Platform
OVERVIEW

Enterprise TruRisk Platform

Everything you need to measure, manage, and reduce your cyber risk in one place

CAPABILITIES

All

Asset Management

Vulnerability & Configuration Management

Risk Remediation

Threat Detection & Response

Compliance

Cloud Security

PLATFORM APPS

ASSET MANAGEMENT

CyberSecurity Asset Management (CSAM)
See entire attack surface, continuously maintain your CMDB, and track EOL/EOS software

External Attack Surface Management (EASM) - New
Gain an attacker’s view of your external internet-facing assets and unauthorized software

Vulnerability & Configuration Management

Vulnerability Management, Detection & Response (VMDR) - Most Popular
Discover, assess, prioritize, and patch critical vulnerabilities up to 50% faster

Enterprise TruRisk Management (ETM) - New
Consolidate & translate security & vulnerability findings from 3rd party tools

Web App Scanning (WAS)
Automate scanning in CI/CD environments with shift left DAST testing

Cloud Workload Protection (CWP)
Detect, prioritize, and remediate vulnerabilities in your cloud environment

Risk REMEDIATION

Patch Management (PM)
Efficiently remediate vulnerabilities and patch systems

Custom Assessment and Remediation (CAR)
Quickly create custom scripts and controls for faster, more automated remediation

Threat Detection and Response

Multi-Vector EDR
Advanced endpoint threat protection, improved threat context, and alert prioritization

Context XDR
Extend detection and response beyond the endpoint to the enterprise

Compliance

Policy Compliance
Reduce risk, and comply with internal policies and external regulations with ease

File Integrity Monitoring (FIM)
Reduce alert noise and safeguard files from nefarious actors and cyber threats

Cloud Security

TotalCloud (CNAPP)
Cloud-Native Application Protection Platform (CNAPP) for multi-cloud environment.

Cloud Security Posture Management (CSPM)
Continuously discover, monitor, and analyze your cloud assets for misconfigurations and non-standard deployments.

Infrastructure as Code Security (IaC)
Detect and remediate security issues within IaC templates

SaaS Security Posture Management (SSPM) - New
Manage your security posture and risk across your entire SaaS application stack

Cloud Workload Protection (CWP)
Detect, prioritize, and remediate vulnerabilities in your cloud environment

Cloud Detection and Response (CDR)
Continuous real-time protection of the multi-cloud environment against active exploitation, malware, and unknown threats.

Container Security (CS)
Discover, track, and continuously secure containers – from build to runtime
Solutions
Use Cases

Endpoint Security

Compliance

PCI Compliance

DORA Compliance

Cloud Security

Application Security

DevOps

Threat Protection

NIS2

Zero-Trust Security

Segments

Small Business

Mid-Sized Business

Enterprise

Federal
Resources
RESOURCES

Resources Library

Product Tours

Blog

Webinars

Qualys Stream

Fundamentals

RESEARCH

Threat Research Unit

Security Alerts

Security Advisories
Support
SUPPORT
More
Customers

Overview

Best Practices

Success Stories

Testimonials
Partners

Overview

Partner Program

VAD Partners

VAR Resellers

MSP/MSSP Partners

Integration Partners

Partner FAQs

Find a Partner
Company

About Us

Our Team

Investor Relations

News

Awards

Events

Careers

Community
- Overview
- Discuss
- Blog
- Training
- Docs
- Resources
Login
What’s my platform?
Contact us
Contact us below to request a quote, or for any product-related questions
Create Account. It’s Free!
Try PM for free
Try VMDR for free
Try VMDR TruRisk for free
Try CS for free
Sign up for TotalCloud
Sign up for CDR
Try CSAM for free
Try PCI for free
Try DORA for free
Try Policy Compliance for free
Try VMDR for Mobile Devices
Try SaaSDR for free
Try Multi-Vector EDR for Free
Try CAR for Free
Request a Demo
Try it
Enterprise TruRisk Platform
- Cloud Platform - Free Trial
Free Services

Try it

Overview
Platform Apps
Vulnerability Management, Detection & Response (VMDR) - Most Popular
Discover, assess, prioritize, and patch critical vulnerabilities up to 50% faster
Enterprise TruRisk Management (ETM) - New
Consolidate & translate security & vulnerability findings from 3rd party tools
Container Security (CS)
Discover, track, and continuously secure containers – from build to runtime
Cloud Workload Protection (CWP)
Detect, prioritize, and remediate vulnerabilities in your cloud environment
Web App Scanning (WAS)
Automate scanning in CI/CD environments with shift left DAST testing

Overview
Platform Apps
TotalCloud (CNAPP)
Cloud-Native Application Protection Platform (CNAPP) for multi-cloud environment.
Cloud Security Posture Management (CSPM)
Continuously discover, monitor, and analyze your cloud assets for misconfigurations and non-standard deployments.
Infrastructure as Code Security (IaC)
Detect and remediate security issues within IaC templates
SaaS Security Posture Management (SSPM) - New
Manage your security posture and risk across your entire SaaS application stack
Cloud Workload Protection (CWP)
Detect, prioritize, and remediate vulnerabilities in your cloud environment
Cloud Detection and Response (CDR)
Continuous real-time protection of the multi-cloud environment against active exploitation, malware, and unknown threats.
Container Security (CS)
Discover, track, and continuously secure containers – from build to runtime

@RISK Newsletter for July 26, 2012

The consensus security vulnerability alert.

Vol. 12, Num. 30

This is a weekly newsletter that provides in-depth analysis of the latest vulnerabilities with straightforward remediation advice. Qualys supplies a large part of the newly-discovered vulnerability content used in this newsletter.

Archived issues may be found at the SANS @RISK Newletter Archive.

TOP VULNERABILITY THIS WEEK: A trivially exploitable remote root

vulnerability exists in the Kindle Touch built-in browser. Based on
its support for the NPAPI, commands can be injected with root-level
privileges with no authentication, simply by visiting a web page.
Exploits are presumed to already exist in the wild.

NOTABLE RECENT SECURITY ISSUES SELECTED BY THE SOURCEFIRE VULNERABILITY RESEARCH TEAM:

Title: Remote Root Exploit in Kindle Touch
Description: The built-in browser for the Kindle Touch integrates
support for the Netscape Plugin API, a modern cross-browser scripting
language. Unfortunately, it is implemented in such a way that it allows
injection of commands into the browser with root privileges. While the
API is poorly documented, and few public details about exploitation
currently exist in the wild, exploits will be trivial to write and
should be presumed to exist at this point.
Reference:
http://vrt-blog.snort.org/2012/07/dont-panic.html
http://www.mobileread.com/forums/showthread.php?t=175368
Snort SID: 23616, 23617
ClamAV: N/A

Title: Arbitrary Remote File Upload in Wordpress Invit0r Plugin
Description: The WordPress Invit0r plugin, which can be used to invite
Yahoo contacts to visit your blog, has an arbitrary remote file include
vulnerability. While it has been pulled from the official Wordpress
plugins site, multiple public exploits exist and are being actively used
in the wild. While this particular plugin is not especially notable, it
highlights the ongoing challenge of securing Wordpress and other CMS
systems, and the dangers created by such sites being exploited and used
to host malware.
Reference:
http://packetstormsecurity.org/files/113639/WordPress-Invit0r-0.22-Shell-Upload.html
Snort SID: 23484, 23485
ClamAV: N/A

Title: ZeroAccess Trojan Continues To Spread
Description: The ZeroAccess trojan/rootkit, a particularly nasty piece
of malware that was first discovered in the wild in early 2012, is today
considered by some to be one of the top threats to end-users in the
wild. The Sourcefire VRT has been following this malware recently, and
has new signatures for command-and-control traffic generated by infected
systems. As this malware has been known to cause users to exceed
bandwidth caps and be charged by their ISP directly, users both
corporate and private are encouraged to check their systems for signs
of infection regularly.
Reference:
http://threatpost.com/en_us/blogs/report-bandwith-burning-malware-among-biggest-consumer-threats-071912
https://www.virustotal.com/file/50cdd9f6c5629630c8d8a3a4fe7d929d3c6463b2f9407d9a90703047e7db7ff9/analysis/
Snort SID: 23492, 23493
ClamAV: Trojan.ZeroAccess-1 - Trojan.ZeroAccess-693

Title: Use of XML Templates To Embed Malware In PDFs
Description: The Sourcefire VRT has received multiple reports of
malicious PDFs being distributed in the wild that embed their malicious
content inside of an XML tempalte within the PDF. After extensive
testing across thousands of PDF files, both malicious and benign, the
VRT has determined that the number of legitimate uses of this
functionality in the field today is so low that detection of such
documents generically is a useful way to detect new malware variants.
As always, users are highly encouraged to keep their PDF parsing
applications up-to-date at all times.
Reference:
http://www.thebaskins.com/main/component/content/article/15-work/58-malicious-pdf-analysis-reverse-code-obfuscation
https://www.virustotal.com/file/ECA91825CA5CF6D8C06815CB471A0968F540878121CB13F971FD45C3EA3EBBAC/analysis/
Snort SID: 23612
ClamAV: Exploit.PDF.Dropped-21, Exploit-JS.10

USEFUL EXPLANATIONS OF HOW NEW ATTACKS WORK

Inside VirusTotal’s pants: VirusTotal += Behavioural Information
http://blog.virustotal.com/2012/07/virustotal-behavioural-information.html

DoItQuick: Fast Domains for Dirty Deeds - Krebs on Security
http://krebsonsecurity.com/2012/07/service-secures-domains-for-black-deeds/

New contact-stealing Android malware found in wild:
http://www.zdnet.com/new-contacts-stealing-android-malware-spotted-in-the-wild-7000001296/

Calling all elite security experts: be among the first malware domain taggers:
http://blog.opendns.com/2012/07/19/calling-all-elite-security-experts-apply-to-be-among-the-first-malware-domain-taggers/

How to root the Google Nexus 7:
http://liliputing.com/2012/07/how-to-root-the-google-nexus-7-unlock-the-bootloader-install-custom-recovery.html

Russian hacker battles Apple to keep in-app purchase exploit alive:
http://www.bgr.com/2012/07/18/app-store-hack-in-app-purchases-apple-exploit/

Online dating scam currently circulating in the wild:
http://blog.webroot.com/2012/07/16/online-dating-scam-campaign-currently-circulating-in-the-wild/

Looking at mutex objects for malware discovery and indicators of compromise:
http://computer-forensics.sans.org/blog/2012/07/24/mutex-for-malware-discovery-and-iocs

RECENT VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE COMPILED BY THE QUALYS VULNERABILITY RESEARCH TEAM

This is a list of recent vulnerabilities for which exploits are
available. System administrators can use this list to help in
prioritization of their remediation activities. The Qualys Vulnerability
Research Team compiles this information based on various exploit
frameworks, exploit databases, exploit kits and monitoring of internet
activity.

ID: : CVE-2012-2974
Title: SMC SMC8024L2 Switch Web Interface Authentication Bypass
Vendor: SMC Networks
Description: The web interface on the SMC SMC8024L2 switch allows remote
attackers to bypass authentication and obtain administrative access via
a direct request to a .html file under (1) status/, (2) system/, (3)
ports/, (4) trunks/, (5) vlans/, (6) qos/, (7) rstp/, (8) dot1x/, (9)
security/, (10) igmps/, or (11) snmp/.
CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

ID: : CVE-2012-2957
Title: Symantec Web Gateway 5.0.3.18 LFI Remote ROOT RCE Exploit
Vendor: Symantec
Description: The management console in Symantec Web Gateway 5.0.x before
5.0.3.18 allows local users to gain privileges by modifying files,
related to a “file inclusion” issue.
CVSS v2 Base Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)

ID: CVE-2012-0663
Title: Apple QuickTime TeXML Buffer Overflow Vulnerability
Vendor: Apple
Description: Multiple stack-based buffer overflows in Apple QuickTime
before 7.7.2 on Windows allow remote attackers to execute arbitrary code
or cause a denial of service (application crash) via a crafted TeXML
file.
CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

ID: CVE-2012-0664
Title: Apple QuickTime Heap Based Buffer Overflow Vulnerability
Vendor: Apple
Description: Heap-based buffer overflow in Apple QuickTime before 7.7.2
on Windows allows remote attackers to execute arbitrary code or cause a
denial of service (application crash) via a crafted text track in a
movie file.
CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

ID: CVE-2012-1723
Title: Oracle Java SE Remote Code Execution Vulnerability / Blackhole Exploit Kit
Vendor: Oracle
Description: Unspecified vulnerability in the Java Runtime Environment
(JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32
and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows
remote attackers to affect confidentiality, integrity, and availability
via unknown vectors related to Hotspot.
CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

MOST PREVALENT MALWARE FILES 7/17/2012 - 7/24/2012: COMPILED BY SOURCEFIRE

SHA 256: 9A09BCC1402050E371E13056B606BBDE8DF15CD87732B28C8BDDB863B1C65302
MD5: 923c4d13bee966654f4fe4a8945af0ae
VirusTotal: https://www.virustotal.com/file/9A09BCC1402050E371E13056B606BBDE8DF15CD87732B28C8BDDB863B1C65302/analysis/
Malwr: http://malwr.com/analysis/923c4d13bee966654f4fe4a8945af0ae

Typical Filename:
Claimed Product: -
Claimed Publisher: -

SHA 256: AA0BBAECB678868E1E7F57C7CA9D61B608B3D788BE490790EB1D148BEADF4615
MD5: 3291e1603715c47a23b60a8bf2ca73db
VirusTotal: https://www.virustotal.com/file/AA0BBAECB678868E1E7F57C7CA9D61B608B3D788BE490790EB1D148BEADF4615/analysis/
Malwr: http://malwr.com/analysis/3291e1603715c47a23b60a8bf2ca73db

Typical Filename: 01.tmp
Claimed Product: -
Claimed Publisher: -

SHA 256: 358289754D01E20D564E39D79124AFA9BED4D35B3BC22F4E09210EC75E6461B2
MD5: b94b0c0efb6f33bddd2f16907a3a9cd1
VirusTotal: https://www.virustotal.com/file/358289754D01E20D564E39D79124AFA9BED4D35B3BC22F4E09210EC75E6461B2/analysis/
Malwr: http://malwr.com/analysis/b94b0c0efb6f33bddd2f16907a3a9cd1

Typical Filename: -
Claimed Product: Firefox
Claimed Publisher: Mozilla

SHA 256: E0B193D47609C9622AA018E81DA69C24B921F2BA682F3E18646A0D09EC63AC2B
MD5: bf31a8d79f704f488e3dbcb6eea3b3e3
VirusTotal: https://www.virustotal.com/file/E0B193D47609C9622AA018E81DA69C24B921F2BA682F3E18646A0D09EC63AC2B /analysis/
Malwr: http://malwr.com/analysis/bf31a8d79f704f488e3dbcb6eea3b3e3

Typical Filename: -
Claimed Product: -
Claimed Publisher: -

SHA 256: D1857A4F3F2739FB64257A53D67F82800755ED4F4019DF760E5400DDAC42EFFA
MD5: 6d5483da06cb7b45f205c51d87eb6d1a
VirusTotal: https://www.virustotal.com/file/D1857A4F3F2739FB64257A53D67F82800755ED4F4019DF760E5400DDAC42EFFA/analysis/
Malwr: http://malwr.com/analysis/6d5483da06cb7b45f205c51d87eb6d1a

Typical Filename: -
Claimed Product: -
Claimed Publisher: -

Subscribe to the newsletter

OVERVIEW

CAPABILITIES

PLATFORM APPS

ASSET MANAGEMENT

Vulnerability & Configuration Management

Risk REMEDIATION

Threat Detection and Response

Compliance

Cloud Security

Use Cases

Segments

RESOURCES

RESEARCH

Customers

Partners

Company

Overview

CAPABILITIES

Platform Apps

Use Cases

Segments

Resources

Research

Enterprise TruRisk Platform

Free Services

Platform Apps

Platform Apps

Platform Apps

Platform Apps

Platform Apps

Platform Apps

@RISK Newsletter for July 26, 2012

The consensus security vulnerability alert.

CONTENTS:

TOP VULNERABILITY THIS WEEK: A trivially exploitable remote root

NOTABLE RECENT SECURITY ISSUES SELECTED BY THE SOURCEFIRE VULNERABILITY RESEARCH TEAM:

USEFUL EXPLANATIONS OF HOW NEW ATTACKS WORK

RECENT VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE COMPILED BY THE QUALYS VULNERABILITY RESEARCH TEAM

MOST PREVALENT MALWARE FILES 7/17/2012 - 7/24/2012: COMPILED BY SOURCEFIRE