Lucene search
+L
CoalfireMost viewed

603 matches found

coalfire
coalfire
added 2023/09/18 6:57 p.m.22 views

A rundown of the OWASP top 10 for large language model applications

As part of the Open Worldwide Application Security Project OWASP AI Project, a community of international experts published a list of the top 10 critical vulnerabilities seen in Large Language Model LLM applications...

7.1AI score
Exploits0
coalfire
coalfire
added 2022/04/01 5:26 p.m.22 views

An integrated approach to security audits

A cyberattack can be devastating to any organization because it compromises sensitive data and, as a result, the financial position, strategic vision, and more important, the trust and credibility that the enterprise has built over the years. Given the magnitude of this risk, what role does the I...

6.9AI score
Exploits0
coalfire
coalfire
added 2021/09/07 4:56 p.m.22 views

Rumors of an upcoming, major change to ISO 27002

Of the thousands of international standards published by the International Organization for Standardization ISO, some of the most popular ISO standards are management system standards, such as the well-known ISO 9001 standard for quality management and ISO 27001 for information security managemen...

1.9AI score
Exploits0
coalfire
coalfire
added 2021/08/31 4:18 p.m.22 views

Lift and drag: confronting complacency and disrupting inertia in cybersecurity strategy

Within corporate cybersecurity, resistance presents in a variety of forms. Individuals and institutions alike often face overwhelming peer pressure to "keep doing what made us successful in the past." In the face of that pressure, it can be difficult to generate or sustain momentum toward...

2.3AI score
Exploits0
coalfire
coalfire
added 2020/07/10 4:18 p.m.22 views

The Basics of Exploit Development 4: Unicode Overflows

If you have read the previous articles in this series, welcome back and keep reading. If not, I would encourage you to read those first before proceeding, as this article builds on concepts laid down in the previous installments. In this article, we will be covering a technique similar to the one...

1.4AI score
Exploits0
coalfire
coalfire
added 2020/02/20 4:8 p.m.22 views

Attention Payment Application Developers: Begin Your Transition from the PA-DSS to the PCI SSF Today

The Payment Card Industry PCI Council plans to formally retire the Payment Application Data Security Standard PA-DSS in October 2022 and replace it with the PCI Software Security Framework SSF. For vendors, the new framework expands program eligibility with improved support for evolving...

2.6AI score
Exploits0
coalfire
coalfire
added 2018/05/23 6:57 p.m.22 views

Exploiting an Unsecured Dell Foglight Server

Dell Foglight for Virtualization is an infrastructure performance monitoring tool that can also be used to manage systems as well. It comes configured with a default username and password of "foglight."...

0.7AI score
Exploits0
coalfire
coalfire
added 2016/07/08 6:28 p.m.22 views

What you need to know: Navigating EU Data Protection changes – EU-US Privacy Shield and EU General Data Protection Regulation

If youre an organization with trans-Atlantic presence that transmits and stores European citizen data e.g. employee payroll & HR data, client & prospect data in the U.S. you will want to pay attention. What we will discuss was administered under the European Unions Data Protection Directive and a...

1.1AI score
Exploits0
coalfire
coalfire
added 2023/11/20 9:38 p.m.21 views

Navigating the AI security landscape: The federal push for responsible AI adoption

This blog post discusses the U.S. government's commitment to responsible AI through the Executive Order and proposed legislation, outlines key provisions for AI risk management, highlights efforts to strengthen federal AI governance, and emphasizes Coalfire's role in promoting responsible AI...

7.5AI score
Exploits0
coalfire
coalfire
added 2022/04/14 7:15 p.m.21 views

Penetration testing and red teaming: The differences and reasons why both are important to your business

Penetration testing, also known as ethical hacking, white-hat hacking, or pen testing, is one important form of security assessment that tests people, process, and technology to find security vulnerabilities that a potential attacker could exploit. Red teaming is a more targeted approach that...

0.9AI score
Exploits0
coalfire
coalfire
added 2021/12/16 12:1 a.m.21 views

Coalfire celebrates a decade as HITRUST assessor

Coalfire is incredibly excited for 2022. We are fully committed to developing world-class solutions for our teams and customers. On the immediate horizon is the newly announced i1 assessment, and were eagerly anticipating more news regarding CSFv10. Alongside these developments from HITRUST, were...

2.7AI score
Exploits0
coalfire
coalfire
added 2020/08/27 5:44 p.m.21 views

The impact of Covid-19 on SOC reporting

The audit cycle for organizations that receive SOC reports includes new challenges related to Covid-19. Remote workforces are now the norm throughout the world, which introduces new risks. For example, connecting to corporate networks using personal computers that may be infected with malware is...

1.9AI score
Exploits0
coalfire
coalfire
added 2020/06/05 9:14 p.m.21 views

New HC3 report defines security assessments needed for healthcare organizations during and after COVID-19

The Health Sector Cybersecurity Coordination Center HC3 recently delivered a report that defines and articulates the security assessments and information technology audits that should be considered during and after the COVID-19 pandemic...

1.8AI score
Exploits0
coalfire
coalfire
added 2018/06/08 7:26 p.m.21 views

Pro Tips: Testing Applications Using Burp, and More

Burp Suite is one of my favorite tools for web application testing. The feature set is rich, and anything that it does not do by default can usually be added with an extension. There are a few things, however, that while they exist in Burp Suite, are not completely intuitive. Below are a few pro...

1.2AI score
Exploits0
coalfire
coalfire
added 2018/05/31 9:51 p.m.21 views

PowerShell: In-Memory Injection Using CertUtil.exe

Have you ever heard the old saying," The only constant in life is change?" Nothing is truer in the world of penetration testing and information security than the certainty of change. New defenses are always emerging, and the guys and gals in the red team game are always having to evolve our effor...

1.3AI score
Exploits0
coalfire
coalfire
added 2018/03/21 10:15 p.m.21 views

Takeaways from GAM 2018: Internal Audit Embraces Cybersecurity

Last week, the Institute of Internal Auditors IIA held its 2018 Global Audit Management Conference at the Aria Resort in Las Vegas. With over 1,700 attendees, this was the most well-attended event in the history of the conference. Coalfire was one of the sponsors, and we were delighted to meet wi...

4.4AI score
Exploits0
coalfire
coalfire
added 2018/01/16 6:11 p.m.21 views

Has Your O365 Account Been Hacked?

In the past six months, Coalfire has seen an increase in businesses receiving fraudulent emails from legitimate client accounts with fraudulent invoice attachments. In several cases, the recipient paid the invoices not realizing they were fraudulent. The losses have ranged between thousands and...

1.6AI score
Exploits0
coalfire
coalfire
added 2016/12/06 10:1 a.m.21 views

New PCI NESA Guidance is Good News for Non-Listed Encryption Solutions

While PCI P2PE is still the most secure approach, solution providers, who are not yet validated, can now offer additional clarity to merchants, QSAs, and acquirers...

3.1AI score
Exploits0
coalfire
coalfire
added 2016/01/07 11:12 a.m.21 views

PCI Council Gives Merchants Reprieve on PCI 3.1 Updates

The Payment Card Industry Security Standards Council PCI SSC released an update to its vulnerability standards and is giving merchants until June 2018 to migrate their security protocols, even though waiting is not recommended...

1.4AI score
Exploits0
coalfire
coalfire
added 2015/04/14 2:30 p.m.21 views

Where is your social security number today?

As April 15 approaches, the "water cooler" talk revolves around all types of topics related to the tax season. However, due to the overwhelming number of security breaches reported this past year, several individuals are finding that fraudulent tax filings were created with voluntarily provided...

2AI score
Exploits0
coalfire
coalfire
added 2023/10/17 7:8 p.m.20 views

Hexeon unleashed: human-centric offensive security amplified by technology

Part 3 in a blog series spotlighting Coalfire's 5th Annual Penetration Risk Report...

7AI score
Exploits0
coalfire
coalfire
added 2020/08/26 2:47 p.m.20 views

FedRAMP 101: How to get listed as “In Process”

Are you a cloud service provider working on a federal contract and need a FedRAMP authorization - but dont have a sponsor yet? Acquiring a committed government agency sponsor early in the FedRAMP process is crucial to your success and will ensure a smoother process. A major role for an agency...

2.1AI score
Exploits0
coalfire
coalfire
added 2020/03/19 9:44 p.m.20 views

Aligning Enterprise Cyber Risk and Business Strategy

Most business leaders have a contextual awareness of cyber risk and the threats facing their organizations. However, this contextual awareness rarely contributes to a clear, consolidated directive that can be applied across the organizations. Further, many organizations struggle to align their...

1.8AI score
Exploits0
coalfire
coalfire
added 2016/06/28 10:58 p.m.20 views

FedRAMP High Baseline Requirements Published

The Federal Risk and Authorization Management Program FedRAMP Project Management Office officially released its High baseline for High impact-level systems. This baseline is at the High/High/High categorization level for confidentiality, integrity, and availability in accordance with FIPS 199; an...

1.4AI score
Exploits0
coalfire
coalfire
added 2013/11/04 5:51 p.m.20 views

2013 PCI SSC European Community Meeting Wrap-Up

Matt Getzleman - PCI Practice Director, Dan Fritsche - Director, Solution Validation, Andrew Barratt - Managing Director UK, and Brian Pennington - Regional Sales Director, discuss the recent PCI SSC Community Meeting in Nice, France...

2.7AI score
Exploits0
coalfire
coalfire
added 2012/08/14 10:26 p.m.20 views

BYOD Survey Results: Employees are not playing it safe with company data

Employers are seeing a drastic increase in the number of employees using personal smartphones and tablets in the office. This "Bring Your Own Device" BYOD trend is causing headaches for the IT department and there is no stopping this trend. Due to the sensitive nature of company information often...

1.2AI score
Exploits0
coalfire
coalfire
added 2012/05/10 11:12 a.m.20 views

Coalfire Acquires Digital Resources Group in California

We have reached a new milestone at Coalfire and have announced the recent acquisition of privately held Digital Resources Group DRG in Redwood City, California. We are excited about our latest venture as it consolidates our leadership position within the IT Governance Risk and Compliance IT GRC...

1.3AI score
Exploits0
coalfire
coalfire
added 2012/02/20 12:25 p.m.20 views

Is your HIPAA Security and HITECH audit program in order?

Healthcare organizations have been working towards HIPAA and HITECH compliance for a few years now. "Surprise" HIPAA compliance audits conducted by the OCR have begun and at Coalfire weve come across some gaps that have led organizations to fall short of their compliance initiatives...

4AI score
Exploits0
coalfire
coalfire
added 2023/09/19 5:55 p.m.19 views

Penetration testing: shifting paradigms from reactive to proactive

Part 2 in a blog series spotlighting Coalfires 5th Annual Penetration Risk Report...

7AI score
Exploits0
coalfire
coalfire
added 2023/08/23 8:58 p.m.19 views

Behind the eight-ball: Why companies struggle with penetration risk

An introduction to a new blog series spotlighting Coalfires upcoming 5th Annual Penetration Risk report...

7AI score
Exploits0
coalfire
coalfire
added 2022/10/17 9:55 p.m.19 views

Spotlight: Women of Coalfire part 3

In this spotlight series, we are recognizing some of the women at Coalfire who have shattered glass ceilings and forged their own paths despite the obstacles they faced. Karen Laughton and Michi Everett are two of these women. Karen was the first female to hold an executive position in delivery a...

1.5AI score
Exploits0
coalfire
coalfire
added 2020/05/06 9:20 p.m.19 views

Cloud Transformation and the Shared Security Model

For many organizations, the lure of the cloud is very strong. Large enterprises usually have several justifications for adopting cloud-based services including preserving capital, adding scalability to applications, and minimizing IT staffing needs. Small- to medium-sized organizations often look...

1.6AI score
Exploits0
coalfire
coalfire
added 2018/06/01 7:1 p.m.19 views

Continuous Monitoring in the Cloud

I recently spoke at the Cloud Security Alliances Federal Summit on the topic "Continuous Monitoring / Continuous Diagnostics and Mitigation CDM Concepts in the Cloud." As government has moved and will continue to move to the cloud, it is becoming increasingly important to ensure continuous...

1AI score
Exploits0
coalfire
coalfire
added 2017/05/25 5:12 p.m.19 views

Ransomware: the anatomy of paying a ransom to decrypt hostage files

Ransomware is on the rise and clients seeking to understand the process can learn from this clients story about being a victim of ransomware as to what can be expected and how to handle a ransomware attack. Recently a company facing a malware infection approached us to help them deal with the...

1.8AI score
Exploits0
coalfire
coalfire
added 2017/03/02 5:21 a.m.19 views

New York State Implements Cybersecurity Regulation 23 NYCRR 500

On March 1st, 2017, sweeping new cybersecurity requirements were placed on organizations regulated by the New York State Department of Financial Services. The law applies to a broad set of covered entities that are supervised by the NYDFS, including banks, trusts, budget planners, check cashers,...

3.3AI score
Exploits0
coalfire
coalfire
added 2016/12/28 1:20 p.m.19 views

What’s Your Computer Thinking About? Examining Random Access Memory (RAM)

How valuable would it be to be able to read another persons mind? To know what theyre thinking or planning to do would be invaluable. Or, how valuable would it be to know what they have done in the recent past, especially if you believed they were involved in some criminal activity? Who they were...

1.5AI score
Exploits0
coalfire
coalfire
added 2015/09/09 12:13 p.m.19 views

A huge applause from the NIST-OCR-HIPAA 2015 conference

It looked like the 8th annual conference may have garnered record-breaking attendance as I noticed hotel staff rushing to add skirted tables and chairs to the back of the room to accommodate a standing-room-only crowd. I guess that was to be expected given the star-studded line-up of presenters...

1.9AI score
Exploits0
coalfire
coalfire
added 2014/09/09 5:7 p.m.19 views

Apple Pay: A New Way to Pay

Every September, Apple announces exciting new products that promise to change how we interact with not only our devices, but with the world around us. 2014 has been no exception; in San Francisco this morning, Apple announced the iPhone 6, Apple Watch and Apple Pay. Even though Im excited about t...

1AI score
Exploits0
coalfire
coalfire
added 2014/07/30 8:47 a.m.19 views

The Federal Government in Financial Services' Cybersecurity

Its no secret that the internet has changed the way we do business in nearly every industry. On the other hand, the dangers of limited cyber regulations are quickly becoming a focus for the government due to the frequency and impact of data breaches. Its becoming apparent that convenience comes a...

3.4AI score
Exploits0
coalfire
coalfire
added 2014/05/07 2:38 p.m.19 views

Target Kill Chain Analysis

Last week, I talked with Wall Street Journal reporter Ben DiPietro about the persistent communications gap between the data center and the board room when it comes to recognizing and tackling security threats: In almost every breach situation after his company completes a forensic analysis, Mr...

1.1AI score
Exploits0
coalfire
coalfire
added 2011/10/26 7:45 p.m.19 views

Cyber Security Awareness - Are you Doing All You Can to Stay Safe?

Every company has vulnerabilities and must learn to protect themselves from fast-moving cyber threats. Below are a few tips to keep in mind as you examine your network security:...

1.6AI score
Exploits0
coalfire
coalfire
added 2011/09/01 4:11 p.m.19 views

Phishing Season: Spam on the rise

Within the past two weeks there have been several reports on the increase in email spam, which can be directly correlated to an increase in phishing schemes and malware attacks. These attacks are frequently being delivered under the guise of legitimate business: they come in the form of shipment...

1.1AI score
Exploits0
coalfire
coalfire
added 2023/08/29 9:56 p.m.18 views

Looking back at Black Hat 2023

From AI to the evolving threat landscape, Black Hat 2023 spotlighted the security industrys latest and greatest innovations...

7AI score
Exploits0
coalfire
coalfire
added 2022/10/12 1:3 a.m.18 views

Spotlight: Women of Coalfire part 1

There is no area of society in which women are free of obstacles to their success due to their gender. I am all too familiar with inequity impacting women - including in the military - where I fought to correct the injustices that affected servicewomen. In the past, servicewomen who became pregna...

3.1AI score
Exploits0
coalfire
coalfire
added 2020/12/18 4:10 p.m.18 views

Deploying your first Blueprints

Welcome back to the fourth and final part of this Azure Blueprints series. This section covers how to use some Blueprints provided by Microsoft and how to get started writing your Blueprints for managing your Azure Governance. Specifically, we will look more closely at a FedRAMP use case...

2.5AI score
Exploits0
coalfire
coalfire
added 2020/07/14 10:56 p.m.18 views

Please Stop Managing Vulnerabilities in Excel Spreadsheets

Do your best Excel users work in application security? Are you trying to manage thousands of vulnerabilities across hundreds of applications in an increasingly elaborate series of Excel spreadsheets? Most companies are using multiple scanning technologies as well as a variety of manual testing...

0.2AI score
Exploits0
coalfire
coalfire
added 2020/07/01 8:3 p.m.18 views

Successful DevSecOps begins with a cultural shift

A successful DevSecOps approach fosters cohesive collaboration between Development, Security, and Operations teams for the cultivation of outcomes that improve security while also maintaining the goals of DevOps. Within DevSecOps, security is an additional foundational component in the process...

1.9AI score
Exploits0
coalfire
coalfire
added 2020/05/06 6:19 p.m.18 views

The Basics of Exploit Development 3: Egg Hunters

Hello dear reader. If you have read the other articles in this series, welcome back! If not I encourage you to read the previous installments before proceeding with this post. This post covers a surprisingly useful technique in exploit development called Egg Hunters. In order to demonstrate how E...

2.9AI score
Exploits0
coalfire
coalfire
added 2019/11/20 8:36 p.m.18 views

Will ISO 27701 Be the New GDPR Certification?

On August 6, ISO published the ISO/IEC 27701:2019 "ISO 27701" standard, which lays out the requirements for implementing an organizational program to govern the handling of personally identifiable information PII, known as a Privacy Information Management System PIMS. In many ways, the new standa...

1.3AI score
Exploits0
coalfire
coalfire
added 2018/06/11 9:32 p.m.18 views

How I Found CVE-2018-8819: Out-of-Band (OOB) XXE in WebCTRL

I like to do bug bounties from time to time, mostly when I am sacrificing sleep once the kids are finally out cold. This seemed like a worthy experience to document. Let me just start by saying I dont plan on going into the whole recon bits too deeply here. Maybe I will someday if I ever have...

0.6AI score0.03052EPSS
Exploits2
Total number of security vulnerabilities603