usd OrangeBox makes remote pentests simple

usd AG News, usd HeroLab

Many companies ask themselves whether attackers are able to compromise their IT infrastructure. Pentests provide reliable results to this question and pave the way for increasing the long term IT security. There are two approaches on how our security analysts can perform the pentest: on-site or remotely. Pentests via remote access are performed if the IP address range is accessible …

Security Advisory 06/2020

usd AG News, Security Research, usd HeroLab

usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Symantec Endpoint Protection (Broadcom), Gambio GX and NCP Secure Enterprise Client. The following vulnerability classes were identified: Privileged File Write Cross-Site-Request-Forgery (CSRF) Blind SQL Injection Hardlink Vulnerability Stored Cross-Site Scripting (XSS) In accordance with usd HeroLabs Responsible Disclosure Policy, all vendors have been …

#SayNoToRacism

usd AG News

Our Hero is wearing black. Usually we are not political. But special times require special measures and there are things we just cannot leave uncommented. We are an internationally active company and work with and for many wonderful people from all parts of the world. Racism is the root of the evil and has no place in our thoughts and …

usd AG accredited as Software Security Framework Assessor Company

usd AG News, PCI Security Services

usd AG has been accredited by the PCI Security Standards Council (PCI SSC) as a Software Security Framework Assessor Company and is now officially listed on the PCI SSC website. This enables usd AG to assess and certify software products throughout Europe according to the Secure Software Standard of the SSF. Torsten Schlotmann, Managing Security Consultant at usd AG: “The …

Efficient Compliance Audits of Your Service Providers

usd AG News, PCI Security Services, Security Consulting

Outsourcing certain tasks to external service providers has become an integral part of business operations. Whether it’s data center services, software development, the use of cloud services or call center services: cooperation with third parties is a valuable part of your own business operations. However, it also means that you have to rely on others and thus delegate some of …

Security Advisory 04/2020

usd AG News, usd HeroLab

usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Control-M/Agent, Chocolatey, Zencart, Starface UCC Client and Userlike Chat. The following vulnerability classes were identified: Cross-Site Scripting (XSS) Insufficient Filtering OS Command Injection Insecure File Copy Remote Buffer Overflow Arbitrary File Download Insecure Password Storage Weak File Permissions Binary Planting In accordance with …

Pentest Scope: How to Determine the Testing Scope?

usd AG News, usd HeroLab

Pentests are one of the most effective security analysis methods to check the IT security level of a company and identify opportunities for sustainable improvements. In addition, proof of conducting a pentest is an important component of many compliance requirements, such as the PCI DSS. Some preparatory steps are necessary before the actual pentest can be conducted in order to …

Current Information on Remote Assessments according to PCI Security Standards

usd AG News, PCI Security Services

In order to slow down the spread of the coronavirus, many countries have imposed movement restrictions and travel bans. Of course, we adhere strictly to these regulations. To ensure that your certification projects in accordance with the PCI Security Standards do not come to a complete standstill during this period, we are currently converting our on-site assessments to remote assessments …

Security Advisory 02/2020

usd AG News

usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the product Nagios NRPE v.3.2.1. The following vulnerability classes were identified: Insufficient Filtering of Configuration file Memory Corruption (Heap Overflow) Logic Error In accordance with usd HeroLabs Responsible Disclosure Policy, all vendors have been notified of the existence of these vulnerabilities. For more detailed information …

A step towards more security: Our expert’s examination of the PCI Software Security Framework

usd AG News, PCI Security Services

In January 2019, the PCI Security Standards Council first announced the introduction of the new Software Security Framework (SSF) which currently includes two new standards: The Secure Software Lifecycle Standard (Secure SLC) and the Secure Software Standard. With the respective certifications, payment software providers can prove that both their payment software as well as their development processes meet comprehensive and …