Security Advisory 07/2020

usd AG News, Security Research, usd HeroLab

usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Bitbucket Server and Concrete5 CMS. The following vulnerability classes were identified: Server-Side Request Forgery Unencrypted Service Code Injection In accordance with usd HeroLabs Responsible Disclosure Policy, all vendors have been notified of the existence of these vulnerabilities. For more detailed information on the …

usd OrangeBox makes remote pentests simple

usd AG News, usd HeroLab

Many companies ask themselves whether attackers are able to compromise their IT infrastructure. Pentests provide reliable results to this question and pave the way for increasing the long term IT security. There are two approaches on how our security analysts can perform the pentest: on-site or remotely. Pentests via remote access are performed if the IP address range is accessible …

Security Advisory 06/2020

usd AG News, Security Research, usd HeroLab

usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Symantec Endpoint Protection (Broadcom), Gambio GX and NCP Secure Enterprise Client. The following vulnerability classes were identified: Privileged File Write Cross-Site-Request-Forgery (CSRF) Blind SQL Injection Hardlink Vulnerability Stored Cross-Site Scripting (XSS) In accordance with usd HeroLabs Responsible Disclosure Policy, all vendors have been …

Security Advisory 04/2020

usd AG News, usd HeroLab

usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Control-M/Agent, Chocolatey, Zencart, Starface UCC Client and Userlike Chat. The following vulnerability classes were identified: Cross-Site Scripting (XSS) Insufficient Filtering OS Command Injection Insecure File Copy Remote Buffer Overflow Arbitrary File Download Insecure Password Storage Weak File Permissions Binary Planting In accordance with …

Pentest Scope: How to Determine the Testing Scope?

usd AG News, usd HeroLab

Pentests are one of the most effective security analysis methods to check the IT security level of a company and identify opportunities for sustainable improvements. In addition, proof of conducting a pentest is an important component of many compliance requirements, such as the PCI DSS. Some preparatory steps are necessary before the actual pentest can be conducted in order to …

Unknown Vulnerabilities – Responsibilities of the Finder

usd AG News, News, usd HeroLab

The security analysts of usd HeroLab frequently discover previously unknown security vulnerabilities in products as part of their daily work. For these zero-day vulnerabilities, no security patches (corrective changes applied to the product to remedy security gaps) have been made or released yet. It is therefore essential to use any knowledge of such vulnerabilities responsibly to support manufacturers in finding …

Pentest – What analysis approaches are there?

usd AG News, usd HeroLab

Attackers gaining unauthorized access to IT systems and applications has severe consequences for companies. Pentests identify possible gateways hackers could exploit and show ways to sustainably raise the IT security level of a company. This makes pentesting one of the most effective methods of security analyses companies can employ to proactively protect themselves against hacking attacks. The security analyst (pentester) …

Security Advisory 01/2020

usd AG News, Security Research, usd HeroLab

usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Dolibarr ERP/CRM and Codiad Web IDE. The following vulnerability classes were identified: Reflected XSS Stored XSS SQL Injection PHP Code Injection In accordance with usd HeroLabs Responsible Disclosure Policy, all vendors have been notified of the existence of these vulnerabilities. For more detailed …

Top 7 Quality Criteria for a Pentest Partner

usd AG News, usd HeroLab

In the era of digitalization, the question of whether systems and applications are effectively protected from attackers is business critical for many companies. The right choice of analysis methods is just as relevant as is choosing a competent partner. In this series, we present you the seven most important criteria you should consider when choosing a suitable partner for pentests, …