Surviving the Week 11/23/12, PCI Security Standards Council Adds Guidelines

PCI Security Standards Council Adds Guidelines for Data Security Standards Risk Assessment

PCI Security Standards

PCI Security Standards Council released guidelines for DSS risk assessment. There are three key recommendations:

  1. Organizations should implement a formalized risk assessment methodology that best suits the culture and requirements of the organization.
  2. A continuous risk assessment process enables ongoing discovery of emerging threats and vulnerabilities, allowing an organization to mitigate such threats and vulnerabilities in a proactive and timely manner.
  3. Risk assessments must not be used as a means of avoiding or bypassing applicable PCI DSS requirements (or related compensating controls).

NTOSpider with Universal Translator Technology generates reports according to the PCI Data Security Standards to help you find security vulnerabilities which violate PCI controls. Test your application with NTOSpider. Request a free trial today.

Full PCI DSS guidelines can be accessed at: https://www.pcisecuritystandards.org/documents/PCI_DSS_Risk_Assmt_Guidelines_v1.pdf

 

New Version of Chrome is Released

Google released Chrome version 23.0.1271.64 for Windows, Mac, Linux, and Chrome Frame this week. Some interesting new features for Privacy and Security in the release along with some security fixes.
http://thehackernews.com/2012/11/chrome-23-released-14-vulnerabilities.html

 

Interesting Stats on Cyber Attacks

A couple of studies are showing an increase in cyber security attacks. The NCC Group estimates more than 1 billion hacking attempts to take place in the final quarter of 2012.
http://thenextweb.com/insider/2012/11/12/hacking-attempts-to-pass-one-billion-in-final-quarter-of-2012-claims-information-assurance-firm/

In another report, Websense Security Labs predicts the top 7 cyber security attacks of 2013.
http://www.equities.com/news/headline-story?cat=tech&dt=2012-11-13&val=702635

 

Multiple Vulnerabilities

ManageEngine ServiceDesk 8.0 Cross Site Scripting – http://packetstormsecurity.org/files/118277
dotProject 2.1.6 Cross Site Scripting / SQL Injection – http://packetstormsecurity.org/files/118274
Yii Framework 1.1.8 Search SQL Injection – http://packetstormsecurity.org/files/118252
TP-LINK TL-WR841N 3.13.9 Cross Site Scripting – http://packetstormsecurity.org/files/118237
SonicWALL CDP 5040 6.x Cross Site Scripting – http://packetstormsecurity.org/files/118233
WordPress FireStorm Real Estate 2.06.08 SQL Injection – http://packetstormsecurity.org/files/118232
Apple QuickTime 7.7.2 Buffer Overflow – http://packetstormsecurity.org/files/118231
Manage Engine Exchange Reporter 4.1 Cross Site Scripting – http://packetstormsecurity.org/files/118203
Omni-Secure 5 / 6 / 7 Remote File Disclosure – http://packetstormsecurity.org/files/118202
Skype Account Service Session Token Bypass – http://packetstormsecurity.org/files/118199

About Dan Kuykendall 173 Articles
Connect with Dan on Google+

Be the first to comment

Leave a Reply

Your email address will not be published.


*