Reality shows that it is no longer sufficient to implement only preventive IT security measures. An attack is only a matter of time. Ad-hoc measures are necessary once a successful attack has taken place. The measures must be individually adapted to the company and the type of attack. We give you an overview of the most important procedural rules: Change …
Compliance requirements are often the driving force behind the necessity of a pentest. However, each company and its IT infrastructure has to be looked at individually. Usually the initially requested pentest is not enough. For example, if applications run in the cloud, other attack vectors need to be considered as well. A good example is the cooperation with medavis GmbH. …
usd AG was again accredited by the PCI Security Standards Council (PCI SSC) with its scanning solution available through the usd PCI DSS Platform. The certification is valid worldwide. Corinna Reinheimer, who is in charge of ASV scans at usd AG: “We are pleased to continue performing ASV Scans for our customers worldwide. We apply high quality standards to our …
Invia PCI DSS Core-Team: „IT Infrastructure“ & Software Development “Invia Payment” About INVIA The Invia Group is a pan-European market leader in online travel distribution with 1300 employees in 16 offices across 7 countries. In 2019 more than 3 million customers travelled with Invia. The total transaction value was 1.5 billion EUR. The Invia Group operates major travel portals in Germany such as ab-in-den-urlaub.de and fluege.de. The internal payment service provider Invia SSC Germany GmbH was successfully …
usd AG was again appointed to be part of the Global Executive Assessor Roundtable (GEAR). Since 2018, the GEAR has been facilitating a direct exchange between PCI assessors and the PCI Security Standards Council (PCI SSC) Senior Leadership. Every two years, leading Assessor Companies from all parts of the world are selected from a large number of applicants to give …
There is still a lot of work going on on the new version of the security standard for credit card data PCI DSS. The PCI Security Standards Council (PCI SSC) is planning to replace the previous version PCI DSS v3.2.1 with the upcoming version PCI DSS v4.0. PCI experts at usd AG have been following the development very closely and …
usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Bitbucket Server and Concrete5 CMS. The following vulnerability classes were identified: Server-Side Request Forgery Unencrypted Service Code Injection In accordance with usd HeroLabs Responsible Disclosure Policy, all vendors have been notified of the existence of these vulnerabilities. For more detailed information on the …
Many companies ask themselves whether attackers are able to compromise their IT infrastructure. Pentests provide reliable results to this question and pave the way for increasing the long term IT security. There are two approaches on how our security analysts can perform the pentest: on-site or remotely. Pentests via remote access are performed if the IP address range is accessible …
usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Symantec Endpoint Protection (Broadcom), Gambio GX and NCP Secure Enterprise Client. The following vulnerability classes were identified: Privileged File Write Cross-Site-Request-Forgery (CSRF) Blind SQL Injection Hardlink Vulnerability Stored Cross-Site Scripting (XSS) In accordance with usd HeroLabs Responsible Disclosure Policy, all vendors have been …
Our Hero is wearing black. Usually we are not political. But special times require special measures and there are things we just cannot leave uncommented. We are an internationally active company and work with and for many wonderful people from all parts of the world. Racism is the root of the evil and has no place in our thoughts and …
