Lucene search
+L
CoalfireMost viewed

603 matches found

coalfire
coalfire
added 2020/03/31 4:39 p.m.33 views

COVID-19 Pandemic Stresses the Importance of Business Continuity

One of the more critical aspects of organizational risk management is that of Business Continuity. Many organizations overlook the importance of developing and instituting a Business Continuity Plan BCP...

1.7AI score
Exploits0
coalfire
coalfire
added 2020/11/10 3:26 p.m.32 views

Coalfire and HITRUST – 9 years, 1,000 engagements and counting

Since 2007, HITRUST® has offered programs that protect sensitive information and allow organizations to manage information risk globally across all industries and throughout the supply chain. In collaboration with information security, privacy, and risk management leaders from public and private...

1.6AI score
Exploits0
coalfire
coalfire
added 2020/01/21 9:47 p.m.32 views

The Basics of Exploit Development 1: Win32 Buffer Overflows

In this article we will cover the creation of an exploit for a 32-bit Windows application vulnerable to a buffer overflow using X64dbg and the associated ERC plugin. As this is the first article in this series, we will be looking at an exploit where we have a complete EIP overwrite and ESP points...

2.6AI score
Exploits0
coalfire
coalfire
added 2023/11/07 7:21 p.m.31 views

Navigating the AI security landscape: From executive orders to cyber resilience

Explore the implications of the US Executive Order, discover the challenges and solutions in AI development, and learn how Coalfire's tailored approach ensures robust AI risk management...

7.3AI score
Exploits0
coalfire
coalfire
added 2021/12/04 1:47 a.m.31 views

Preparing for DevSecOps transformation

The latest report from Coalfires prestigious Cloud Advisory Board CAB, consisting of some of the worlds most experienced C-level cyber leaders and cloud security thought leaders from Coalfire, provides some of the most significant insight and timely advice for cybersecurity leaders in 2022 and...

2.1AI score
Exploits0
coalfire
coalfire
added 2021/05/25 3:14 p.m.31 views

Payments paradigm shift

Crypto assets have been around for over a decade, and with the recent Coinbase IPO, we believe we are well past the point of calling this a "passing fad." In fact, we believe that crypto assets -- particularly bitcoin -- have now passed the tipping point from being considered an unconventional...

2.1AI score
Exploits0
coalfire
coalfire
added 2021/01/11 4:44 p.m.31 views

New cybersecurity legislation to amend the Health Information Technology for Economic and Clinical Health (HITECH) Act – an analysis of H.R. 7898

New legislation was passed by Congress and signed by the president on January 5, 2021 that amends the HITECH Act with an additional section titled: SEC. 13412. RECOGNITION OF SECURITY PRACTICES. The fundamental driver for amending HITECH is to ensure the secretary of Health and Human Services HHS...

1.5AI score
Exploits0
coalfire
coalfire
added 2020/12/18 4:10 p.m.31 views

Deploying your first Blueprints

Welcome back to the fourth and final part of this Azure Blueprints series. This section covers how to use some Blueprints provided by Microsoft and how to get started writing your Blueprints for managing your Azure Governance. Specifically, we will look more closely at a FedRAMP use case...

2.5AI score
Exploits0
coalfire
coalfire
added 2020/10/15 6:40 p.m.31 views

Getting around the cybersecurity talent shortage

More remote workers mean larger attack surfaces, and as cyber criminals take advantage of the rush to provision a remote workforce, the pain of the cybersecurity professionals shortage has become acute. Last year, the ISC2 Workforce Study identified a shortage of 561,000 cybersecurity professiona...

2.5AI score
Exploits0
coalfire
coalfire
added 2020/04/07 3:15 p.m.31 views

Controlling Cyber Risk for Teleworkers with HITRUST

Organizations across the globe have sent workers home to avoid spreading the Coronavirus and, as a result, technology leaders are hard-pressed to create cyber-safe work-from-home environments. Organizations must quickly identify and treat new cybersecurity risks introduced by the newly formed...

3AI score
Exploits0
coalfire
coalfire
added 2020/12/18 7:31 p.m.30 views

The Edge of a Storm?

The SolarWinds element of this breach is likely just the tip of the iceberg as many more businesses leveraging their management tools are exposed to this compromise. Not necessarily from the nation state actor believed to have triggered it, but from the potential sell off of those points of acces...

0.9AI score
Exploits0
coalfire
coalfire
added 2020/12/10 5:35 p.m.30 views

The California Privacy Rights Act (CPRA)

The California Privacy Rights Act CPRA was passed in November by voters in California. Adding another entry to the alphabet soup that is privacy regulations, the CPRA known as Proposition 24 when it was on the ballot expands on the states landmark consumer privacy law, the California Consumer...

2.8AI score
Exploits0
coalfire
coalfire
added 2020/03/31 5:29 p.m.30 views

What Will Happen to My ISO Certificate During a Global Pandemic?

As the coronavirus outbreak continues and safety concerns relating to travel and large group meetings increase globally, Coalfire ISO "CFISO" has been monitoring the effects of this crisis on both its customers and its employees. As a certification body, CFISO maintains accreditation with both th...

1AI score
Exploits0
coalfire
coalfire
added 2020/03/30 10:58 p.m.30 views

Compliance in the Cloud - Effective Strategies to Ensure Success

It's no secret that the principles, controls, and terminology associated with compliance can be a confusing alphabet soup that hinders an organization's ability to go-to-market and expand its customer base. The difficulties in meeting compliance objectives are not limited to organization size or...

1.8AI score
Exploits0
coalfire
coalfire
added 2020/03/11 11:47 p.m.30 views

Third Party Risk Management and the Cloud

Security awareness and preparation are getting more widespread. Corporate boards and C-suite executives are taking Third-Party Risk Management TPRM more seriously as they see what has happened to other enterprises in the not-so-distant past. I am speaking primarily of the top-level enterprises, b...

0.5AI score
Exploits0
coalfire
coalfire
added 2021/05/17 5:37 p.m.29 views

Cybersecurity opportunities for the public and private sectors

Im happy to share a new paper by Cynergy Partners, co-authored by Coalfire board member, Jim Pflaging, titled Cybersecurity Opportunities for the Public and Private Sectors...

1.6AI score
Exploits0
coalfire
coalfire
added 2020/12/16 2:45 p.m.29 views

Blueprints scopes and assignments

Welcome back for part three of four in our Blueprint technical series. Today were covering the governance and lifecycle controls of Blueprints within an Azure tenant. There is a lot of power in what Blueprints provide, and this tooling needs to be managed across multiple subscriptions or...

1.2AI score
Exploits0
coalfire
coalfire
added 2023/10/17 8:13 p.m.28 views

The benefits of using the new Data Privacy Framework

After the Schrems II ruling by the Court of Justice of the European Union, legal cross-border transfers of personal data from the EU to the U.S. became a key issue for U.S. businesses. After years of negotiations with the EU, the EU and U.S. have developed and agreed upon an adequate system for...

6.9AI score
Exploits0
coalfire
coalfire
added 2020/04/07 7:45 p.m.28 views

Developing COVID-19 outbreak communication and adjustment to planned assessment activities

As the coronavirus outbreak continues and safety concerns relating to travel and large meeting groups increase globally, Coalfires Payments Assurance Practice has been monitoring the effect of this crisis on both its customers and its employees. As a Qualified Security Assessor Company QSAC,...

7.1AI score
Exploits0
coalfire
coalfire
added 2020/01/15 11:22 p.m.28 views

Windows Update Warning

Coalfire is issuing this notice to alert our clients about a very important set of updates that were issued by Microsoft, as well as a pre-release announcement released by Oracle. While these are commonly handled through modern enterprise patch management systems, we want to underscore the...

3.4AI score
Exploits0
coalfire
coalfire
added 2019/01/21 10:13 p.m.27 views

The California Consumer Privacy Act: Will It Apply to Your Organization?

In August 2018, California issued a revised version of a new consumer privacy law--the California Consumer Privacy Act CCPA. This statute goes into effect on January 1, 2020 and provides broad privacy protections to California consumers. This statute will have wide-ranging effects outside of...

4.2AI score
Exploits0
coalfire
coalfire
added 2013/11/26 6:7 p.m.27 views

The Ponemon Institute 2013 Cost of Cyber Crime Study is out

Before anyone else conjures up the image of Steve Martin in the Jerk running down the street with the new phone book and declaring the obvious to all around him, lets put this study in perspective. There is nothing new or unexpected in the 2013 study. We have had it confirmed that cybercrime is...

1.5AI score
Exploits0
coalfire
coalfire
added 2023/06/05 6:8 p.m.26 views

Leveraging AppSec vendors amidst layoffs

The tech sector has been hit hard with layoffs and cutbacks, driving more companies to outsource their IT needs. Is it time for your organization to make the transition?...

7AI score
Exploits0
coalfire
coalfire
added 2023/06/01 6:4 p.m.26 views

Accelerate compliance with the Landing Zone Accelerator on AWS

Increasing complex compliance requirements is placing a heavy burden on security leaders. To better support organizations' pursuit of FedRAMP High Compliance, AWS launched the Landing Zone Accelerator on AWS. We conducted a thorough evaluation of the solution and shared our findings in the new LZ...

6.9AI score
Exploits0
coalfire
coalfire
added 2022/01/27 10:6 p.m.26 views

Privacy-by-design… not by accident

The concept of privacy-by-design was actually devised almost 30 years ago by Ann Cavoukian, PhD, former Ontario Information and Privacy Commissioner. If youre reading a blog about privacy, chances are good you have at least a passing familiarity with Dr. Cavoukians seminal contribution to the...

2.8AI score
Exploits0
coalfire
coalfire
added 2020/03/20 3:11 p.m.26 views

Keeping Privacy Afloat During a Pandemic

The world is navigating uncharted digital waters and facing evolving challenges to maintain patient privacy. Protected Health Information PHI is a ship sailing in a sea of digital risks and vulnerabilities. Humans wreak havoc at every turn - not always intentionally - and actions during times of...

2AI score
Exploits0
coalfire
coalfire
added 2018/04/27 6:4 p.m.26 views

RSA 2018 recap: GDPR, Increasing Visibility and Transparency of Cloud Security

RSA 2018 is in the books! The event welcomed 42,000 attendees to San Francisco, including cybersecurity professionals, vendors, media, and analysts. The themes of visibility and transparency repeatedly came up in discussions and presentations as organizations grapple with ever-increasing data flo...

2.1AI score
Exploits0
coalfire
coalfire
added 2021/06/08 5:43 p.m.25 views

What you need to know: Transitioning CSA STAR for Cloud Controls Matrix 4.0

In January of this year, the Cloud Security Alliance CSA released a major revision to its widely adopted Cloud Controls Matrix CCM in the form of version 4.0. This comes in the middle of a calendar year where several alternative information security frameworks are also expected to be refined,...

1.3AI score
Exploits0
coalfire
coalfire
added 2021/02/24 8:13 p.m.25 views

Success stories in cybersecurity and information technology

RISE is Coalfires initiative to Recruit, Influence, Support, and Educate women in cybersecurity. I am honored to have been invited to be an active member of the RISE steering committee and help contribute to this worthy cause...

2.7AI score
Exploits0
coalfire
coalfire
added 2020/04/16 3:45 p.m.25 views

How the COVID-19 epidemic is like cybersecurity

Today, every citizen is on the front lines of the epidemic. We are flooded with information about staying safe, keeping an eye out, and left to process unfamiliar language. We are all suddenly doctors and epidemiologists analyzing information and predicting how the world is changing. With countle...

6.7AI score
Exploits0
coalfire
coalfire
added 2018/09/28 4:13 p.m.25 views

Waiting, Waiting, Waiting... Is There a Right Time for Breach Notification?

Recently, a popular online retailer revealed a month-long data breach. Card-skimming code was found capturing customer credit card data from the payment page of its website and sending that data to what appeared to be a legitimate server with a similar domain name and a valid HTTPS certificate. T...

0.3AI score
Exploits0
coalfire
coalfire
added 2018/06/26 5:37 p.m.25 views

The CMS Allows Health Plans to Host Their Own Enrollment Applications for Improved Consumer Experience

As part of the ongoing implementation of the Affordable Care Act ACA, the Centers for Medicare and Medicaid Services CMS recently began permitting direct enrollment entities qualified health plan issuers and web-brokers to host their own enrollment applications on their websites instead of proxyi...

2.2AI score
Exploits0
coalfire
coalfire
added 2018/03/22 5:56 p.m.25 views

On Padding Oracle Attacks

Poodle is a vulnerability found in late 2014, and it is still occasionally seen during penetration tests. The vulnerability allows an attacker with a man-in-the-middle position to downgrade a secure connection between a client and a server to the vulnerable SSLv3. After the connection is...

2.8AI score
Exploits0
coalfire
coalfire
added 2017/06/27 11:16 p.m.25 views

Petya/NotPetya: What It Is, and What You Can Do Right Now

Just when we thought there were no more tears left in the wake of WannaCry, its time to pull out the tissues yet again for the latest global cyber incident: introducing "NotPetya," the most recent ransomware variant to creep across continents and affect companies across many industries. Please re...

2.2AI score
Exploits0
coalfire
coalfire
added 2020/04/14 4:34 p.m.24 views

Minimize business disruption and move forward with solid assessment guidance

COVID-19 has seized the worlds attention by disrupting the economy, the workforce, and our personal lives. While no one knows when this pandemic is going to end or its lasting impact, Coalfire is listening closely to our customers and doing everything we can to minimize disruption to their...

6.9AI score
Exploits0
coalfire
coalfire
added 2018/03/26 4:24 p.m.24 views

A Good Shell Is Hard to Choose

I had the recent opportunity to speak at BSides SLC, held on the Sandy campus of Salt Lake Community College. I tailored my presentation to the student demographic and chose to talk about one of the fundamental concepts that a penetration tester must understand: types of shells. I touched on the...

1AI score
Exploits0
coalfire
coalfire
added 2018/02/21 11:39 p.m.24 views

The HITRUST CSF Version 9.1 Release – How It Could Apply to Your Organization

If youre familiar with the Health Information Trust Alliance HITRUST Common Security Framework CSF, then youre likely aware that HITRUST revises the CSF requirements twice annually to account for new regulations, technologies, and business models affecting the security of Protected Health...

2.2AI score
Exploits0
coalfire
coalfire
added 2016/11/11 2:45 p.m.24 views

Yahoo / Verizon: A $1B Data Breach Discount?

In July of this year Verizon announced it was going to buy Yahoo for $4.8B. A few weeks later, Yahoo starts investigating a potential data breach of around 200 million records that were for sale on the Dark Web. In mid-September, Yahoo discloses that sometime in 2014, they were attacked and rough...

0.7AI score
Exploits0
coalfire
coalfire
added 2016/11/11 12:55 p.m.24 views

Optimizing your PCI Compliance Investments

Everybody knows that the cost of a breach is high. Given the fact that the chance of a data breach for all merchants is nearly 1-in-4, its important to not only have PCI compliance in place, but also the right solutions to optimize your compliance spend...

2AI score
Exploits0
coalfire
coalfire
added 2016/01/19 4:6 p.m.24 views

What You Need to Know From the Cybersecurity Act of 2015: Part One

On Dec. 18, 2015, President Obama signed into law an omnibus spending bill that included the Cybersecurity Act of 2015 "The Act". The Act was a compromise of cybersecurity information sharing bills that passed the House and Senate earlier in 2015. It creates a voluntary process for sharing...

1.6AI score
Exploits0
coalfire
coalfire
added 2012/07/18 12:58 p.m.24 views

Coalfire Certificates: Proof of a Job Well Done

Most security professionals don't like to boast about their good work. They would rather stay behind the scenes to keep systems and data protected from harm. However, companies also need to let customers and business partners know that they have a security program and are compliant with applicabl...

1.3AI score
Exploits0
coalfire
coalfire
added 2011/04/26 12:53 a.m.24 views

Trust the ‘Cloud’ (just make sure you have it examined first)

In the wake of Amazons Web Service disruption over the past few days we think it is important to look at the case a little closer...

2AI score
Exploits0
coalfire
coalfire
added 2022/05/03 6:47 p.m.23 views

Hacking Ham Radio: WinAPRS – Part 4

In part three of this series, we discovered and traced a memory corruption bug in WinAPRS using IDA Pro and WinDbg. We discovered that it could be used to gain control over the CPUs EIP register to obtain remote code execution. We found that there were limitations on the address that could be...

0.6AI score
Exploits0
coalfire
coalfire
added 2021/09/14 3:29 p.m.23 views

The business case to expand ISO 27001 certification with privacy controls

Third-party inspections of organizational privacy risk remain a novel trend. Only five years ago, the most basic of common controls frameworks for this risk taxonomy did not even exist. Today, privacy has captured the collective global consciousness. Every segment, from regulators and industry...

2.5AI score
Exploits0
coalfire
coalfire
added 2020/09/14 10:48 p.m.23 views

Offensive Security Testing Using Cloud Tools

When performing offensive security testing, assessors sometimes run into issues where their source IP address gets blacklisted. For example, we might be performing a web application test and, due to the many suspicious queries being performed, our IP address is suddenly blocked. While on the...

1.1AI score
Exploits0
coalfire
coalfire
added 2019/05/20 6:17 p.m.23 views

pymetasploit3 – Metasploit Automation Library

Have a checklist of tasks you perform every penetration test, such as SSH bruteforcing or port mapping? Automate it with Python and Metasploit! Unfortunately, there hasnt been a working, full-featured Python library for making these tasks easy for many years now. This changes today...

2.6AI score
Exploits0
coalfire
coalfire
added 2018/09/11 10:15 a.m.23 views

From OSINT to Internal: Gaining Domain Admin from Outside the Perimeter

When I first began working at Coalfire in early 2017, I couldnt wait to get started pentesting professionally for the first time. When I finally got tasked with my first gig, I dove right in. I was tasked to perform an assessment of the external network. After hitting all known servers and web...

1.3AI score
Exploits0
coalfire
coalfire
added 2017/05/02 9:24 p.m.23 views

Meeting FedRAMP and Government Standards – Coalfire Securealities Report

Coalfire released the results of its first annual FedRAMP Marketplace report - Securing Your Cloud Solutions: Research and Analysis on meeting FedRAMP and Government Standards. The findings highlight many positives for cloud service providers and federal agencies, but also opportunities for both ...

1.1AI score
Exploits0
coalfire
coalfire
added 2014/10/31 2:34 p.m.23 views

The PCI Enforcement Hammer is Ready to Drop

The time for nervous anticipation for PCI breach response is over …. VISA has issued dramatic PCI Data Security Standard Compliance enforcement guidance for Level 1 and 2 merchants and all Service Providers. Effective January 1st, 2015, noncompliance costs will be applied sooner and will escalate...

2.3AI score
Exploits0
coalfire
coalfire
added 2014/10/15 3:18 p.m.23 views

POODLE vulnerability assessment

Vulnerability Summary: The POODLE vulnerability is due to a bug in SSL protocol, whereas Heartbleed and Shellshock were vulnerability due to a bug in software. Heartbleed and Shellshock were confined to systems that ran vulnerable versions of software, whereas POODLE affects any system running an...

1.4AI score
Exploits0
Total number of security vulnerabilities603