Tag Archives: Qualys

New episode “In The Trend of VM” (#10): 8 trending vulnerabilities of November, zero budget VM and who should look for patches

Leave a reply

New episode “In The Trend of VM” (#10): 8 trending vulnerabilities of November, zero budget VM and who should look for patches. The competition for the best question on the topic of VM continues. 😉🎁

📹 Video on YouTube, LinkedIn
🗞 Post on Habr (rus)
🗒 Digest on the PT website

Content:

🔻 00:29 Spoofing – Windows NTLM (CVE-2024-43451)
🔻 01:16 Elevation of Privilege – Windows Task Scheduler (CVE-2024-49039)
🔻 02:16 Spoofing – Microsoft Exchange (CVE-2024-49040)
🔻 03:03 Elevation of Privilege – needrestart (CVE-2024-48990)
🔻 04:11 Remote Code Execution – FortiManager “FortiJump” (CVE-2024-47575)
🔻 05:19 Authentication Bypass – PAN-OS (CVE-2024-0012)
🔻 06:32 Elevation of Privilege – PAN-OS (CVE-2024-9474)
🔻 07:42 Path Traversal – Zyxel firewall (CVE-2024-11667)
🔻 08:37 Is it possible to Manage Vulnerabilities with no budget?
🔻 09:53 Should a VM specialist specify a patch to install on the host in a Vulnerability Remediation task?
🔻 10:51 Full digest of trending vulnerabilities
🔻 11:18 Backstage

На русском

About Elevation of Privilege – needrestart (CVE-2024-48990) vulnerability

Leave a reply

About Elevation of Privilege - needrestart (CVE-2024-48990) vulnerability

About Elevation of Privilege – needrestart (CVE-2024-48990) vulnerability. On November 19, Qualys released a security bulletin about five privilege escalation vulnerabilities in the needrestart utility (CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003) used in Ubuntu Server, starting with version 21.04.

The needrestart utility runs automatically after APT operations (installing, updating, or removing packages). It checks if a reboot is required, thus ensuring that services use updated libraries without unnecessary downtime.

All 5 vulnerabilities make it possible for a regular user to become root. Qualys has private exploits for each. There is currently a publicly available exploit only for one vulnerability related to the PYTHONPATH environment variable.⚡️ It is available on Github since November 20th.

Update needrestart to version 3.8 or disable “interpreter scanning” in needrestart.conf.

На русском

Qualys released QScanner – a console vulnerability scanner for container images

Leave a reply

Qualys released QScanner - a console vulnerability scanner for container images

Qualys released QScanner – a console vulnerability scanner for container images. Feed it an image and get a list of vulnerabilities (a la Trivy).

It supports:

“Local Runtimes: Scan images from Docker, Containerd, or Podman.
Local Archives: Analyze Docker images or OCI layouts from local files.
Remote Registries: Connect to AWS ECR, Azure Container Registry, JFrog, GHCR, and more.”

Capabilities:

🔹 Detects OS package vulnerabilities
🔹 Software Composition Analysis (SCA) for Ruby, Rust, PHP, Java, Go, Python, .NET and Node.js applications.
🔹 Detects secrets (passwords, API keys and tokens)

But it’s not free. 🤷‍♂️💸🙂 All cases, except SBOM generation, require ACCESS_TOKEN and Platform POD. QScanner is the interface of Qualys Container Security module.

It can be used for:

🔸 scanning local images on developers’ desktops
🔸 integration into CI/CD pipelines
🔸 integration with registries

The concept is interesting. 👍

На русском

Qualys announced the TotalAI module for artificial intelligence (AI) and large language models (LLM) security

Leave a reply

Qualys announced the TotalAI module for artificial intelligence (AI) and large language models (LLM) security

Qualys announced the TotalAI module for artificial intelligence (AI) and large language models (LLM) security. The module will be available in Q4 2024 as part of the Enterprise TruRisk platform.

Announced features:

🔹 Detection and monitoring of the AI ​​infrastructure of organizations. To avoid “shadow LLM”.

🔹 Vulnerability Management with a focus on AI threats. Especially on countering theft (extraction) of data and models. They will offer a variety of ways to fix vulnerabilities.

🔹 Specialized LLM scanning focussed on prompt injection, model theft, and disclosure of confidential information.

🔹 Compliance Management and risk management. They emphasize combating data leaks and mention GDPR, PCI, CCPA.

There is a screenshot of the interface with statistics on models and related threats. We can also see statistics on threats related to assets and interesting informers for AI Workloads, AI Software and GPU.

На русском

Regarding the Qualys Patch Management event that took place yesterday

Leave a reply

Regarding the Qualys Patch Management event that took place yesterday

Regarding the Qualys Patch Management event that took place yesterday.

I liked:

✅ Cool report by Eran Livne about Patch Management capabilities in Qualys. 👍 Especially about creating linked patching tasks (first for a test scope, and a week later for a full scope) and about the ability to isolate hosts as a mitigation option (access remains only from the Qualys cloud). The part about new TruRisk Eliminate was also interesting.
✅ Adam Gray beautifully justified the need for mandatory patching (since prevention doesn’t really work 🤷‍♂️).

I didn’t like:

❌ Most speakers focused on other information security topics rather than patch management. I think it would have been possible to select more thematic reports for this event.
❌ I simply can’t accept theses like “you don’t need to patch all vulnerabilities”. 🤷‍♂️ My position: you need to patch everything. And workarounds are good for a while UNTIL a patch is installed.

На русском

Qualys introduces TruRisk Eliminate for augmented Patch Management

Leave a reply

Qualys introduces TruRisk Eliminate for augmented Patch Management

Qualys introduces TruRisk Eliminate for augmented Patch Management. Qualys didn’t wait until the event and published a blog post. What they presented is an implementation of workarounds.

In the screenshot of TruRisk Eliminate we see a filtered list of vulnerabilities on assets, the criticality of vulnerabilities in the form of QDS, the Remediations and Mitigations columns.

🔹 Remediations – installing a patch or installing a patch with reconfiguration.

🔹 Mitigations – workarounds that neutralize the vulnerability instead of patching: changing the registry key, changing the config, removing the application, blocking the port, isolating the device, etc.

And there is a button to perform an action on the asset (using an agent) with a choice of Remediations/Mitigations option.

It’s a logical step. Since they gave the ability to patch, why not give the ability to apply workarounds. But Qualys will have a lot of difficulties with this. 🫣

На русском

Tomorrow Qualys will host a major online event about Patch Management

Leave a reply

Tomorrow Qualys will host a major online event about Patch Management

Tomorrow Qualys will host a major online event about Patch Management. They promise to present the “groundbreaking new strategies” of “Patching goes Patchless”. Will they promote immutable infrastructure? Virtual patching? Something else? 🤔 We’ll see.

What else will there be, besides the keynote report by Qualys CEO?

🔹 CIS will talk about when to install patches (and when not to), minimizing disruptions to business.
🔹 Reports by CyberSec companies. InfoSys will tell you how to deal with 80-85% of critical security updates within 4-5 days. Novacoast will throw in a report “your tools don’t work”.
🔹 Client reports by JPMorgan Chase and Signature Aviation employees (judging by their social networks 😉).
🔹 2 product reports by Qualys about improving interaction with IT and “remediation beyond patching”.

The event will start at 9:00 AM PT and will last ~4 hours. I think the keynote and product reports are definitely worth checking out, the rest is optional.

На русском