Archive for Qualys

A New OpenSSH Vulnerability Is Going To Be A Big Deal As It Affects A Whole Lot Of Things

Posted in Commentary with tags on July 2, 2024 by itnerd

It is being reported that a new OpenSSH vulnerability which is currently being tracked as CVE-2024-6387 could impact 14 million internet-facing OpenSSH instances:

The Qualys Threat Research Unit (TRU) discovered this unauthenticated Remote Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. This bug marks the first OpenSSH vulnerability in nearly two decades—an unauthenticated RCE that grants full root access. It affects the default configuration and does not require user interaction, posing a significant exploit risk. 

In Qualys TRU’s analysis, we identified that this vulnerability is a regression of the previously patched vulnerability CVE-2006-5051, reported in 2006. A regression in this context means that a flaw, once fixed, has reappeared in a subsequent software release, typically due to changes or updates that inadvertently reintroduce the issue. This incident highlights the crucial role of thorough regression testing to prevent the reintroduction of known vulnerabilities into the environment. This regression was introduced in October 2020 (OpenSSH 8.5p1).

Rogier Fischer, CEO and Co-Founder at Hadrian Security noted the following:

“While there is currently no proof of concept demonstrating this vulnerability, and it has only been shown to be exploitable under controlled lab conditions, it is plausible that a public exploit for this vulnerability could emerge in the near future. Hence it’s strongly advised to patch this vulnerability before this becomes the case”.

This is correct. Now that this is out there, it’s time to patch all the things. Hadrian has a blog post that goes down the rabbit hole on this vulnerability including mitigation steps.

Leave a comment »

Three Vulnerabilities Have Been Discovered In Game Development Tool RenderDoc

Posted in Commentary with tags on June 7, 2023 by itnerd

Three critical vulnerabilities have been discovered in RenderDoc, a graphics debugger that supports multiple operating systems, including Windows, Linux, Android and Nintendo Switch. As per the findings of cybersecurity specialists from Qualys Threat Research Unit (TRU), a trio of vulnerabilities has been identified, comprising one instance of privilege escalation and two heap-based buffer overflows.

Joe Saunders, CEO, RunSafe Security had this to say:

The gaming industry is exposed to Memory-based attacks that put users at risk just as our critical infrastructure is at risk to similar memory-based exploits. Fixing and patching is a losing game and it takes too long and costs too much money to rewrite code in memory safe languages. Gaming companies should deploy memory based protections by inserting defenses within the code and protect the software even when a patch is not available.

Addressing issues in video games is important because it not only affects the gamer’s experience. But it opens the door to cheaters. Both of which are of course bad. Thus it deserves game companies time and attention.

Leave a comment »

Nuspire Teams with Qualys

Posted in Commentary with tags , on April 21, 2023 by itnerd

Nuspire, a leading managed security services provider (MSSP), today announced it is expanding its partnership with Qualys, a pioneer of disruptive cloud-based IT, security and compliance solutions. Through this partnership, Nuspire will deliver Qualys Patch Management to its managed service clients, who already benefit from the power of its robust offering anchored by Qualys Vulnerability Management, Detection and Response (VMDR), so they can patch operating systems, endpoints and third-party applications.

Patching is a critical process for any organization’s security team. However, it can be cumbersome and tedious, requiring constant monitoring and manual work. As organizations face rising vulnerabilities and cyber threats, automation will become even more critical for maintaining a robust security posture. The efficiency gains provided by automation will allow security teams to remediate vulnerabilities more quickly and effectively.

With Qualys, security teams can leverage vulnerability and threat data in the patching process, in addition to zero-touch automation, which eliminates non-caustic threats across more than 400 applications – e.g., continuously patching Chrome or Windows. Qualys Patch Management simplifies processes, helps companies reduce their attack surface and frees up IT and Security resources to focus on more strategic areas.

The cloud-based service, which Nuspire will market as Vulnerability Patch Management, includes:

  • Patching for various vendors, covering Windows, Linux and Mac operating systems, mobile devices and third-party applications.
  • Remote patching to accommodate dispersed teams without the need for VPN bandwidth.
  • Prioritized and flexible patching based on a client’s individual needs.
  • Phased approach to prevent business interruptions
  • Customized reporting to chart security improvement progress
  • Expert tuning and 24x7x365 monitoring to ensure a client’s business is always protected.

For more information on Nuspire’s Vulnerability Patch Management service, please visit https://www.nuspire.com/services/managed-security/vulnerability-patch-management/.  

Leave a comment »