[German]Brief information about Qualys, a technology company offering cloud security and compliance services. The question arises as to whether their blog may have been hacked. Because there is currently an entry in Cyrillic advertising "Banknotes in the online casino". I find this a bit strange and would at least like to have it mentioned, so I took a closer look.
Who is Qualys?
Qualys, Inc. is an American technology company founded in 1999 and headquartered in Foster City, California, that specializes in cloud security, compliance and related services. Qualys has over 10,300 customers in more than 130 countries and generates approximately half a billion dollars in revenue. The Qualys website can be found here.
Strange blog post(s)
German blog reader Frank R. contacted me by e-mail this morning and asked whether the Qualys blog had been hacked. The reason for this suspicion is that Frank subscribes to the Qualys RSS feed and noticed a blog post there that was worthy of several comments, even though the employees blog in English throughout.
The above text is written in Cyrillic and deals with income from online casinos that can be monetized. It doesn't fit in at all with the topics covered in Qualys' blog. I wasn't aware of any hack, and a quick search only brings up this Russian article, which refers to a hack from 2021. But the Qualys blog shows a strange picture when you visit it today (July 3, 2024):
All posts except one are in English, only the post by Gautam Nandane is suddenly in Russian, as you can see under his profile.
But it's a "bit strange" because Gautam Nandane is a Senior Web Developer at Qualys and, according to his LinedIn profile, is based in Pune, Maharashtra, India. In other words, a position in which he tends not to write about security topics on the Qualys blog. And when he does, it's in English. There are only three posts from him on the Qualys blog.
My explanation: Gautam Nandane, Senior Web Developer at Qualys, has probably had a "slight headache" since July 2, 2024. His account appears to have been compromised, and the attacker has had the fun of replacing the blog posts under this account with Russian-language texts advertising online gambling. Of course, this doesn't go down well with a company that is committed to security. I will contact Qualys now, to reach out for a statement.
It looks like the post and the author profile have been removed from Qualys website!
Yes, it seems that my Facbook comment on Qualys site and my mail triggered an action. But I've no feedback so far to my e-mail.
https://urlscan.io/result/a5c9bb89-f7c1-4909-ae49-a4bf9a4bbd66/ vs
https://urlscan.io/result/a5c9bb89-f7c1-4909-ae49-a4bf9a4bbd66/