products and services, Qualys is nominated for:

-- Best Vulnerability Management Solution for QualysGuard

As a multiple nominee for the Excellence Award, which honors companies with superior security products, Qualys is also nominated for:  

-- Best Security Company
-- Best Enterprise Security Solution for QualysGuard Enterprise
-- Best SME Security Solution for QualysGuard Express

Winners of this year's SC Awards will be announced at a gala dinner and award ceremony to be held in San Francisco on April 21, 2009 in conjunction with the RSA Conference.

Recent Comments

No recent comments.