In this issue you will find details of two vulnerability advisories recently
published by ProCheckUp in conjunction with the UK NISCC.
ProCheckUp is also delighted to announce that it is now a Qualified Security
Assessor (QSA) able to assist Level 1 Merchants in becoming PCI DSS
compliant.
Also a successful lunch was held at The Ivy for the formal presentation of its SC Magazine 'Highly Commended' Award by Paul Fisher, editor of SC Magazine.
Yours sincerely,
Steve Knight
Marketing Manager
ProCheckUp and the UK NISCC have now released details of two new security risks this month.
The first is the incorrect use of filtering in .Net web applications. NISCC were forwarded a
number of possible attack vectors by ProCheckUp's Vulnerability Research Team which bypass the inbuilt ASP.NET request filtering. The
second is a cross site scripting vulnerability in IBM Websphere, which can lead to
possible remote code execution on a client's system.
ProCheckUp is delighted to announce this month that it has achieved Qualified Security Assessor (QSA) status from Visa Europe and is able to assist Level 1 Merchants looking to become PCI DSS compliant by providing Gap Analysis and onsite audit services in addition to the quarterly scanning and annual penetration testing requirements.
The ProCheckUp PCI DSS User Group will have its next meeting in Central London in mid-January. These meetings provide an opportunity for merchants to discuss their PCI DSS related issues and share experiences with fellow professionals in a relaxed environment. For more information on the User Group and details of how to join visit our website.
According to APACS, the first half of 2006 has seen a 55% rise in online bank fraud losses to £22.5 million,
compared with the same period in 2005. This is mainly due to phishing scams, which have increased dramatically from 312 in 2005 to 5059 in 2006 – a rise of 1471 %.
