usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the product Nagios NRPE v.3.2.1. The following vulnerability classes were identified: Insufficient Filtering of Configuration file Memory Corruption (Heap Overflow) Logic Error In accordance with usd HeroLabs Responsible Disclosure Policy, all vendors have been notified of the existence of these vulnerabilities. For more detailed information …
The security analysts of usd HeroLab frequently discover previously unknown security vulnerabilities in products as part of their daily work. For these zero-day vulnerabilities, no security patches (corrective changes applied to the product to remedy security gaps) have been made or released yet. It is therefore essential to use any knowledge of such vulnerabilities responsibly to support manufacturers in finding …
Attackers gaining unauthorized access to IT systems and applications has severe consequences for companies. Pentests identify possible gateways hackers could exploit and show ways to sustainably raise the IT security level of a company. This makes pentesting one of the most effective methods of security analyses companies can employ to proactively protect themselves against hacking attacks. The security analyst (pentester) …
usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Dolibarr ERP/CRM and Codiad Web IDE. The following vulnerability classes were identified: Reflected XSS Stored XSS SQL Injection PHP Code Injection In accordance with usd HeroLabs Responsible Disclosure Policy, all vendors have been notified of the existence of these vulnerabilities. For more detailed …
Driven by the motivation to simplify the work for all team members, a team under the leadership of Sebastian Puttkammer, Managing Consultant at usd HeroLab, developed tools “made by usd HeroLab”. We asked what developments the recent years have brought and how they contribute to increasing the quality and efficiency of the usd HeroLab. Sebastian, you have developed many of …
With the help of the usd PCI Compliance Program, VR Payment guides its merchants pragmatically and professionally through the PCI DSS compliance validation process without compromising security or formal correctness. Read the full success story here.
A well-established tradition for the usd HeroLab and a great end to the year: from December 27 to 30, 2019, more than 20 HeroLabbers attended the four-day 36th Chaos Communication Congress in Leipzig, Germany. The congress offers an ideal opportunity for networking within the community. Read the full article on the usd HeroLab website.
In the era of digitalization, the question of whether systems and applications are effectively protected from attackers is business critical for many companies. The right choice of analysis methods is just as relevant as is choosing a competent partner. In this series, we present you the seven most important criteria you should consider when choosing a suitable partner for pentests, …
usd AG confirms secure handling of credit card data in data centers Whether for start-ups or global players – a PCI certification project can pose a major challenge to any business. This makes it all the more enjoyable for us to look back on the success we have achieved together with our clients. After all, nothing provides better insights into …
In this short series we provide you with useful facts about the Payment Card Industry Data Security Standard. Be well informed on your PCI DSS certification. What is the PCI DSS scope? The scope of a PCI DSS certification includes all components of a company’s environment that must meet the PCI DSS control objectives. In May 2017, the PCI Security …
