EIN BLICK IN DEN NEUEN ENTWURF DER ISO 27002

ISMS IN A NUTSHELL

Bei Informationssicherheit geht es um den Schutz Ihrer Unternehmenswerte. In dieser Serie erläutern wir Wissenswertes rund um Informationssicherheitsmanagement.

PA-DSS | USD AG

The PCI PA-DSS certification consists of an On-Site Assessment performed by a usd expert. We specify the actual test scope and the testing procedure in advance together with you. The assessment is a formal process to validate your implementation of the PCI PA-DSS requirements. We document the results of the on-site audit including

recommended

ZAIT – DAS NEUE REGELWERK DER BAFIN ZAIT – Das neue Regelwerk der BaFin für Zahlungs- und E-Geld-Institute. usd AG 14. April 2021 Financial Sector & Compliance, News. Zunehmende Digitalisierung und ein signifikanter Anstieg des Online-Geschäfts rücken nun auch die bereits regulierten Zahlungsdienstleister in den Fokus der BaFin-Sicherheitsbestrebungen. USD SEMINAR: SECURE CODING FOUNDATION The seminar will be held using the Microsoft Teams meeting function. After your registration and confirmation by the CST Academy, you will receive the access data for the individual online sessions in Microsoft Teams via Email approximately one week before the seminar.

USD PCI PLATTFORM

With the purchase of a Consulting Package, usd AG offers you the option to discuss specific questions regarding the implementation of PCI DSS in your company with our security experts.Which tasks will be handled by usd consultants will be determined flexibly and according to your needs together with you. AUFBAU ODER WEITERENTWICKLUNG IHRES ISMS Betrieb eines ISMS nach ISO 27001. Dieses zweitägige Seminar steigt tiefer in den Betrieb und die Weiterentwicklung eines ISMS ein. Entlang der einzelnen Kapitel der ISO 27001 diskutiert unser Referent mit Ihnen die Anforderungen, mögliche Ansätze und Best Practices. Termin: 23.-24.11.2021. Uhrzeit: jeweils 09:00 – 17:00 Uhr. 10 TIPPS FÜR DEN UMGANG MIT HACKERANGRIFFEN 10 Tipps für den richtigen Umgang mit Hackerangriffen. usd AG 24. September 2020 Cyber Defence, Cybersecurity Tips, News. Die Realität zeigt, dass es schon lange nicht mehr ausreicht, nur präventive IT-Sicherheitsmaßnahmen zu implementieren. Ein Angriff ist nur eine

Frage der Zeit.

ISMS BERATUNG

Wir beraten Sie bei der initialen Einführung eines ISMS und unterstützen Sie bei der Umsetzung von konkreten Maßnahmen. Definition der relevanten ISMS-Prozesse auf Basis von Best-Practices, angepasst an Ihr Unternehmen. Unterstützung der 1st und 2nd Line-of-Defense, z.B. bei der Erstellung von Richtlinien oder Auswahl

von Maßnahmen

PENTEST: SCHÜTZEN SIE IHRE SYSTEME PROAKTIV Ein Penetrationstest, kurz Pentest, ist eine effektive IT-Sicherheitsmaßnahme, um das Sicherheitsniveau Ihrer Systeme und Applikationen zu überprüfen und Compliance-Anforderungen einzuhalten. Bei usd Pentests schlüpfen unsere Security Analysten für Sie in die Rolle eines Angreifers und versuchen mit jenen Methoden und Mitteln, die auch EIN BLICK IN DEN NEUEN ENTWURF DER ISO 27002

ISMS IN A NUTSHELL

Bei Informationssicherheit geht es um den Schutz Ihrer Unternehmenswerte. In dieser Serie erläutern wir Wissenswertes rund um Informationssicherheitsmanagement.

PA-DSS | USD AG

The PCI PA-DSS certification consists of an On-Site Assessment performed by a usd expert. We specify the actual test scope and the testing procedure in advance together with you. The assessment is a formal process to validate your implementation of the PCI PA-DSS requirements. We document the results of the on-site audit including

recommended

ZAIT – DAS NEUE REGELWERK DER BAFIN ZAIT – Das neue Regelwerk der BaFin für Zahlungs- und E-Geld-Institute. usd AG 14. April 2021 Financial Sector & Compliance, News. Zunehmende Digitalisierung und ein signifikanter Anstieg des Online-Geschäfts rücken nun auch die bereits regulierten Zahlungsdienstleister in den Fokus der BaFin-Sicherheitsbestrebungen. USD SEMINAR: SECURE CODING FOUNDATION The seminar will be held using the Microsoft Teams meeting function. After your registration and confirmation by the CST Academy, you will receive the access data for the individual online sessions in Microsoft Teams via Email approximately one week before the seminar.

USD PCI PLATTFORM

With the purchase of a Consulting Package, usd AG offers you the option to discuss specific questions regarding the implementation of PCI DSS in your company with our security experts.Which tasks will be handled by usd consultants will be determined flexibly and according to your needs together with you. AUFBAU ODER WEITERENTWICKLUNG IHRES ISMS Betrieb eines ISMS nach ISO 27001. Dieses zweitägige Seminar steigt tiefer in den Betrieb und die Weiterentwicklung eines ISMS ein. Entlang der einzelnen Kapitel der ISO 27001 diskutiert unser Referent mit Ihnen die Anforderungen, mögliche Ansätze und Best Practices. Termin: 23.-24.11.2021. Uhrzeit: jeweils 09:00 – 17:00 Uhr. 10 TIPPS FÜR DEN UMGANG MIT HACKERANGRIFFEN 10 Tipps für den richtigen Umgang mit Hackerangriffen. usd AG 24. September 2020 Cyber Defence, Cybersecurity Tips, News. Die Realität zeigt, dass es schon lange nicht mehr ausreicht, nur präventive IT-Sicherheitsmaßnahmen zu implementieren. Ein Angriff ist nur eine

Frage der Zeit.

ISMS BERATUNG

Wir beraten Sie bei der initialen Einführung eines ISMS und unterstützen Sie bei der Umsetzung von konkreten Maßnahmen. Definition der relevanten ISMS-Prozesse auf Basis von Best-Practices, angepasst an Ihr Unternehmen. Unterstützung der 1st und 2nd Line-of-Defense, z.B. bei der Erstellung von Richtlinien oder Auswahl

von Maßnahmen

PENTEST: SCHÜTZEN SIE IHRE SYSTEME PROAKTIV Ein Penetrationstest, kurz Pentest, ist eine effektive IT-Sicherheitsmaßnahme, um das Sicherheitsniveau Ihrer Systeme und Applikationen zu überprüfen und Compliance-Anforderungen einzuhalten. Bei usd Pentests schlüpfen unsere Security Analysten für Sie in die Rolle eines Angreifers und versuchen mit jenen Methoden und Mitteln, die auch

ABOUT US | USD AG

WHAT WE DO. We protect companies against hackers and criminals. Our work is as dynamic and diverse as the threat itself. As an accredited assessor, we advise and certify companies worldwide according to the specifications of the credit card industry. The experts at usd HeroLabs identify vulnerabilities in IT systems and applications.

CONTACT | USD AG

THE RIGHT CONTACT FOR YOUR REQUESTS. Do you have questions? Don’t hesitate to contact us. Phone: +49 6102 8631-0. Email: contact@usd.de.

Contact us.

SERVICE PROVIDER AUDIT A service provider audit is always individually tailored to the requirements relevant for you and your service providers. For example, we check: Supplier contract. Supplier management processes. Supplier policies. Suppliers incident management. Change management. DOHOP SUCCESSFULLY CERTIFIED ACCORDING TO PCI DSS Dohop, an technology provider for the airline industry, has been successfully certified by usd AG according to PCI DSS.Based in Iceland, Dohop provides, operates and supports the virtual interlining platforms of a number of partner airlines including the booking and

payment processes.

PCI COMPLIANCE PROGRAMM A personal contact person from our Service Management will design and execute the implementation project of your PCI Compliance Program together with you. The Service Management will be your single point of contact throughout our entire collaboration. Discussion of strategic and operational topics. Development of solutions based on the INCIDENT RESPONSE AND FORENSICS The trend towards professionally organized cyber crime continues. Attackers are getting stronger and developing more and more targeted and complex attack methods. One example is Advanced Persistent Threat (APT), which consists of several attack levels. Spear Phishing attacks are often used to defeat security systems: Once the attackers have

USD-2021-0005

The CheckPoint Identity Agent allows users to collect information for the technical support. This information is collected to a Windows Cabinet file and stored within a user defined location.During the write operation that creates the Cabinet file, the service uses the permissions of the SYSTEM account, which allows low privileged users to create the Cabinet file in arbitrary locations of the

USD-2020-0028

A path traversal attack aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical

SECURITY RESEARCH

Our experienced security analysts teach the course “Hacker Contest” at the Technical University Darmstadt and the University of Applied Sciences Darmstadt in the summer semester 2019. During the course students have the opportunity to experience IT security in practice. The usd HeroLab‘s own PentestLab provides the technological basis. HACK THE BOX: OOUCH WRITE-UP At the beginning of the year Hack The Box released Oouch, a vulnerable machine created by usd HeroLab consultant and security researcher Tobias Neitzel (). Oouch is an implementation of an OAuth2 authorization server and also ships a compatible consumer application. Both contain common OAuth2 vulnerabilities that can be used to get access to the system.

USD AG

Sharing Cybersecurity Know-How Is More Important Than Ever! CST Academy offers a wide range of training, expert seminars, workshops, student events and webinars. TIBER-DE, BAIT, KAIT, VAIT - Cyber security is a focus of numerous special audits in the financial sector. We help you prepare. USD AGTRANSLATE THIS PAGELEISTUNGENÜBER UNSKARRIEREUSD HEROLABCST ACADEMYNEWS & ARTIKEL Die usd AG schützt Unternehmen vor Hackern und Kriminellen. So dynamisch und vielfältig wie die Bedrohung, ist ihre Arbeit. EIN BLICK IN DEN NEUEN ENTWURF DER ISO 27002 SERVICE PROVIDER AUDIT A service provider audit is always individually tailored to the requirements relevant for you and your service providers. For example, we check: Supplier contract. Supplier management processes. Supplier policies. Suppliers incident management. Change management. PCI DSS VERSION 4.0: WHAT IS THE CURRENT STATUS? The PCI SSC refers to version 4.0 as the most significant change since PCI DSS v1.0, since the current version 3.2.1 no longer reflects the rapid technological changes we see in the field of IT. It must be fundamentally revised to account for technologies such as cloud services and microservices that are used more and more. PENTEST: PROTECT YOUR SYSTEMS PROACTIVELY A penetration test, or pentest for short, is an effective IT security measure to analyze the security level of your systems and applications and is often required to comply with compliance requirements. In usd pentests, our security analysts assume the role of a hacker and attempt to penetrate your company’s IT systems in a targeted

USD PCI PLATTFORM

With the purchase of a Consulting Package, usd AG offers you the option to discuss specific questions regarding the implementation of PCI DSS in your company with our security experts.Which tasks will be handled by usd consultants will be determined flexibly and according to your needs together with you. 10 TIPPS FÜR DEN UMGANG MIT HACKERANGRIFFEN 10 Tipps für den richtigen Umgang mit Hackerangriffen. usd AG 24. September 2020 Cyber Defence, Cybersecurity Tips, News. Die Realität zeigt, dass es schon lange nicht mehr ausreicht, nur präventive IT-Sicherheitsmaßnahmen zu implementieren. Ein Angriff ist nur eine

Frage der Zeit.

USD-2021-0005

The CheckPoint Identity Agent allows users to collect information for the technical support. This information is collected to a Windows Cabinet file and stored within a user defined location.During the write operation that creates the Cabinet file, the service uses the permissions of the SYSTEM account, which allows low privileged users to create the Cabinet file in arbitrary locations of the USD AWARENESS PLATTFORMTRANSLATE THIS PAGE Auf der usd Security Awareness Trainingsplattform haben Sie eine Auswahl an verschiedenen Trainings. Unter anderem bieten wir Ihnen folgende WBTs an: • Datenschutztraining (EU-DSGVO) • Allgemeine Informationssicherheit. • PCI-Security-Awareness-Training. • Social-Engineering-Training.

USD AG

Sharing Cybersecurity Know-How Is More Important Than Ever! CST Academy offers a wide range of training, expert seminars, workshops, student events and webinars. TIBER-DE, BAIT, KAIT, VAIT - Cyber security is a focus of numerous special audits in the financial sector. We help you prepare. USD AGTRANSLATE THIS PAGELEISTUNGENÜBER UNSKARRIEREUSD HEROLABCST ACADEMYNEWS & ARTIKEL Die usd AG schützt Unternehmen vor Hackern und Kriminellen. So dynamisch und vielfältig wie die Bedrohung, ist ihre Arbeit. EIN BLICK IN DEN NEUEN ENTWURF DER ISO 27002 SERVICE PROVIDER AUDIT A service provider audit is always individually tailored to the requirements relevant for you and your service providers. For example, we check: Supplier contract. Supplier management processes. Supplier policies. Suppliers incident management. Change management. PCI DSS VERSION 4.0: WHAT IS THE CURRENT STATUS? The PCI SSC refers to version 4.0 as the most significant change since PCI DSS v1.0, since the current version 3.2.1 no longer reflects the rapid technological changes we see in the field of IT. It must be fundamentally revised to account for technologies such as cloud services and microservices that are used more and more. PENTEST: PROTECT YOUR SYSTEMS PROACTIVELY A penetration test, or pentest for short, is an effective IT security measure to analyze the security level of your systems and applications and is often required to comply with compliance requirements. In usd pentests, our security analysts assume the role of a hacker and attempt to penetrate your company’s IT systems in a targeted

USD PCI PLATTFORM

With the purchase of a Consulting Package, usd AG offers you the option to discuss specific questions regarding the implementation of PCI DSS in your company with our security experts.Which tasks will be handled by usd consultants will be determined flexibly and according to your needs together with you. 10 TIPPS FÜR DEN UMGANG MIT HACKERANGRIFFEN 10 Tipps für den richtigen Umgang mit Hackerangriffen. usd AG 24. September 2020 Cyber Defence, Cybersecurity Tips, News. Die Realität zeigt, dass es schon lange nicht mehr ausreicht, nur präventive IT-Sicherheitsmaßnahmen zu implementieren. Ein Angriff ist nur eine

Frage der Zeit.

USD-2021-0005

The CheckPoint Identity Agent allows users to collect information for the technical support. This information is collected to a Windows Cabinet file and stored within a user defined location.During the write operation that creates the Cabinet file, the service uses the permissions of the SYSTEM account, which allows low privileged users to create the Cabinet file in arbitrary locations of the USD AWARENESS PLATTFORMTRANSLATE THIS PAGE Auf der usd Security Awareness Trainingsplattform haben Sie eine Auswahl an verschiedenen Trainings. Unter anderem bieten wir Ihnen folgende WBTs an: • Datenschutztraining (EU-DSGVO) • Allgemeine Informationssicherheit. • PCI-Security-Awareness-Training. • Social-Engineering-Training.

ABOUT US | USD AG

WHAT WE DO. We protect companies against hackers and criminals. Our work is as dynamic and diverse as the threat itself. As an accredited assessor, we advise and certify companies worldwide according to the specifications of the credit card industry. The experts at usd HeroLabs identify vulnerabilities in IT systems and applications.

NEWS | USD AG

The PCI Security Standards Council (PCI SSC) released version 1.1 of the Secure Software Standard and associated Program Guide last

YOUR INQUIRY

We Look Forward to Your inquiry! Do you have any questions or need assistance? Talk to us and use the following contact formular below. We will contact you as soon as possible. Phone: +49 6102 8631-190. Email: sales@usd.de. Felix Schmidt. usd Team Lead Sales. Security

Consulting.

TOP 5 VULNERABILITIES 2020: BROKEN ACCESS CONTROL Our security analysts often identify entry points for hackers during their pentests. In our mini-series, we present our top 5 most notable vulnerabilities in 2020. Part 2: Broken Access Control VERSION 1.1 EXTENDS SCOPE OF SECURE SOFTWARE STANDARD The PCI Security Standards Council (PCI SSC) released version 1.1 of the Secure Software Standard and associated Program Guide last week. This standard is part of the PCI Software Security Framework and will completely supersede the previous payment application standard, the PCI PA-DSS, as of October 28, 2022.. The Secure Software Standard has a modular structure. SERVICE PROVIDER AUDIT A service provider audit is always individually tailored to the requirements relevant for you and your service providers. For example, we check: Supplier contract. Supplier management processes. Supplier policies. Suppliers incident management. Change management. USD WEBINAR RECORDINGS Missed a Webinar? Feel free to browse through our recordings.

USD-2021-0005

The CheckPoint Identity Agent allows users to collect information for the technical support. This information is collected to a Windows Cabinet file and stored within a user defined location.During the write operation that creates the Cabinet file, the service uses the permissions of the SYSTEM account, which allows low privileged users to create the Cabinet file in arbitrary locations of the

SECURITY ADVISORIES

We share the knowledge we gain in our practical work and our research through training courses and publications. In this context, the usd HeroLab publishes a series of papers on current vulnerabilities and security issues. – always in line with our Responsible Disclosure Policy. Always in the name of our mission: “more security”.

SECURITY ADVISORIES

SECURITY ADVISORIES. Um Unternehmen vor Hackern und Kriminellen zu schützen, müssen wir sicherstellen, dass unsere Fähigkeiten und Kenntnisse stets auf dem neuesten Stand sind. Deshalb ist die Sicherheitsforschung für unsere Arbeit ebenso wichtig wie der Aufbau einer Security Community zur Förderung des Wissensaustausches. USD AGTRANSLATE THIS PAGELEISTUNGENÜBER UNSKARRIEREUSD HEROLABCST ACADEMYNEWS & ARTIKEL Die usd AG schützt Unternehmen vor Hackern und Kriminellen. So dynamisch und vielfältig wie die Bedrohung, ist ihre Arbeit.

USD AG

Sharing Cybersecurity Know-How Is More Important Than Ever! CST Academy offers a wide range of training, expert seminars, workshops, student events and webinars. TIBER-DE, BAIT, KAIT, VAIT - Cyber security is a focus of numerous special audits in the financial sector. We help you prepare. EIN BLICK IN DEN NEUEN ENTWURF DER ISO 27002 PCI DSS VERSION 4.0: WHAT IS THE CURRENT STATUS? The PCI SSC refers to version 4.0 as the most significant change since PCI DSS v1.0, since the current version 3.2.1 no longer reflects the rapid technological changes we see in the field of IT. It must be fundamentally revised to account for technologies such as cloud services and microservices that are used more and more. ZAIT – DAS NEUE REGELWERK DER BAFIN ZAIT – Das neue Regelwerk der BaFin für Zahlungs- und E-Geld-Institute. usd AG 14. April 2021 Financial Sector & Compliance, News. Zunehmende Digitalisierung und ein signifikanter Anstieg des Online-Geschäfts rücken nun auch die bereits regulierten Zahlungsdienstleister in den Fokus der BaFin-Sicherheitsbestrebungen. USD SEMINAR: SECURE CODING FOUNDATION The seminar will be held using the Microsoft Teams meeting function. After your registration and confirmation by the CST Academy, you will receive the access data for the individual online sessions in Microsoft Teams via Email approximately one week before the seminar. USD AGTRANSLATE THIS PAGELEISTUNGENÜBER UNSKARRIEREUSD HEROLABCST ACADEMYNEWS & ARTIKEL Die usd AG schützt Unternehmen vor Hackern und Kriminellen. So dynamisch und vielfältig wie die Bedrohung, ist ihre Arbeit.

USD AG

Sharing Cybersecurity Know-How Is More Important Than Ever! CST Academy offers a wide range of training, expert seminars, workshops, student events and webinars. TIBER-DE, BAIT, KAIT, VAIT - Cyber security is a focus of numerous special audits in the financial sector. We help you prepare. EIN BLICK IN DEN NEUEN ENTWURF DER ISO 27002 PCI DSS VERSION 4.0: WHAT IS THE CURRENT STATUS? The PCI SSC refers to version 4.0 as the most significant change since PCI DSS v1.0, since the current version 3.2.1 no longer reflects the rapid technological changes we see in the field of IT. It must be fundamentally revised to account for technologies such as cloud services and microservices that are used more and more. ZAIT – DAS NEUE REGELWERK DER BAFIN ZAIT – Das neue Regelwerk der BaFin für Zahlungs- und E-Geld-Institute. usd AG 14. April 2021 Financial Sector & Compliance, News. Zunehmende Digitalisierung und ein signifikanter Anstieg des Online-Geschäfts rücken nun auch die bereits regulierten Zahlungsdienstleister in den Fokus der BaFin-Sicherheitsbestrebungen. USD SEMINAR: SECURE CODING FOUNDATION The seminar will be held using the Microsoft Teams meeting function. After your registration and confirmation by the CST Academy, you will receive the access data for the individual online sessions in Microsoft Teams via Email approximately one week before the seminar.

USD AG

Sharing Cybersecurity Know-How Is More Important Than Ever! CST Academy offers a wide range of training, expert seminars, workshops, student events and webinars. TIBER-DE, BAIT, KAIT, VAIT - Cyber security is a focus of numerous special audits in the financial sector. We help you prepare. SECURITY ADVISORY 05/2021 The usd HeroLab pentesters identified vulnerabilities in products from VMWare and Bitdefender while conducting their security analyses. In close cooperation with the manufacturers, the security vulnerabilities were successfully closed. SERVICE PROVIDER AUDIT A service provider audit is always individually tailored to the requirements relevant for you and your service providers. For example, we check: Supplier contract. Supplier management processes. Supplier policies. Suppliers incident management. Change management.

PCI DSS | USD AG

PCI DSS. We are one of the few companies in Germany to be accredited by the PCI Security Standards Council to perform PCI DSS assessments. As your assessor and consultant, we will guide you through the certification process. Select the type of business that applies to you and find out what your path to PCI compliance looks like: PENTEST: PROTECT YOUR SYSTEMS PROACTIVELY A penetration test, or pentest for short, is an effective IT security measure to analyze the security level of your systems and applications and is often required to comply with compliance requirements. In usd pentests, our security analysts assume the role of a hacker and attempt to penetrate your company’s IT systems in a targeted KARRIERE | USD AGTRANSLATE THIS PAGE Become a Hero. Studierende, Absolventen & Experten. MitarbeiterInnen im Gespräch. Jeder, der sich für einen Arbeitgeber entscheidet,

entscheidet

USD PCI PLATTFORM

To prove PCI DSS compliance, companies that process, store or transmit credit card data must have their IT systems tested for vulnerabilities by a certified provider (Approved Scanning Vendor / ASV) by means of an External Security Scan.. With Internal Security Scans you can check your IT systems (servers, networks, web servers, web shops, etc.) for many thousands of known and constantly USD ERHÄLT ERNEUT LEHRAUFTRAG AN TU DARMSTADT usd erhält erneut Lehrauftrag an TU Darmstadt. usd AG 21. Oktober 2020 Events & Community, News, usd Updates. Mit Beginn des Wintersemesters 2020/2021 wird erneut die Lehrveranstaltung „Hacker Contest“ von erfahrenen Security Analysten des usd HeroLabs an der Technischen Universität Darmstadt (TU Darmstadt) durchgeführt. USD SEMINAR: EINFÜHRUNG EINES ISMS NACH ISO …TRANSLATE THIS PAGE Das Seminar wird mit der Besprechungsfunktion von Microsoft Teams durchgeführt. Nach Ihrer Anmeldung und Bestätigung durch die CST Academy erhalten Sie die Zugangsdaten für die einzelnen Online-Sessions in Microsoft Teams per E-Mail.

SECURITY RESEARCH

Our experienced security analysts teach the course “Hacker Contest” at the Technical University Darmstadt and the University of Applied Sciences Darmstadt in the summer semester 2019. During the course students have the opportunity to experience IT security in practice. The usd HeroLab‘s own PentestLab provides the technological basis.

USD AG

Sharing Cybersecurity Know-How Is More Important Than Ever! CST Academy offers a wide range of training, expert seminars, workshops, student events and webinars. TIBER-DE, BAIT, KAIT, VAIT - Cyber security is a focus of numerous special audits in the financial sector. We help you prepare. USD AGTRANSLATE THIS PAGELEISTUNGENÜBER UNSKARRIEREUSD HEROLABCST ACADEMYNEWS & ARTIKEL Die usd AG schützt Unternehmen vor Hackern und Kriminellen. So dynamisch und vielfältig wie die Bedrohung, ist ihre Arbeit. EIN BLICK IN DEN NEUEN ENTWURF DER ISO 27002 SERVICE PROVIDER AUDIT A service provider audit is always individually tailored to the requirements relevant for you and your service providers. For example, we check: Supplier contract. Supplier management processes. Supplier policies. Suppliers incident management. Change management. PCI DSS VERSION 4.0: WHAT IS THE CURRENT STATUS? The PCI SSC refers to version 4.0 as the most significant change since PCI DSS v1.0, since the current version 3.2.1 no longer reflects the rapid technological changes we see in the field of IT. It must be fundamentally revised to account for technologies such as cloud services and microservices that are used more and more. PENTEST: PROTECT YOUR SYSTEMS PROACTIVELY A penetration test, or pentest for short, is an effective IT security measure to analyze the security level of your systems and applications and is often required to comply with compliance requirements. In usd pentests, our security analysts assume the role of a hacker and attempt to penetrate your company’s IT systems in a targeted

USD PCI PLATTFORM

With the purchase of a Consulting Package, usd AG offers you the option to discuss specific questions regarding the implementation of PCI DSS in your company with our security experts.Which tasks will be handled by usd consultants will be determined flexibly and according to your needs together with you. 10 TIPPS FÜR DEN UMGANG MIT HACKERANGRIFFEN 10 Tipps für den richtigen Umgang mit Hackerangriffen. usd AG 24. September 2020 Cyber Defence, Cybersecurity Tips, News. Die Realität zeigt, dass es schon lange nicht mehr ausreicht, nur präventive IT-Sicherheitsmaßnahmen zu implementieren. Ein Angriff ist nur eine

Frage der Zeit.

USD AG

Sharing Cybersecurity Know-How Is More Important Than Ever! CST Academy offers a wide range of training, expert seminars, workshops, student events and webinars. TIBER-DE, BAIT, KAIT, VAIT - Cyber security is a focus of numerous special audits in the financial sector. We help you prepare. USD AGTRANSLATE THIS PAGELEISTUNGENÜBER UNSKARRIEREUSD HEROLABCST ACADEMYNEWS & ARTIKEL Die usd AG schützt Unternehmen vor Hackern und Kriminellen. So dynamisch und vielfältig wie die Bedrohung, ist ihre Arbeit. EIN BLICK IN DEN NEUEN ENTWURF DER ISO 27002 SERVICE PROVIDER AUDIT A service provider audit is always individually tailored to the requirements relevant for you and your service providers. For example, we check: Supplier contract. Supplier management processes. Supplier policies. Suppliers incident management. Change management. PCI DSS VERSION 4.0: WHAT IS THE CURRENT STATUS? The PCI SSC refers to version 4.0 as the most significant change since PCI DSS v1.0, since the current version 3.2.1 no longer reflects the rapid technological changes we see in the field of IT. It must be fundamentally revised to account for technologies such as cloud services and microservices that are used more and more. PENTEST: PROTECT YOUR SYSTEMS PROACTIVELY A penetration test, or pentest for short, is an effective IT security measure to analyze the security level of your systems and applications and is often required to comply with compliance requirements. In usd pentests, our security analysts assume the role of a hacker and attempt to penetrate your company’s IT systems in a targeted

USD PCI PLATTFORM

With the purchase of a Consulting Package, usd AG offers you the option to discuss specific questions regarding the implementation of PCI DSS in your company with our security experts.Which tasks will be handled by usd consultants will be determined flexibly and according to your needs together with you. 10 TIPPS FÜR DEN UMGANG MIT HACKERANGRIFFEN 10 Tipps für den richtigen Umgang mit Hackerangriffen. usd AG 24. September 2020 Cyber Defence, Cybersecurity Tips, News. Die Realität zeigt, dass es schon lange nicht mehr ausreicht, nur präventive IT-Sicherheitsmaßnahmen zu implementieren. Ein Angriff ist nur eine

Frage der Zeit.

ABOUT US | USD AG

WHAT WE DO. We protect companies against hackers and criminals. Our work is as dynamic and diverse as the threat itself. As an accredited assessor, we advise and certify companies worldwide according to the specifications of the credit card industry. The experts at usd HeroLabs identify vulnerabilities in IT systems and applications. SECURITY ADVISORY 05/2021 The usd HeroLab pentesters identified vulnerabilities in products from VMWare and Bitdefender while conducting their security analyses. In close cooperation with the manufacturers, the security vulnerabilities were successfully closed.

YOUR INQUIRY

We Look Forward to Your inquiry! Do you have any questions or need assistance? Talk to us and use the following contact formular below. We will contact you as soon as possible. Phone: +49 6102 8631-190. Email: sales@usd.de. Felix Schmidt. usd Team Lead Sales. Security

Consulting.

SECURITY CONSULTING: ARTICLES AND NEWS The security consultants share their experience and know-how in various publications, lectures, research projects and specialist

groups.

SERVICE PROVIDER AUDIT A service provider audit is always individually tailored to the requirements relevant for you and your service providers. For example, we check: Supplier contract. Supplier management processes. Supplier policies. Suppliers incident management. Change management.

OUR AUDITORS

WHO WE ARE. Our security auditors have comprehensive expertise from a wide range of IT security disciplines and extensive auditing experience with companies of all sizes and industries. Our experts are happy to assist you with your audit project, too – as your USD SEMINAR: SECURE CODING FOUNDATION The seminar will be held using the Microsoft Teams meeting function. After your registration and confirmation by the CST Academy, you will receive the access data for the individual online sessions in Microsoft Teams via Email approximately one week before the seminar. USD WEBINAR RECORDINGS Missed a Webinar? Feel free to browse through our recordings.

USD-2021-0001

The fact that Windows Group Policy updates follow symbolic links during file operations can be viewed as a feature, but from our point of view it is a dangerous functionality. We encountered multiple setups where symbolic links could be used to elevate permissions from low privileged user accounts to NT AUTHORITY\SYSTEM.The Proof of Concept below demonstrates one example for such an situation.

SECURITY ADVISORIES

We share the knowledge we gain in our practical work and our research through training courses and publications. In this context, the usd HeroLab publishes a series of papers on current vulnerabilities and security issues. – always in line with our Responsible Disclosure Policy. Always in the name of our mission: “more security”. USD AGTRANSLATE THIS PAGELEISTUNGENÜBER UNSKARRIEREUSD HEROLABCST ACADEMYNEWS & ARTIKEL Die usd AG schützt Unternehmen vor Hackern und Kriminellen. So dynamisch und vielfältig wie die Bedrohung, ist ihre Arbeit.

USD AG

Sharing Cybersecurity Know-How Is More Important Than Ever! CST Academy offers a wide range of training, expert seminars, workshops, student events and webinars. TIBER-DE, BAIT, KAIT, VAIT - Cyber security is a focus of numerous special audits in the financial sector. We help you prepare. PCI DSS VERSION 4.0: WHAT IS THE CURRENT STATUS? The PCI SSC refers to version 4.0 as the most significant change since PCI DSS v1.0, since the current version 3.2.1 no longer reflects the rapid technological changes we see in the field of IT. It must be fundamentally revised to account for technologies such as cloud services and microservices that are used more and more. EIN BLICK IN DEN NEUEN ENTWURF DER ISO 27002 PENTEST: PROTECT YOUR SYSTEMS PROACTIVELY A penetration test, or pentest for short, is an effective IT security measure to analyze the security level of your systems and applications and is often required to comply with compliance requirements. In usd pentests, our security analysts assume the role of a hacker and attempt to penetrate your company’s IT systems in a targeted ZAIT – DAS NEUE REGELWERK DER BAFIN ZAIT – Das neue Regelwerk der BaFin für Zahlungs- und E-Geld-Institute. usd AG 14. April 2021 Financial Sector & Compliance, News. Zunehmende Digitalisierung und ein signifikanter Anstieg des Online-Geschäfts rücken nun auch die bereits regulierten Zahlungsdienstleister in den Fokus der BaFin-Sicherheitsbestrebungen.

USD PCI PLATTFORM

With the purchase of a Consulting Package, usd AG offers you the option to discuss specific questions regarding the implementation of PCI DSS in your company with our security experts.Which tasks will be handled by usd consultants will be determined flexibly and according to your needs together with you. 10 TIPPS FÜR DEN UMGANG MIT HACKERANGRIFFEN 10 Tipps für den richtigen Umgang mit Hackerangriffen. usd AG 24. September 2020 Cyber Defence, Cybersecurity Tips, News. Die Realität zeigt, dass es schon lange nicht mehr ausreicht, nur präventive IT-Sicherheitsmaßnahmen zu implementieren. Ein Angriff ist nur eine

Frage der Zeit.

USD AGTRANSLATE THIS PAGELEISTUNGENÜBER UNSKARRIEREUSD HEROLABCST ACADEMYNEWS & ARTIKEL Die usd AG schützt Unternehmen vor Hackern und Kriminellen. So dynamisch und vielfältig wie die Bedrohung, ist ihre Arbeit.

USD AG

Sharing Cybersecurity Know-How Is More Important Than Ever! CST Academy offers a wide range of training, expert seminars, workshops, student events and webinars. TIBER-DE, BAIT, KAIT, VAIT - Cyber security is a focus of numerous special audits in the financial sector. We help you prepare. PCI DSS VERSION 4.0: WHAT IS THE CURRENT STATUS? The PCI SSC refers to version 4.0 as the most significant change since PCI DSS v1.0, since the current version 3.2.1 no longer reflects the rapid technological changes we see in the field of IT. It must be fundamentally revised to account for technologies such as cloud services and microservices that are used more and more. EIN BLICK IN DEN NEUEN ENTWURF DER ISO 27002 PENTEST: PROTECT YOUR SYSTEMS PROACTIVELY A penetration test, or pentest for short, is an effective IT security measure to analyze the security level of your systems and applications and is often required to comply with compliance requirements. In usd pentests, our security analysts assume the role of a hacker and attempt to penetrate your company’s IT systems in a targeted ZAIT – DAS NEUE REGELWERK DER BAFIN ZAIT – Das neue Regelwerk der BaFin für Zahlungs- und E-Geld-Institute. usd AG 14. April 2021 Financial Sector & Compliance, News. Zunehmende Digitalisierung und ein signifikanter Anstieg des Online-Geschäfts rücken nun auch die bereits regulierten Zahlungsdienstleister in den Fokus der BaFin-Sicherheitsbestrebungen.

USD PCI PLATTFORM

With the purchase of a Consulting Package, usd AG offers you the option to discuss specific questions regarding the implementation of PCI DSS in your company with our security experts.Which tasks will be handled by usd consultants will be determined flexibly and according to your needs together with you. 10 TIPPS FÜR DEN UMGANG MIT HACKERANGRIFFEN 10 Tipps für den richtigen Umgang mit Hackerangriffen. usd AG 24. September 2020 Cyber Defence, Cybersecurity Tips, News. Die Realität zeigt, dass es schon lange nicht mehr ausreicht, nur präventive IT-Sicherheitsmaßnahmen zu implementieren. Ein Angriff ist nur eine

Frage der Zeit.

USD AG

Sharing Cybersecurity Know-How Is More Important Than Ever! CST Academy offers a wide range of training, expert seminars, workshops, student events and webinars. TIBER-DE, BAIT, KAIT, VAIT - Cyber security is a focus of numerous special audits in the financial sector. We help you prepare. SECURITY ADVISORY 05/2021 The usd HeroLab pentesters identified vulnerabilities in products from VMWare and Bitdefender while conducting their security analyses. In close cooperation with the manufacturers, the security vulnerabilities were successfully closed.

ABOUT US | USD AG

WHAT WE DO. We protect companies against hackers and criminals. Our work is as dynamic and diverse as the threat itself. As an accredited assessor, we advise and certify companies worldwide according to the specifications of the credit card industry. The experts at usd HeroLabs identify vulnerabilities in IT systems and applications. PCI SECURITY SERVICES PCI SECURITY SERVICES. Since 2004, usd AG has been operating as an assessor accredited by the PCI Security Standards Council (PCI SSC) in all relevant standards of the Payment Card Industry. We are one of the leading Qualified Security Assessor (QSA) in Central Europe. Our PCI specialists contribute their expertise to more than 200 companies

CST ACADEMY EVENTS

HACKING NIGHT. Over pizza and Club Mate, this night at CST Academy is all about challenge and victory! As a team, you prove your methodological know-how, your creativity and your endurance during this “real life penetration testing”. Events are only held in German. Please ask us about events in English as well as events tailored to your needs.

USD HEROLAB

Security Advisory 04/2021 6. May 2021. Security Advisory 03/2021 7. April 2021. Security Advisory 02/2021 26. February 2021

PCI BERATUNG

PCI BERATUNG. Bei konkreten Fragestellungen zum PCI DSS unterstützen Sie unsere PCI DSS-Sicherheitsexperten durch unsere individuell durchgeführten PCI DSS Beraterpakete per Telefon- oder Webkonferenz. Wählen Sie anhand Ihres Beratungsbedarfs zwischen den Varianten KLEIN (bis zu 2 Stunden), MITTEL (bis zu 4 Stunden) und GROSS (bis zu 8 PENTEST: SCHÜTZEN SIE IHRE SYSTEME PROAKTIV Ein Penetrationstest, kurz Pentest, ist eine effektive IT-Sicherheitsmaßnahme, um das Sicherheitsniveau Ihrer Systeme und Applikationen zu überprüfen und Compliance-Anforderungen einzuhalten. Bei usd Pentests schlüpfen unsere Security Analysten für Sie in die Rolle eines Angreifers und versuchen mit jenen Methoden und Mitteln, die auch

SECURITY ADVISORIES

We share the knowledge we gain in our practical work and our research through training courses and publications. In this context, the usd HeroLab publishes a series of papers on current vulnerabilities and security issues. – always in line with our Responsible Disclosure Policy. Always in the name of our mission: “more security”. : USD PCI DSS PLATTFORM, USD AGTRANSLATE THIS PAGE usd PCI DSS Plattform: Sicherheit bei Kreditkartenzahlungen, Security Scans, PCI DSS Beratung und Zertifizierung, Full Service Provider für Webshops und Unternehmen

__ Navigation

* Leistungen

* PCI Security Services

* PCI DSS

* PCI PA-DSS

* Software Security Framework

* PCI P2PE

* PCI 3DS

* PCI PIN

* PCI Compliance Programm

* PCI DSS Plattform

* PCI Security Scans / ASV Scans * Referenzen & Fachartikel

* FAQ

* Security Analysis & Pentests

* Pentest

* Code Review

* Security Scans

* Digitale Forensik

* Bug-Bounty-Programm

* Secure App

* Vulnerability Management * Management & Organisation

* Live Hacking

* Fachartikel & News * Security Consulting

* Unsere Experten

* Unsere Kompetenzfelder * Informationssicherheit im Finanzwesen * Fachartikel & News

* Über uns

* Karriere

* usd HeroLab

* CST Academy

* Mission

* Events

* Community

* CST Academy kompakt

* News

* English

* Search __ Search

* Leistungen

__

* PCI Security Services

__

* PCI DSS

* PCI PA-DSS

* Software Security Framework

* PCI P2PE

* PCI 3DS

* PCI PIN

* PCI Compliance Programm

* PCI DSS Plattform

* PCI Security Scans / ASV Scans * Referenzen & Fachartikel

* FAQ

* Security Analysis & Pentests

__

* Pentest

* Code Review

* Security Scans

* Digitale Forensik

* Bug-Bounty-Programm

* Secure App

* Vulnerability Management * Management & Organisation

* Live Hacking

* Fachartikel & News * Security Consulting

__

* Unsere Experten

* Unsere Kompetenzfelder * Informationssicherheit im Finanzwesen * Fachartikel & News

* Über uns

* Karriere

* usd HeroLab

* CST Academy

__

* Mission

* Events

* Community

* CST Academy kompakt

* News

* English

* Search __ Search

more security.

Wir schützen Unternehmen vor Hackern und Kriminellen.

more security.

Wir schützen Unternehmen vor Hackern und Kriminellen. „Wir erkennen technische Schwachstellen und geben konkrete Empfehlungen. Scans, Pentests und forensische Untersuchungen des usd HeroLabs liefern belastbare Ergebnisse.“

MIT HÖCHSTER

TECHNISCHER EXPERTISE. Christian Frei, Head of usd HeroLab

MIT TECHNISCHER

EXPERTISE.

„Die Compliance Anforderungen im Bereich Security steigen stetig. Mit unserem Wissen aus hunderten PCI Assessments begleiten wir Sie zur erfolgreichen Zertifizierung.“ ALS ASSESSOR UND PCI QSA. Christopher Kristes, Head of Security Audits & PCI Christopher Kristes, Head of PCI Security Services ALS AUDITOR UND PCI QSA. „Unser interdisziplinäres Team an Security Consultants unterstützt Sie genau dort, wo es fehlt. IT-Security. Organisation. Compliance. Der Einstieg erfolgt über den Dialog mit Ihnen.“

ALS BERATER.

Andrea Tubach,

Head of Security Consulting

Andrea Tubach,

Head of Security Consulting Andrea Tubach, Head of Security Consulting

ALS BERATER.

„Unsere Leistungen sind so vielfältig wie die Bedrohung. Um es kurz zu machen: Wenn wir gebraucht werden, sind wir da.“

WENN ES DRAUF

ANKOMMT.

Andreas Duchmann,

Vorstand, Fachvertrieb & Business Development

Andreas Duchmann,

Vorstand, Fachvertrieb & Business Development

WENN ES DRAUF

ANKOMMT.

„Mehr Sicherheit gelingt besser, wenn die Guten zusammenhalten. Die CST Academy ist ein Beitrag der usd AG zum Aufbau einer Cyber Security Community. Austausch. Wissenstransfer. Gemeinsam

handeln.“

ALS TEIL DER COMMUNITY. Mareike Gass, CST Academy ALS TEIL DER COMMUNITY.

NEWS

BAIT, VAIT & KAIT – ERFAHRUNGEN UNSERER IT-SECURITY-EXPERTEN MIT DEN ANFORDERUNGEN AN DIE IT

14. Mai 2020

SECURITY ADVISORY 04/2020

29. April 2020

WIE SICHER IST IHRE HOMEOFFICE-UMGEBUNG?

24. April 2020

USD AG

* Über uns

* Kontakt

* Impressum

* Datenschutz

BAIT, VAIT & KAIT – ERFAHRUNGEN UNSERER IT-SECURITY-EXPERTEN MIT DEN ANFORDERUNGEN AN DIE IT

14. Mai 2020

SECURITY ADVISORY 04/2020

29. April 2020

WIE SICHER IST IHRE HOMEOFFICE-UMGEBUNG?

24. April 2020

Follow us:

* Über uns

* Kontakt

* Impressum

* Datenschutz

__

Close the

Content Dock

Diese Seite verwendet Cookies. This site uses cookies. Mehr dazu. Read

more. OK