Risk
11/13/2006
07:01 AM
Connect Directly
RSS
E-Mail
50%
50%

StillSecure Gets Approval

StillSecure announced that StillSecure VAMT meets critical PCI compliance standards

SUPERIOR, Colo. -- StillSecureR, provider of an award- winning, integrated suite of enterprise network security solutions, today announced that StillSecure VAMT, the company's enterprise vulnerability management platform, meets critical PCI compliance standards. PCI is the Payment Card Industry Data Security Standard which applies to all members, merchants, and service providers that store, process or transmit credit cardholder data.

Coalfire Systems, Inc., a Qualified Security Assessor (QSA) and Qualified Payment Application Security Company, assessed VAM against relevant PCI standards and best practices. The assessment determined that VAM is successfully meeting critical PCI testing criteria for identifying and managing security vulnerabilities.

"When implemented properly, VAM's functionality provides system and security administrators a key control to manage vulnerabilities around the cardholder environment," said Kennet Westby, Chief Technology Officer at Coalfire Systems. "StillSecure VAM is a vital component to the payment card environment data security. It helps clients meet core PCI control objectives for vulnerability management."

StillSecure

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5619
Published: 2014-09-29
The Sleuth Kit (TSK) 4.0.1 does not properly handle "." (dotfile) file system entries in FAT file systems and other file systems for which . is not a reserved name, which allows local users to hide activities it more difficult to conduct forensics activities, as demonstrated by Flame.

CVE-2012-5621
Published: 2014-09-29
lib/engine/components/opal/opal-call.cpp in ekiga before 4.0.0 allows remote attackers to cause a denial of service (crash) via an OPAL connection with a party name that contains invalid UTF-8 strings.

CVE-2012-6107
Published: 2014-09-29
Apache Axis2/C does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

CVE-2012-6110
Published: 2014-09-29
bcron-exec in bcron before 0.10 does not close file descriptors associated with temporary files when running a cron job, which allows local users to modify job files and send spam messages by accessing an open file descriptor.

CVE-2013-1874
Published: 2014-09-29
Untrusted search path vulnerability in csi in Chicken before 4.8.2 allows local users to execute arbitrary code via a Trojan horse .csirc in the current working directory.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
In our next Dark Reading Radio broadcast, we’ll take a close look at some of the latest research and practices in application security.