Qualys @qualys Twitter profile

Last Seen Profiles

@ChorusSarcastic

@APHAAnnualMtg

@Michell44388706

@Erik_Whalen

@ClubBrugge

@TerrenceIsaac1

@alqarni1060

@BHABHORANILKUM5

@Doritada_

@Whatis7777777

@IHKMF0

@zoeSaintBernard

@JILHSOFFICIAL

@hanabelink

@cottonbudfilly

@bolsomiobsesion

@stayhotpod

@Eurovision

@ilykiu

@Chase_mackey5

@Killystein1

@janghoononline

@ysllsy19

@eduardochof19

@KhurramParvez

@GatheringNL

@OSUPublicHealth

@CFL_PR

@DigitaalErfgoed

@keenetrace

@eurospaincom

@nannastarz

@dul_turkporno

@ieatclocks

@mcsoaz

@bencepolgar00

Qualys

@qualys

3 years

The Qualys Research Team has discovered a critical vulnerability in #Sudo , which allows an unprivileged user to gain root privileges in its default configuration. #linux #unix #vulnerability

CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit) | Qualys Security Blog

Update Feb 3, 2021: It has been reported that macOS, AIX, and Solaris are also vulnerable to CVE-2021-3156, and that others may also still be vulnerable. Qualys has not independently verified the…

blog.qualys.com

18

575

758

Qualys

@qualys

3 years

Sequoia: A Local Privilege Escalation Vulnerability in Linux’s Filesystem Layer (CVE-2021-33909): Any unprivileged user can gain root privileges on a vulnerable host by exploiting this vulnerability in a default configuration.

Sequoia: A Local Privilege Escalation Vulnerability in Linux’s Filesystem Layer (CVE-2021-33909) |...

The Qualys Research Team has discovered a size_t-to-int type conversion vulnerability in the Linux Kernel’s filesystem layer affecting most Linux operating systems. Any unprivileged user can gain...

blog.qualys.com

3

170

294

Qualys

@qualys

2 years

The #Qualys Research Team has discovered an easily exploitable memory corruption vulnerability ( #Pwnkit ) in polkit a SUID-root program that allows any unprivileged local user to gain root privileges on all major linux systems in its default configuration:

6

166

280

Qualys

@qualys

3 years

Qualys Research Team discovered 21 severe vulnerabilities in Exim, the mail transfer agent (MTA) responsible for 60% of internet mail traffic. #21Nails could allow a remote attacker to gain full root privileges on the target server & execute commands.

6

154

223

Qualys

@qualys

4 months

#CloudSecurity is a complex landscape, and the challenges of protecting it are unique. Don’t miss this opportunity to hear experts offer their best advice on what security leaders need to know to protect their #cloud assets. #CyberRiskSeries

Home

qualys.brighttalk.com

16

160

Qualys

@qualys

8 years

#OpenSSH vulnerability (CVE-2016-0777 and CVE-2016-0778) full details and exploit:

3

347

166

Qualys

@qualys

7 years

The Stack Clash: vulnerability in memory management of Linux, OpenBSD, NetBSD, FreeBSD and Solaris, on i386 & amd64

The Stack Clash | Qualys Security Blog

The Stack Clash is a vulnerability in the memory management of Linux, OpenBSD, NetBSD, FreeBSD and Solaris, on i386 and amd64. It can be exploited by attackers to corrupt memory and execute arbitrary…

blog.qualys.com

0

187

144

Qualys

@qualys

5 years

System Down Vulnerability: Qualys discloses three locally-exploitable vulnerabilities in systemd-journald, which is in every modern Linux distro

4

98

116

Qualys

@qualys

4 years

Qualys researchers discovered an authentication-bypass vulnerability (CVE-2019-19521) in OpenBSD's authentication system. Special thanks to Theo de Raadt and the OpenBSD developers for a very quick response: they published patches in <40 hours.

5

75

94

Qualys

@qualys

9 years

GHOST remote code execution exploit published:

4

132

78

Qualys

@qualys

7 years

Stack Clash exploits are now available:

Security Advisories | Qualys, Inc.

Vulnerabilities discovered by researchers at Qualys.

www.qualys.com

0

99

73

Qualys

@qualys

2 years

The #Qualys Research Team has discovered Oh Snap! More Lemmings: Local Privilege Escalation vulnerability in snap-confine, a SUID-root program that is installed by default on #Ubuntu . Discover vulnerable Linux servers using Qualys #VMDR :

4

42

70

Qualys

@qualys

10 months

The Qualys Threat Research Unit (TRU) has discovered a remote code execution vulnerability in OpenSSH’s forwarded ssh-agent.

CVE-2023-38408: Remote Code Execution in OpenSSH’s forwarded ssh-agent | Qualys Security Blog

The Qualys Threat Research Unit (TRU) has discovered a remote code execution vulnerability in OpenSSH’s forwarded ssh-agent. This vulnerability allows a remote attacker to potentially execute…

blog.qualys.com

3

35

68

Qualys

@qualys

4 years

Qualys researchers discovered a Local Privilege Escalation in OpenBSD's dynamic loader (). We thank Theo de Raadt and the OpenBSD developers for their incredibly quick response: they published a patch in <3 hours.

2

39

59

Qualys

@qualys

3 years

Exploit for CVE-2021-33909 ( #Sequoia ) is now available after successful testing on vulnerable versions of Ubuntu 20.04, 20.10, 21.04, Debian 11, and Fedora 34 Workstation. See cve-2021-33909-exploit.tar.gz at

1

41

55

Qualys

@qualys

3 years

Qualys Update on Accellion FTA Security Incident

Qualys Update on Accellion FTA Security Incident | Qualys Security Blog

As part of our commitment to keeping customers and the community informed about how we are addressing and resolving the Accellion FTA cyber incident, we are providing the following update to confirm…

blog.qualys.com

1

43

48

Qualys

@qualys

4 months

The Qualys Threat Research Unit (TRU) has recently unearthed four significant vulnerabilities in the #GNU C Library, a cornerstone for countless applications in the #Linux environment. Read more here.

Qualys TRU Discovers Important Vulnerabilities in GNU C Library’s syslog() | Qualys Security Blog

The Qualys Threat Research Unit (TRU) has recently unearthed four significant vulnerabilities in the GNU C Library, a cornerstone for countless applications in the Linux environment.

blog.qualys.com

0

36

44

Qualys

@qualys

1 year

The Qualys Threat Research Unit (TRU) has discovered a new #vulnerability in the snap-confine function on Linux operating systems - (CVE-2022-3328).

Snapd Race Condition Vulnerability in snap-confine’s must_mkdir_and_open_with_perms() (CVE-2022-3...

The Qualys Threat Research Unit (TRU) has discovered a new vulnerability in snap-confine function on Linux operating systems, a SUID-root program installed by default on Ubuntu.

blog.qualys.com

0

19

42

Qualys

@qualys

3 years

The Qualys Research Team is honored to receive five nominations for Pwnie awards across three different categories: Best Privilege Escalation Bug, Best Server-Side Bug, and Most Under-Hyped Research. #BaronSamedit #21Nails #Sequoia

0

14

40

Qualys

@qualys

7 years

Serious privilege escalation bug in Unix OSes imperils servers everywhere #stackclash

0

47

35

Qualys

@qualys

7 years

Get a signed copy of brand new @kevinmitnick Art of Invisibility Qualys booth #RSAC2017 Tues 10:30am

2

14

32

Qualys

@qualys

8 years

Meet Mr. Robot’s Rami Malek at the Qualys booth at #RSAC #RSAC2016 ! Tuesday 3pm.

0

31

32

Qualys

@qualys

8 years

New Release of SSL/TLS Deployment Best Practices

3

35

34

Qualys

@qualys

9 years

Details on the GHOST vulnerability CVE-2015-0235

0

83

32

Qualys

@qualys

5 years

The D in SystemD stands for Dammmit... Security holes found in much-adored Linux toolkit via @theregister

1

10

31

Qualys

@qualys

8 years

Talking about shooting the show. Rami's taking a red-eye to NYC tonight to start shooting season 2!

0

15

28

Qualys

@qualys

4 years

Zoom path traversal into remode code execution vulnerabilities (CVE-2020-6109, CVE-2020-6110). Qualys detections are available, and #zoom has released a patch.

2

10

27

Qualys

@qualys

6 years

Qualys Community Edition now available: A free version of the Qualys Cloud Platform designed for the security community.

0

10

25

Qualys

@qualys

10 years

SSL Labs Test for the #heartbleed Attack @ivanristic

4

54

23

Qualys

@qualys

5 years

Charles Henderson, @angus_tx , global head of IBM X-Force Red, defines and defends the role of hackers in a @nytimes Op-Ed article.

Opinion | Most Hackers Aren’t Criminals (Published 2019)

Professional hackers work to keep people safe by finding security vulnerabilities before criminals do.

www.nytimes.com

0

12

23

Qualys

@qualys

8 years

Mr. Robot’s Rami Malek speaks & signs autographs at Qualys booth at #RSAC2016 #exciting

0

17

24

Qualys

@qualys

5 years

Nice work from @Synacktiv : Scraps of Notes on Exploiting EXIM Vulnerabilities gives an overview on Exim internals from the exploitability point of view and notes on exploiting EXIM vulns along w/ the PoC. @paulfariello @abu_y0ussef

Qualys

@qualys

5 years

Exim mail transfer agent (MTA) critical severity vulnerability. Initial report by 'Zerons' on July 21 with analysis & proof-of-concept exploit by Qualys' research team. via @BleepinComputer

0

2

3

0

20

21

Qualys

@qualys

3 years

@LiveOverflow @LiveOverflow you might be interested in this SecurityWeekly interview with a member of the Qualys Security Research Team - Wheel.

Unearthing a 10-Year Old SUDO Vulnerability - Wheel - PSW #683

“Wheel” was part of the team that discovered the heap overflow vulnerability in SUDO, Baron Samedit (CVE-2021-3156), that impacted major Unix-like operating ...

www.youtube.com

0

4

18

Qualys

@qualys

7 years

Security advisory: Linux PIE/stack Corruption (CVE-2017-1000253)

Security Advisories | Qualys, Inc.

Vulnerabilities discovered by researchers at Qualys.

www.qualys.com

0

30

20

Qualys

@qualys

8 years

Mr. Robot helps raise visibility of security. See #RSAC video interview of @ItsRamiMalek

0

9

17

Qualys

@qualys

3 years

21Nails vulnerabilities impact 60% of the internet's email servers | The Record by Recorded Future via @TheRecord_Media @campuscodi

21Nails vulnerabilities impact 60% of the internet's email servers

The maintainers of the Exim email server software have released updates today to patch a collection of 21 vulnerabilities that can allow threat actors to take over servers using both local and remote...

therecord.media

0

13

19

Qualys

@qualys

7 years

NEW! @ssllabs 1.25.2 shows all certificates discovered while testing a site (usually RSA and ECDSA)! For example:

1

21

18

Qualys

@qualys

3 years

This just in! Qualys’ all-star research team has won the “Most Under-Hyped Research” category at Pwnie Awards 2021, for its 21Nails disclosure! Read more here:

0

5

18

Qualys

@qualys

9 years

OpenSSL Cookbook 2nd Edition released with lots more content: private CA creation, secure server assessment, etc.

0

16

18

Qualys

@qualys

8 years

New PCI DSS v3.2 requirements mean SSL & early TLS will cause PCI Fail starting Nov 1, 2016

0

16

19

Qualys

@qualys

7 years

. @ivanristic signing Bulletproof SSL and TLS at Qualys Private Reception #RSAC2017

0

2

17

Qualys

@qualys

4 years

The partnership between Ivanti and Qualys brings full lifecycle vulnerability management, detection and response into a single platform.

Ivanti and Qualys partner to manage end-point vulnerability outside the firewall - SiliconANGLE

siliconangle.com

0

3

16

Qualys

@qualys

3 years

Check out this heart to heart with Qualys’ CEO, Sumedh Thakar on @ZeroToExit1 . He shares insight into Qualys’ deliberate approach to growth, the cyber industry’s pain points, and solutions that help bridge these gaps. Listen here:

0

9

17

Qualys

@qualys

6 years

@Sekurak Removed. We congratulate @Sekurak on your research.

0

16

Qualys

@qualys

8 years

Autographs & photo op with Rami Malek now at our booth at #RSAC . Come on by.

0

11

17

Qualys

@qualys

4 years

15 years later: Remote Code Execution in qmail (CVE-2005-1513)

Security Advisories | Qualys, Inc.

Vulnerabilities discovered by researchers at Qualys.

www.qualys.com

0

9

16

Qualys

@qualys

3 years

Millions affected by 10-year old bug in a Linux utility that gives root access to *any* local user. Ubuntu, RHEL, Fedora, Amazon Linux unpatched.

Sudo vulnerability gives root: Ubuntu, RHEL, Amazon Linux unpatched.

Full root privileges on Ubuntu 20.04, Debian 10, and Fedora 33 demonstrated.

www.thestack.technology

1

3

15

Qualys

@qualys

3 years

New Linux SUDO flaw lets local users gain root privileges

A now-fixed Sudo vulnerability allowed any local user to gain root privileges on Unix-like operating systems without requiring authentication.

www.bleepingcomputer.com

0

10

15

Qualys

@qualys

1 year

Happy Monday from the newest member of the Qualys family! We're hoping that this week is off to an excellent start! #LifeAtQualys

0

2

15

Qualys

@qualys

6 years

Implementing the @CISecurity 20 Critical Security Controls

0

5

13

Qualys

@qualys

3 years

This just in! Qualys’ all-star research team has won the Pwnie 2021 Awards in the "Best Privileged Escalation Bug" category, for the heap overflow vulnerability in Sudo! #BaronSamedit Read more here:

0

5

15

Qualys

@qualys

8 years

Most measures of SSL implementation correctness moving in right direction (change %s almost all green), if slowly.

1

13

14

Qualys

@qualys

7 years

New in SSL Labs, TLS 1.3 detection in the client test

0

16

13

Qualys

@qualys

8 years

Rami Malek still going strong signing autographs. #RSAC #RSAC2016

0

8

12

Qualys

@qualys

4 years

How to detect and remediate the #OpenBSD #OpenSMTPD remote code execution vulnerability (CVE-2020-7247) discovered by Qualys #rce

OpenBSD OpenSMTPD Remote Code Execution Vulnerability (CVE-2020-7247) | Qualys Security Blog

Qualys Research Labs discovered a vulnerability in OpenBSD’s OpenSMTPD mail server that allows an attacker to execute arbitrary shell commands with elevated privileges.

blog.qualys.com

0

9

13

Qualys

@qualys

6 years

Move-in day at the new Qualys corporate offices in Foster City, CA.

0

2

13

Qualys

@qualys

6 years

Cybercriminals only need to find one way in, but #pentesters have their work cut out for them to block every way in. @angus_tx will illustrate using real stories at his keynote at #qsc18 Meet Charles:

0

6

12

Qualys

@qualys

8 years

And Rami Malek is here! #RSAC

0

6

13

Qualys

@qualys

8 years

It’s Mr. Robot Day at #RSAC . Meet star Rami Malek at the Qualys booth at 3pm today.

3

7

14

Qualys

@qualys

7 years

Closing #QSC17 keynote by Jennifer @granick on surveillance in the digital age

0

1

12

Qualys

@qualys

5 years

New SSL/TLS vulnerabilities: SSL Labs identifies cipher suites using CBC and discourage their usage

Zombie POODLE and GOLDENDOODLE Vulnerabilities | Qualys Security Blog

Recently new vulnerabilities like Zombie POODLE, GOLDENDOODLE, 0-Length OpenSSL and Sleeping POODLE were published for websites that use CBC (Cipher Block Chaining) block cipher modes.

blog.qualys.com

0

13

12

Qualys

@qualys

2 years

Apache Log4j2 Zero-Day Exploited in the Wild (Log4Shell):

1

9

13

Qualys

@qualys

13 years

Testing Web Servers (Apache, nginx, lighttpd & IIS) for Slow HTTP Attacks: http://t.co/jsOdJNIn

0

13

Qualys

@qualys

9 years

Remote detection available for MS15-034, the HTTP.sys remote code execution vulnerability. Full analysis at

1

26

11

Qualys

@qualys

5 years

SSL Labs now gives a warning for supporting TLS 1.0 and TLS 1.1

0

5

12

Qualys

@qualys

4 years

Sumedh Thakar demos Qualys VMDR, including orchestration playbooks that define remediation actions taken on your targets. #QSC20 #London

0

3

12

Qualys

@qualys

7 years

How to Rapidly Identify Assets at Risk to WannaCry Ransomware and ETERNALBLUE Exploit #MS17010

How to Rapidly Identify Assets at Risk to WannaCry Ransomware and ETERNALBLUE Exploit | Qualys...

In what may be the first public weaponizing of April’s Shadow Brokers dump of NSA exploits, a ransomware attack has crippled IT systems globally and disrupted operations at major organizations…

blog.qualys.com

0

6

12

Qualys

@qualys

8 years

Qualys Vulnerability Management Video Series — Updated with all new videos!

0

6

12

Qualys

@qualys

8 years

SSL Labs DROWN Test Implementation Details: How we test it in SSL Labs

0

10

11

Qualys

@qualys

4 years

Introducing Qualys VMDR® – All-in-One Vulnerability Management, Detection, and Response. Visit to Try VMDR for Free. #VMDR #QSC20 #VulnerabilityManagement #Detection #Response

1

11

Qualys

@qualys

6 years

Scanning Strategies & Best Practices: 21 short videos covering topics like host discovery and scanner parallelization. Watch now!

0

4

11

Qualys

@qualys

9 years

Qualys is proud to support Ivan and SSL Labs.

Help Net Security

@helpnetsecurity

9 years

Ivan Ristic and SSL Labs: How one man changed the way we understand SSL - - @ivanristic

2

107

100

0

13

12

Qualys

@qualys

8 years

How to prevent ransomware attacks from affecting you

6 of the best free malware removal tools in 2023

Worried your device is infected? Here are some of the best free malware removal tools at your disposal in 2023

www.itpro.com

0

7

12

Qualys

@qualys

6 years

New Security Advisory: Memory Leak (CVE-2017-1000408) and Buffer Overflow (CVE-2017-1000409) in GNU C Library Dynamic Loader (ld.so)

0

15

11

Qualys

@qualys

2 years

Up next, Qualys CEO, Sumedh Thakar talks #automation in the #digital #journey : “Cybersecurity is a race – either attackers get to your vulnerability first, or you do. What everything comes down to is how do we [cybersecurity professionals] win this race.”

0

10

12

Qualys

@qualys

6 years

The new #Burp extension for Qualys Web Application Scanning imports Burp-discovered issues into Qualys WAS for integrated analysis of manual and automated web app testing data. #webappsec #BurpSuite

Burp Extension for Web App Scanning | Qualys Security Blog

The new Burp extension for Qualys Web Application Scanning imports Burp-discovered issues into Qualys WAS for integrated analysis of manual and automated web app testing data.

blog.qualys.com

0

6

8

Qualys

@qualys

6 years

Visualizing #Spectre / #Meltdown Impact and Remediation Progress #assetview #dashboard

0

9

8

Qualys

@qualys

5 years

Now that #BlueKeep BlueKeep attacks have been observed in the wild, follow these instructions to use Qualys to identify attacks and remediate this vulnerability.

BlueKeep Attacks Observed Months after Initial Release | Qualys Security Blog

The BlueKeep vulnerability, initially released in May 2019, is currently being exploited in the wild. Cybersecurity researchers have spotted initial attacks of Bluekeep RDP vulnerability.

blog.qualys.com

0

3

11

Qualys

@qualys

6 years

Happy Thanksgiving to our customers, partners and friends from the team at Qualys!

0

2

9

Qualys

@qualys

8 years

How Microsoft evaluates the security of hundreds of web apps that come online every year

0

7

10

Qualys

@qualys

3 years

Check out this heart to heart with Qualys’ CEO, Sumedh Thakar on @ZeroToExit1 . He shares insight into Qualys’ deliberate approach to growth, the cyber industry’s pain points, and solutions that help bridge these gaps. Listen here:

0

3

11

Qualys

@qualys

9 years

@_sinn3r We updated the GHOST exploit to make it more reliable. See update at end of blog post:

0

10

Qualys

@qualys

3 years

Qualys Board Names Sumedh Thakar as CEO

0

2

11

Qualys

@qualys

6 years

Qualys acquires 1Mobility assets to bolster enterprise mobile device compliance via @ZDNet & @SecurityCharlie

Qualys acquires 1Mobility assets to bolster enterprise mobile device compliance

Qualys hopes to offer enterprise companies a way to ensure compliance on mobile devices.

www.zdnet.com

0

2

10

Qualys

@qualys

7 years

The exploit code for Linux PIE/stack Corruption (CVE-2017-1000253) is now available:

Security Advisories | Qualys, Inc.

Vulnerabilities discovered by researchers at Qualys.

www.qualys.com

Qualys

@qualys

7 years

Security advisory: Linux PIE/stack Corruption (CVE-2017-1000253)

0

30

20

0

16

11

Qualys

@qualys

6 years

Stop Cryptojacking Browser Attacks with the free Coinblocker Browser plugin!

0

7

10

Qualys

@qualys

2 years

Kicking off our #QSC2021 keynote series with former @CISAgov director, @C_C_Krebs . It is an honor for Qualys to provide a space for industry veterans to share insights with peers on how to defend against today's bad actors.

6

5

10

Qualys

@qualys

5 years

Windows RDP Remote Code Execution Vulnerability ( #BlueKeep ) – How to Detect and Patch #PatchTuesday

0

12

11

Qualys

@qualys

9 years

SSL Labs: Increased Penalty When TLS 1.2 Is Not Supported

0

16

10

Qualys

@qualys

8 years

"On this show [Mr. Robot], all the coding is accurate," says @RamiMalekOnline . See video from #RSAC .

Rami Malek Interview & Mr. Robot Secrets At RSA 2016

Rami Malek is the star of Mr. Robot- A USA series about the life of a hacker creating massive turbulence in the modern world. Here at RSA 2016- Rami appears ...

www.youtube.com

1

5

9

Qualys

@qualys

6 years

Security News: British Airways hack, app takedowns at the Mac App Store, data breach at a Chinese hotel chain, and an unpatched Windows zero-day exploited in the wild

0

8

11

Qualys

@qualys

5 years

Happy Diwali from Qualys!

0

11

Qualys

@qualys

6 years

Qualys Takes Its Cloud Platform to the Next Level with Native Integration of Real-Time Network Analysis

1

3

10

Qualys

@qualys

5 years

Watch Hacker Stories: Turning Use Cases Into Abuse Cases, and gain insights into how to protect your infrastructure. Presentation by Charles Henderson @angus_tx , global head of IBM @XForceRed , only at #QSC19 Las Vegas next week. Last chance to register!

0

2

9

Qualys

@qualys

2 years

Going to Blackhat USA? Stop by booth #1320 to learn about consolidating your security stack onto a single platform. With Qualys, you'll worry less, automate, detect and remediate more. More information at #BlackhatUSA

0

12

9

Qualys

@qualys

6 years

Qualys VP Chris Carlson explains why organizations need to build security into the DevOps pipeline instead of bolting it on after the fact. via @ZDNet & @joemckendrick

0

1

9

Qualys

@qualys

7 years

WannaCry Déjà Vu: Petya Ransomware Outbreak Wreaking Havoc Across the Globe

0

6

9

Qualys

@qualys

6 years

Organizations need a tool that automates web application scanning tasks, because manual testing, while effective, requires a large and specially-trained staff, making it too costly and difficult to scale.

0

2

8

Qualys

@qualys

6 years

After #Spectre & #Meltdown patches, the focus for workstation environments should be on fixing Outlook vulnerability CVE-2018-0793 & Word flaw CVE-2018-0794, said Qualys director of product management, Jimmy Graham.

0

4

7

Qualys

@qualys

7 years

Opening keynote at #BHUSA

0

4

10