usd AG was again appointed to be part of the Global Executive Assessor Roundtable (GEAR). Since 2018, the GEAR has been facilitating a direct exchange between PCI assessors and the PCI Security Standards Council (PCI SSC) Senior Leadership. Every two years, leading Assessor Companies from all parts of the world are selected from a large number of applicants to give …
There is still a lot of work going on on the new version of the security standard for credit card data PCI DSS. The PCI Security Standards Council (PCI SSC) is planning to replace the previous version PCI DSS v3.2.1 with the upcoming version PCI DSS v4.0. PCI experts at usd AG have been following the development very closely and …
usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Bitbucket Server and Concrete5 CMS. The following vulnerability classes were identified: Server-Side Request Forgery Unencrypted Service Code Injection In accordance with usd HeroLabs Responsible Disclosure Policy, all vendors have been notified of the existence of these vulnerabilities. For more detailed information on the …
Many companies ask themselves whether attackers are able to compromise their IT infrastructure. Pentests provide reliable results to this question and pave the way for increasing the long term IT security. There are two approaches on how our security analysts can perform the pentest: on-site or remotely. Pentests via remote access are performed if the IP address range is accessible …
usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Symantec Endpoint Protection (Broadcom), Gambio GX and NCP Secure Enterprise Client. The following vulnerability classes were identified: Privileged File Write Cross-Site-Request-Forgery (CSRF) Blind SQL Injection Hardlink Vulnerability Stored Cross-Site Scripting (XSS) In accordance with usd HeroLabs Responsible Disclosure Policy, all vendors have been …
Our Hero is wearing black. Usually we are not political. But special times require special measures and there are things we just cannot leave uncommented. We are an internationally active company and work with and for many wonderful people from all parts of the world. Racism is the root of the evil and has no place in our thoughts and …
usd AG has been accredited by the PCI Security Standards Council (PCI SSC) as a Software Security Framework Assessor Company and is now officially listed on the PCI SSC website. This enables usd AG to assess and certify software products throughout Europe according to the Secure Software Standard of the SSF. Torsten Schlotmann, Managing Security Consultant at usd AG: “The …
Outsourcing certain tasks to external service providers has become an integral part of business operations. Whether it’s data center services, software development, the use of cloud services or call center services: cooperation with third parties is a valuable part of your own business operations. However, it also means that you have to rely on others and thus delegate some of …
usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Control-M/Agent, Chocolatey, Zencart, Starface UCC Client and Userlike Chat. The following vulnerability classes were identified: Cross-Site Scripting (XSS) Insufficient Filtering OS Command Injection Insecure File Copy Remote Buffer Overflow Arbitrary File Download Insecure Password Storage Weak File Permissions Binary Planting In accordance with …
Pentests are one of the most effective security analysis methods to check the IT security level of a company and identify opportunities for sustainable improvements. In addition, proof of conducting a pentest is an important component of many compliance requirements, such as the PCI DSS. Some preparatory steps are necessary before the actual pentest can be conducted in order to …
