Qualys Blog

On Wednesday, July 3, 2024 at 2:45 AM EDT Qualys identified suspicious spam content posted to the Qualys blog.

Qualys conducted an investigation to identify any compromise and/or impact due to this unauthorized spam blog post and found no indication that the incident had any impact on customer data, our production environment, nor was any data exfiltrated from Qualys. A standalone WordPress account was compromised, leading to the spam blog being posted. The impacted account was hosted by a third-party site and is not connected to any Qualys sensitive data and/or production systems.

Due to several architectural and multi-layered security controls that are in place, there is no impact on Qualys production environments (shared platforms and private platforms), codebase, customer data hosted on the Qualys Cloud Platform, Qualys Agents or Scanners. All Qualys platforms continue to be fully functional and operating normally.

As is our standard practice in instances such as this, Qualys immediately performed all appropriate steps as prescribed in the US Department of Homeland Security (DHS) CISA's emergency directive 21-01, as well as all necessary measures in CISA's supplementary guidance. Actions have been taken to fully remediate and harden against such incidents in the future. Qualys continues to monitor and manage any threats going forth.

Related