Monday, June 27, 2022
CybersecFill
Advertisement
  • Home
  • Events
  • News
  • security tips
  • Article
  • Contact Us
No Result
View All Result
  • Home
  • Events
  • News
  • security tips
  • Article
  • Contact Us
No Result
View All Result
CybersecFill
No Result
View All Result
Home News

Cybersecurity Giant Qualys breached!!!

Henrietta Ijenebe by Henrietta Ijenebe
March 17, 2021
in News
0
Cybersecurity Giant Qualys breached!!!

ImageSource:https://www.telegraminsider.com

Share on FacebookShare on Twitter

Founded in 1999, Qualys was the first company to deliver vulnerability management solutions as applications through the web using a ” software as a service ” (SaaS) model, and as of 2013 Gartner Group for the fifth time gave Qualys a “Strong Positive” rating for these services.

The data breach occurred in December 2020, shortly before Accellion provided a hotfix on December 21 and Qualys IT team applied it on December 22. However, on December 24, the company received an integrity alert, indicating that hackers had already exploited the zero-day vulnerability.

A set of cybercriminals behind a string of recent hacks involving Accellion-made software is now claiming responsibility for a breach of Qualys, a major cloud computing security vendor. Accellion File Transfer Appliance (FTA) is enterprise-grade software used for file transfers.

As proof of the access to data, and extortion site maintained by hackers has leaked documents claiming to contain information on Qualys customers. Attackers affiliated with the extortion site have previously been linked to the Clop ransomware, a file-locking malware that emerged two years ago. This month, thieves claimed responsibility for a series of incidents that have relied on data leaks, rather than ransomware, as an extortion tactic, according to security firm FireEye.

With some 19,000 clients, including major financial firms like Capital One and Experian, Qualys represents an attractive target for extortionists keen on making sensitive data public.

In a statement Wednesday evening, Qualys CISO Ben Carr said the attackers had accessed files hosted on an Accellion server. Qualys “notified the limited number of customers impacted by this unauthorized access,” Carr said, adding that the incident hadn’t affected “Qualys production environments, codebase or customer data hosted on the Qualys Cloud Platform.” Carr did not specify which hackers were responsible.

Qualys has hired Mandiant, the incident response arm of security firm FireEye, to respond to the breach, a Mandiant spokesperson said.
Qualys’ cloud platform ingests data from across an organization to provide cyber threat alerts. The firm, which reported $363 million in revenue last year, also counts technology giants Cisco and Microsoft as customers.

The incident follows a disclosure last month from Accellion, another big software vendor, that a criminal hacking group had exploited multiple vulnerabilities in one of its legacy products. Breaches linked to the Accellion flaws have hit a diverse set of victims, from Canadian plane-maker Bombardier to the grocery chain Kroger.

The Accellion incident is only the latest example of cybercriminal groups seeking out key IT providers with a raft of powerful customers for extortion. The hackers behind another strain of ransomware, Maze, claimed responsibility for breaches at two multibillion-dollar IT services firms last year, Cognizant and Conduent.

The Financial Services Information Sharing and Analysis Center (FS-ISAC), a clearinghouse for financial threat information whose members include big banks, said Wednesday that it keeps a close eye on the “third-party risk” that might arise from a breach like that of Qualys.

“FS-ISAC encourages all financial institutions to follow published procedures to assess and maintain the security of their systems and to continually monitor for signs of any anomalous activity,” the analysis center said in a statement.

Tags: cloud securityFinancial ServicesIncident responseQualys
Henrietta Ijenebe

Henrietta Ijenebe

Another Breed striving to make our cyber.space a better state of existence. CyberContent Writer at Cybersecfill. Cybersecurity Threat Intelligence Analysis... Penetration Testing... I code in Javascript...Python...PHP I convey with HTML I beautify with CSS

Next Post
10 Latest (MOST DANGEROUS) Virus & Malware Threats in 2021

10 Latest (MOST DANGEROUS) Virus & Malware Threats in 2021

0 0 votes
Article Rating
Login
guest
guest
0 Comments
Inline Feedbacks
View all comments
  • Trending
  • Comments
  • Latest
CEH_PRACTICAL

CEH PRACTICAL EXAM – TICKET TO CEH MASTER

February 6, 2021
Wireless Access Point

How To Secure Your Wireless Access Point (WAP)

August 3, 2019
Wifi 6 Security

Did Wi-Fi 6 come with an Improvement In Security?

May 13, 2019
credit card cloning

How Credit/Debit Cards are Cloned / Preventing Card Cloning

December 26, 2019
Nationa Cybersecurity Strategy

A Review of the Nigeria National Cybersecurity Strategy

9
Facebook

Facebook’s New Settings Allows Hackers To Easily Pentest Facebook,Instagram Mobile Applications

8
Cybersecurity Jobs

Cybersecurity Jobs – You can create your own Cybersecurity Role

4
open Source intelligence tools

Open Source Intelligence tools – OSINT

4
Suspected Head of Cybercrime Gang Arrested in Nigeria…

Suspected Head of Cybercrime Gang Arrested in Nigeria…

June 17, 2022
Types of Hackers and Hacking Protection Tips….

Types of Hackers and Hacking Protection Tips….

June 6, 2022
Types of Hackers and Hacking Protection Tips…

Types of Hackers and Hacking Protection Tips…

May 31, 2022
Sports Betting…Increase in Cybersecurity and Data Privacy Risks for Companies and Consumers.

Sports Betting…Increase in Cybersecurity and Data Privacy Risks for Companies and Consumers.

May 19, 2022

Recommended

Suspected Head of Cybercrime Gang Arrested in Nigeria…

Suspected Head of Cybercrime Gang Arrested in Nigeria…

June 17, 2022
Types of Hackers and Hacking Protection Tips….

Types of Hackers and Hacking Protection Tips….

June 6, 2022
Types of Hackers and Hacking Protection Tips…

Types of Hackers and Hacking Protection Tips…

May 31, 2022
Sports Betting…Increase in Cybersecurity and Data Privacy Risks for Companies and Consumers.

Sports Betting…Increase in Cybersecurity and Data Privacy Risks for Companies and Consumers.

May 19, 2022

© 2020 CybersecFill. All Rights Reserved.

No Result
View All Result
  • Home
  • Events
  • News
  • security tips
  • Article
  • Contact Us

© 2020 CybersecFill. All Rights Reserved.

wpDiscuz
0
0
Would love your thoughts, please comment.x
()
x
| Reply

Privacy Policy - Terms and Conditions