Currently doing a course on #Qualys and they have a subject called "Cyber Security Asset Management" with the... unfortunate... abbreviation CSAM.
Seems like someone didn't do their homework 😂
#Qualys
Qualys ETM Expands with Agentic AI: Identity Security, TruLens, and Exploit Validation
#TycoonWorld #Qualys #QualysETM #TruRisk #EnterpriseTruRiskManagement #QualysSecurity #QualysPlatform #CyberRiskManagement
Qualys ETM: New TruLens for Threat Prioritization & TruConfirm for Exploit Proof
#NewsUpturn #Qualys #QualysETM #TruRisk #EnterpriseTruRiskManagement #QualysSecurity #QualysPlatform #CyberRiskManagement
Instead of building navigation with icons, Qualys thought it'd be a great idea to use boxes, each containing an acronym which can stand for any number of things.
If you are thinking that CSAM is for Child Sexual Abuse Material, that PM is for Project Management and PS is for Photoshop, well, you'd be wrong on all counts.
Can you guess why some buttons are different colors but the different colors are not all grouped together? Me neither.
Seems the Qualys US realms are struggling this morning. Outages across the board for the US platforms.
Kolejne podatności w sudo, tym razem moduły uwierzytelniania PAM
O tym, że sudo (czytane su-du) to krytyczny komponent systemu operacyjnego, z punktu widzenia nie tylko użyteczności ale przede wszystkim – bezpieczeństwa, przekonywaliśmy nie raz. Ostatnio opisywaliśmy ciekawe podatności dotyczące przełączników –host oraz –chroot. Tym razem, przyjrzymy się dwóm podatnościom z kategorii błędów logicznych – CVE-2025-6018 oraz CVE-2025-6019. Luki zostały...
#WBiegu #Linux #Opensuse #Qualys #Security #Sudo
https://sekurak.pl/kolejne-podatnosci-w-sudo-tym-razem-moduly-uwierzytelniania-pam/
#Patches kommen:
Zwei Lücken verleihen #Angreifern #Root-Rechte unter #Linux
Durch Verkettung der beiden Lücken lassen sich #Linux-Systeme vollständig kompromittieren. Admins sollten so bald wie möglich patchen.
#Sicherheitsforscher von #Qualys haben zwei gefährliche #Sicherheitslücken aufgedeckt, mit denen Angreifer auf #Linux-Systemen einen #Root-Zugriff erlangen können.
#Qualys TRU Uncovers Chained LPE: SUSE 15 PAM to Full Root via libblockdev/udisks
Neue #Linux #Sicherheitslücken: #Race #Conditions bedrohen sensible Daten.
Zwei neu entdeckte Schwachstellen gefährden aktuell bestimmte #Linux- #Distributionen. Die #Sicherheitsforscher von #Qualys haben Race Conditions in den Komponenten apport und systemd-coredump identifiziert. Sie wurden unter den CVE-Nummern CVE-2025-5054 und CVE-2025-4598 veröffentlicht und ermöglichen es lokalen Angreifern, auf Speicherabzüge privilegierter Prozesse zuzugreifen.
Two information disclosure flaws have been identified in #apport and #systemd-coredump, the core dump handlers in #Ubuntu, #RedHat Enterprise #Linux, and #Fedora, according to the #Qualys Threat Research Unit (TRU).
Tracked as CVE-2025-5054 and CVE-2025-4598, both #vulnerabilities are race condition bugs that could enable a local attacker to obtain access to access sensitive information. Tools like Apport and systemd-coredump are designed to handle crash reporting and core dumps in Linux systems.
https://thehackernews.com/2025/05/new-linux-flaws-allow-password-hash.html
[SOLVED] #Qualys #SSL #Labs post March #2025 #Debian 12 #Bookworm #nginx #config 4 x 100 A+
https://andrzej.langow.ski/2025/05/23/solved-qualys-ssl-labs-post-march-2025-debian-12-bookworm-nginx-config-4-x-100-a/
https://andrzej.langow.ski/2025/05/23/solved-qualys-ssl-labs-post-march-2025-debian-12-bookworm-nginx-config-4-x-100-a/
🎙️ Ready for a mindset shift? 🤯
In this On Location Briefing from #RSAC2025, we catch up with one of the industry’s leading voices on risk-based security, Richard Seiersen, for an insightful discussion you won’t want to miss!
🚀 New Briefing from #RSAC 2025: This Is What Happens When Security Stops Chasing Threats and Starts Managing Risk
At RSA Conference 2025, Sean Martin, CISSP caught up with Rich Seiersen, Chief Risk Technology Officer at Qualys, to talk about why simply chasing threats isn’t enough — and why risk-based security is the future.
🔐 How can organizations rethink their priorities to focus on what truly matters in cybersecurity?
Find out how Qualys is helping companies shift from reactive defense to proactive, risk-driven security strategies.
🎙️ Watch, listen, or read the full conversation here:
👉 https://www.itspmagazine.com/their-stories/this-is-what-happens-when-security-stops-chasing-threats-and-starts-managing-risk-a-brand-story-with-rich-seiersen-from-qualys-an-on-location-rsac-conference-2025-brand-story
📌 Learn more about Qualys’ work:
👉 https://www.itspmagazine.com/directory/qualys
🛰️ See all our RSAC 2025 coverage:
👉 https://www.itspmagazine.com/rsac25
🌟 Discover more Brand Stories and Briefings from innovative companies:
👉 https://www.itspmagazine.com/brand-story
🎥🎙️ This is just one of the many incredible conversations we recorded On Location in San Francisco, as Sean Martin and Marco Ciappelli covered the event as official media partners for the 11th year in a row.
Stay tuned for more Brand Stories, Briefings, and candid conversations from RSAC 2025!
🎤 Looking ahead:
If your company would like to share your story with our audiences On Location, we’re gearing up for Infosecurity Europe in June and Black Hat USA in August!
⚡ RSAC 2025 sold out fast — we expect the same for these next events.
🎯 Reserve your full sponsorship or briefing now: https://www.itspmagazine.com/purchase-programs
#cybersecurity #infosec #infosecurity #technology #tech #society #business #riskmanagement #riskbasedsecurity #securitystrategy #qualys
#Qualys needs to update their TLS client test to support the new signature algorithms and named groups. There are a fair number of "unknown" entries with #OpenSSL 3.5. https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html
Powershell Qualys Authentication Part 1 http://dlvr.it/TJ3zpb via PlanetPowerShell #PowerShell #Qualys #VulnerabilityManagement #API
#InfoSec #needrestart #Qualys #SecurityAdvisory
Local Privilege Escalations in needrestarthttps://www.openwall.com/lists/oss-security/2024/11/19/1
We discovered three fundamental vulnerabilities in needrestart (three
LPEs, Local Privilege Escalations, from any unprivileged user to full
root), which are exploitable without user interaction on #Ubuntu Server
(through unattended-upgrades)
#needrestart 3.8 was released:
https://github.com/liske/needrestart/releases/tag/v3.8
This coordinated release contains 4 security fixes for local privilege escalations found by the Qualys Security Advisory team: https://www.qualys.com/2024/11/19/needrestart/needrestart.txt
An local attacker can trick needrestart to execute arbitrary code as root. Debian and Ubuntu already shipping security updates.
You should apply these updates in a timely manner. These issues can be mitigated by disabling the interpreter heuristic.
While not directly related to Cybersecurity Awareness Month, I want to call out #Qualys for deciding they needed to abbreviate their "Cybersecurity Asset Management" product using the forbidden acronym.
https://www.qualys.com/apps/cybersecurity-asset-management/
#Cybersecurity #CyberSecurityAwarenessMonth
question for everyone. Anyone use Qualys for vulnerability management? I've had Rapid7 for 3 years and with failed support and a broken product and no help, I am looking to switch.
Want to see how Qualys stacks up against Rapid7's InsightVM.
@Stellar
STS is always a good idea. If there is no (quirky) reason to use http and its just for redirecting the lazy ones to https, go for it. Please read what max-age and includeSubDomains really do, esp. the latter. I recommend #qualys
https://www.ssllabs.com/ssltest/
for checking.
@mothmoon
Edit: Typo
all #qualys reports posted to oss-security
download the txt locally with:
wget -r --no-parent https://markesler.com/notes/qualys-oss-security-reports/
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst