
PCI Security Standards Council Adds Guidelines for Data Security Standards Risk Assessment
PCI Security Standards Council released guidelines for DSS risk assessment. There are three key recommendations:
- Organizations should implement a formalized risk assessment methodology that best suits the culture and requirements of the organization.
- A continuous risk assessment process enables ongoing discovery of emerging threats and vulnerabilities, allowing an organization to mitigate such threats and vulnerabilities in a proactive and timely manner.
- Risk assessments must not be used as a means of avoiding or bypassing applicable PCI DSS requirements (or related compensating controls).
NTOSpider with Universal Translator Technology generates reports according to the PCI Data Security Standards to help you find security vulnerabilities which violate PCI controls. Test your application with NTOSpider. Request a free trial today.
Full PCI DSS guidelines can be accessed at: https://www.pcisecuritystandards.org/documents/PCI_DSS_Risk_Assmt_Guidelines_v1.pdf
New Version of Chrome is Released
Google released Chrome version 23.0.1271.64 for Windows, Mac, Linux, and Chrome Frame this week. Some interesting new features for Privacy and Security in the release along with some security fixes.
http://thehackernews.com/2012/11/chrome-23-released-14-vulnerabilities.html
Interesting Stats on Cyber Attacks
A couple of studies are showing an increase in cyber security attacks. The NCC Group estimates more than 1 billion hacking attempts to take place in the final quarter of 2012.
http://thenextweb.com/insider/2012/11/12/hacking-attempts-to-pass-one-billion-in-final-quarter-of-2012-claims-information-assurance-firm/
In another report, Websense Security Labs predicts the top 7 cyber security attacks of 2013.
http://www.equities.com/news/headline-story?cat=tech&dt=2012-11-13&val=702635
Multiple Vulnerabilities
ManageEngine ServiceDesk 8.0 Cross Site Scripting – http://packetstormsecurity.org/files/118277
dotProject 2.1.6 Cross Site Scripting / SQL Injection – http://packetstormsecurity.org/files/118274
Yii Framework 1.1.8 Search SQL Injection – http://packetstormsecurity.org/files/118252
TP-LINK TL-WR841N 3.13.9 Cross Site Scripting – http://packetstormsecurity.org/files/118237
SonicWALL CDP 5040 6.x Cross Site Scripting – http://packetstormsecurity.org/files/118233
WordPress FireStorm Real Estate 2.06.08 SQL Injection – http://packetstormsecurity.org/files/118232
Apple QuickTime 7.7.2 Buffer Overflow – http://packetstormsecurity.org/files/118231
Manage Engine Exchange Reporter 4.1 Cross Site Scripting – http://packetstormsecurity.org/files/118203
Omni-Secure 5 / 6 / 7 Remote File Disclosure – http://packetstormsecurity.org/files/118202
Skype Account Service Session Token Bypass – http://packetstormsecurity.org/files/118199
Leave a Reply