FOSTER CITY, Calif.,
Aug. 5, 2021 /PRNewswire/ -- Qualys,
Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud-based
security and compliance solutions, today announced that its
renowned research team won two Pwnie Awards at Black Hat
USA 2021: Best Privilege
Escalation Bug for CVE-2021-3156: Heap-Based Buffer Overflow in Sudo
(Baron Samedit), and Most Under-Hyped Research for
21Nails. These awards honor the team for its cutting-edge research,
discovery and responsible disclosure of new and critical
vulnerabilities in popular software applications.
In a world where bad actors are becoming increasingly
sophisticated, and almost weekly, discover and exploit
vulnerabilities in widely used programs – research teams serve an
incredibly vital purpose in protecting IT infrastructure and
critical data. Qualys is committed to enabling its research team to
conduct state-of-the-art research and identify vulnerabilities in
popular applications before attackers find and maliciously exploit
them.
The critical disclosures behind the award wins:
- Best Privilege Escalation Bug: Heap-based buffer
overflow in Sudo (Baron Samedit) is a heap-based buffer
overflow vulnerability discovered in Sudo, a ubiquitous Unix
program, exploitable by any local user, without
authentication.
- Most Under-Hyped Research: 21Nails were
multiple critical vulnerabilities discovered in the Exim mail
server, some of which can be chained together to obtain full remote
unauthenticated code execution and gain root privileges.
The discovery of these vulnerabilities results from extremely
thorough source code audits of each of these applications over a
period of multiple months. These vulnerabilities were exceedingly
difficult to find and, in some cases, deemed unexploitable.
However, the Qualys Research Team was able to prove that these
vulnerabilities were indeed exploitable and provide patches for
them. Simultaneously, Qualys was able to prove that these
vulnerabilities have been lurking in the code base for
decades – adding to the disclosures' levels of
significance.
"Day in and day, out cybercriminals launch sophisticated attacks
to discover assets connecting to your environment and exploit your
ever-increasing attack surface. Defending against such attacks is
what drives the Qualys Research Team," said Mehul Revankar, vice president of Product
Management & Engineering, VMDR at Qualys. "As part of our
research process, we routinely investigate weaknesses in software
packages that could lead to a compromise and responsibly disclose
them to vendors to quickly resolve them; all to allow customers and
any affected organization to mitigate threats and prioritize and
facilitate an effective response."
"Security research is in our DNA. Qualys recognizes the
criticality of this program and prioritizes conducting research to
find vulnerabilities before attackers do," said Sumedh Thakar, president and CEO of Qualys. "We
are honored to have received five Pwnie award nominations this year
and thrilled to win in the Best Privileged Escalation and Most
Under-Hyped Research categories."
About the Pwnie Awards 2021
The Pwnie Awards are an annual recognition celebrating the
achievements of security researchers and the security community.
Nominations are taken from the security community at large, and a
panel of respected security researchers reviewed the Active
Nominations and announced winners in each category
at Black Hat USA 2021.
The Qualys Research Team
The Qualys Research team
engages in innovative vulnerability research helping customers
discover and remediate critical vulnerabilities across their
digital infrastructure. Qualys has multiple open positions within
its research team. If you are a security researcher looking for new
opportunities, we invite you to apply to open research and
engineering positions worldwide.
Additional Resources
- To learn more about The Qualys Research Team's work, visit
qualys.com/research/security-advisories
- Read about the Qualys Pwnie Award 2021 win blog
- Follow Qualys on LinkedIn and Twitter
About Qualys
Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider
of disruptive cloud-based IT, security and compliance solutions
with over 19,000 active customers in more than 130 countries,
including a majority of each of the Forbes Global 100 and Fortune
100. Qualys helps organizations streamline and consolidate their
security and compliance solutions in a single platform and build
security into digital transformation initiatives for greater
agility, better business outcomes, and substantial cost
savings.
The Qualys Cloud Platform and its integrated Cloud Apps deliver
businesses critical security intelligence continuously, enabling
them to automate the full spectrum of auditing, compliance, and
protection for IT systems and web applications across on premises,
endpoints, cloud, containers, and mobile environments. Founded in
1999 as one of the first SaaS security companies, Qualys has
established strategic partnerships with leading cloud providers
like Amazon Web Services, Microsoft Azure and the Google Cloud
Platform, and managed service providers and consulting
organizations including Accenture, BT, Cognizant Technology
Solutions, Deutsche Telekom, DXC Technology, Fujitsu, HCL
Technologies, IBM, Infosys, NTT, Optiv, SecureWorks, Tata
Communications, Verizon and Wipro. The company is also a founding
member of the Cloud Security Alliance. For more information, please
visit www.qualys.com.
Qualys and the Qualys logo are proprietary trademarks of
Qualys, Inc. All other products or names may be trademarks of their
respective companies.
Media Contact:
Jackie Dutton
Qualys
media@qualys.com
View original content to download
multimedia:https://www.prnewswire.com/news-releases/qualys-wins-two-pwnie-awards---best-privileged-escalation-bug-and-most-under-hyped-research-301349890.html
SOURCE Qualys, Inc.