Surviving the Week 11/23/12, PCI Security Standards Council Adds Guidelines

PCI Security Standards Council Adds Guidelines for Data Security Standards Risk Assessment

PCI Security Standards

PCI Security Standards Council released guidelines for DSS risk assessment. There are three key recommendations:

  1. Organizations should implement a formalized risk assessment methodology that best suits the culture and requirements of the organization.
  2. A continuous risk assessment process enables ongoing discovery of emerging threats and vulnerabilities, allowing an organization to mitigate such threats and vulnerabilities in a proactive and timely manner.
  3. Risk assessments must not be used as a means of avoiding or bypassing applicable PCI DSS requirements (or related compensating controls).

NTOSpider with Universal Translator Technology generates reports according to the PCI Data Security Standards to help you find security vulnerabilities which violate PCI controls. Test your application with NTOSpider. Request a free trial today.

Full PCI DSS guidelines can be accessed at:


New Version of Chrome is Released

Google released Chrome version 23.0.1271.64 for Windows, Mac, Linux, and Chrome Frame this week. Some interesting new features for Privacy and Security in the release along with some security fixes.


Interesting Stats on Cyber Attacks

A couple of studies are showing an increase in cyber security attacks. The NCC Group estimates more than 1 billion hacking attempts to take place in the final quarter of 2012.

In another report, Websense Security Labs predicts the top 7 cyber security attacks of 2013.


Multiple Vulnerabilities

ManageEngine ServiceDesk 8.0 Cross Site Scripting –
dotProject 2.1.6 Cross Site Scripting / SQL Injection –
Yii Framework 1.1.8 Search SQL Injection –
TP-LINK TL-WR841N 3.13.9 Cross Site Scripting –
SonicWALL CDP 5040 6.x Cross Site Scripting –
WordPress FireStorm Real Estate 2.06.08 SQL Injection –
Apple QuickTime 7.7.2 Buffer Overflow –
Manage Engine Exchange Reporter 4.1 Cross Site Scripting –
Omni-Secure 5 / 6 / 7 Remote File Disclosure –
Skype Account Service Session Token Bypass –

About Dan Kuykendall 173 Articles
Connect with Dan on Google+

Be the first to comment

Leave a Reply

Your email address will not be published.