Qualys

Cisco warns of actively exploited zero-day in IOS XE software

Threats and Risks

Cisco warns of actively exploited zero-day in IOS XE software

No patch yet so disable web UI on affected devices

clock 17 October 2023 • 2 min read
Tricks of the trade: Securing cloud-first at Kingfisher

Cloud and Infrastructure

Tricks of the trade: Securing cloud-first at Kingfisher

Keeping development and cloud teams within the security guardrails takes a bit of know-how, says security lead John Day

clock 25 May 2023 • 5 min read
New generation of CISOs is more engineering oriented, less about compliance - Qualys CEO

Security Technology

New generation of CISOs is more engineering oriented, less about compliance - Qualys CEO

The imperatives of digital mean that security is now about quantifying and managing risk, rather than regulatory compliance, says Sumedh Thakar

clock 19 May 2023 • 4 min read
NCSC Cyber Essentials to be offered free to some small organisations

Security Technology

NCSC Cyber Essentials to be offered free to some small organisations

Funded Cyber Essentials Programme will be free for some small charities and legal groups that handle sensitive data

clock 10 January 2023 • 2 min read
After Log4J US lawmakers rush to secure open source software

Open Source

After Log4J US lawmakers rush to secure open source software

The bipartisan Securing Open Source Software Act is a positive development for open source software everywhere

clock 10 October 2022 • 5 min read
PwnKit Linux bug lets an unprivileged user gain full root privileges

Threats and Risks

PwnKit Linux bug lets an unprivileged user gain full root privileges

The 12-year-old flaw exists in the pkexec component of Polkit system utility

clock 27 January 2022 • 3 min read
Is it time for open source to be treated as a public good?

Open Source

Is it time for open source to be treated as a public good?

Open source is everywhere, including critical infrastructure. Should governments be playing more of a role in its governance?

clock 21 January 2022 • 6 min read
Securing NHS Trusts: what cyber solutions should be prioritised?

Security Technology

Securing NHS Trusts: what cyber solutions should be prioritised?

Four security vendors give their view on staffing issues, zero trust and threat intelligence

clock 15 December 2021 • 5 min read
What to make of the new 2021 OWASP Top 10 vulnerability rankings? The industry comments

Threats and Risks

What to make of the new 2021 OWASP Top 10 vulnerability rankings? The industry comments

This year's Open Web Application Security Project list is out, with novel categories and a new number one

clock 18 October 2021 • 7 min read
Software supply chains and security - will the Software Bill of Materials approach work?

Security

Software supply chains and security - will the Software Bill of Materials approach work?

SBOMs are now law in the US, but it will be a challenge to make them work

clock 03 August 2021 • 5 min read