Vulnerabilities in open source WAF ModSecurity
During our research of web application firewall evasion issues, we uncovered a flaw in ModSecurity that may lead to complete bypass of the installed rules, in the cases when …
Qualys releases virtualized private cloud platform
Qualys introduced a private cloud version of its QualysGuard Cloud Platform that allows customers to host and operate the security and compliance platform within their data …
Microsoft to release seven bulletins next week
The Microsoft Security Bulletin Advance Notification for June 2012 lists seven bulletins, three of which are rated “critical” and four “important.” The …
Make your pentester work harder for his money
In this video recorded at Infosecurity 2012, Wolfgang Kandek, CTO at Qualys, talks about their recent research dealing with Java. Many modern exploits use Java as a stepping …
Top 10 patching hurdles and how to overcome them
Patching is the most effective, efficient and simple method to mitigate malware, worms and viruses. It may not protect against advance attacks that make use of 0-day …
SSL governance and implementation across the Internet
Philippe Courtot, founder of the Trustworthy Internet Movement (TIM), and chairman and CEO of Qualys, talks about how the TIM has chosen SSL governance and implementation …
Apple security update fixes QuickTime vulnerabilities
Apple just released an advisory addressing 17 security flaws in QuickTime Media Player. The update is rated critical as several of the fixed vulnerabilities can be used to …
Qualys adds security experts to CTO/CSO advisory board
Qualys announced today the newest additions to its CSO/CTO Advisory Board. The four new members join information security leaders from eBay, Goldman Sachs, Microsoft, PayPal, …
Microsoft releases seven security updates
This month, Microsoft released seven bulletins, three critical and four important, that addressed a total of 23 vulnerabilities. MS12-029 is the bulletin that should be …
Oracle addresses 0-day “TNS Poison”
Update: Edited to reflect that Oracle has released a configuration workaround, not a patch. This week Oracle released an out-of-band patch for the CVE-2012-1675 vulnerability …
Global dashboard for monitoring the quality of SSL support
Last week we announced SSL Pulse, a continuously updated dashboard that is designed to show the state of the SSL ecosystem at a glance. While it is possible today to deploy …
World renowned experts to examine SSL governance
Just two months from its inauguration date at the RSA Conference in San Francisco on February 29, the Trustworthy Internet Movement (TIM) announced today that it has chosen …
Featured news
Sponsored
Don't miss
- ChatGPTriage: How can CISOs see and control employees’ AI use?
- Managing exam pressure: Tips for certification preparation
- Firmware update hides Bluetooth fingerprints
- Critical Exim vulnerability facilitates malware delivery (CVE-2024-39929)
- Risk related to non-human identities: Believe the hype, reject the FUD