Security Advisory 07/2019

usd AG News, usd HeroLab

by Stefan Schmer, Managing Consultant at usd HeroLab. Vulnerability Disclosure usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Adobe Experience Manager (AEM), Bitbucket, feeling4design Super Forms and Oracle Transportation Management (OTM). The following vulnerability classes were identified: Cross Site Scripting (XSS) Username/Filename Enumeration Sensitive Data disclosure Code Injection Broken Access Control …

Getting ready for DEF CON 27

usd AG News, usd HeroLab

We are excited to present one of our in-house developments at DEF CON 27 – the CST Chef. Our Heroes and developers Sebastian Puttkammer and Ralf Almon, Managing Consultants at usd HeroLab, have taken a brief moment to say some quick words. Ralf, DEF CON is a staple conference of the international hacker scene. How did you react when you …

usd AG accredited by PCI Council as Qualified PIN Assessor

usd AG News, PCI Security Services

usd AG has been accredited by the PCI Security Standards Council (PCI SSC) as a Qualified PIN Assessor (QPA). The license is valid worldwide. With its new Qualified PIN Assessor (QPA) Program, the PCI Security Standards Council accredits security experts as assessors according to the PCI PIN Security Standard. The PCI PIN Security Standard contains requirements for the secure management, …

#BeAware: Tailgating and Piggybacking

usd AG News, Security Consulting

Tailgating, also known as Piggybacking, is no trendy new sport, although the name might suggest otherwise. The term refers to a security risk many companies are facing. Tailgating describes the attempt of an attacker to gain access to restricted areas in a company building by inconspicuously tagging along after authorized persons or groups. The attacker counts on people’s courtesy and …

usd HeroLab at DEF CON 2019

usd AG News, usd HeroLab

Cyber Security Transformation Chef (CSTC) Convinced Jury As one of the largest international IT security conferences worldwide, DEF CON once again brings together the world’s leading IT security experts in August. We are happy to announce that we will be presenting one of our in-house developments at the DEF CON Demo Labs: the Cyber Security Transformation Chef (CSTC). With the …

usd AG Re-Certified as Approved Scanning Vendor (ASV) Worldwide

usd AG News, PCI Security Services, usd HeroLab

usd AG with its scanning solution available through the usd PCI DSS Platform has been re-certified as an Approved Scanning Vendor (ASV) by the PCI Security Standards Council (PCI SSC). The certification is valid worldwide. At the same time, usd released a new version of its usd PCI DSS Platform, which contains comprehensive functional improvements. A new feature allows users …

#BeAware: Cookies

usd AG News, Security Consulting

On almost every website, banners and overlays point out that this specific website will save Cookies. But what exactly are Cookies? Cookies are text files created by the website/the browser that are saved locally on the computer. Since a file in this format cannot be used to execute code on its own, the file itself is harmless. However, Cookies are …

CYBERWOMEN 2019 – The Event for Women in IT Security

usd AG News

The number of women in IT security is still relatively low today. The “CYBERWOMEN 2019” forum has therefore taken on the task of gathering experts from the cyber security industry to provide a platform for professional exchange and networking. Kerstin Sittinger, Senior Security Consultant at usd AG, attended the event in Munich on 25 June – together with experts from …

Learned. Shared. Connected. Newcomer @ CST – A Review

usd AG CST Academy, News, PCI Security Services, Security Consulting, usd HeroLab

In events especially tailored to students, trainees and young professionals CST Academy and usd AG brought together cybersecurity newcomers in June and July. During the usd Consulting Days in Cologne and Neu-Isenburg, students had the chance to have all their questions answered by experienced consultants – questions about careers in consulting, the everyday working life and how to get started. …