Lucene search
+L
CoalfireMost viewed

603 matches found

The Coalfire Blog
The Coalfire Blog
added 2014/10/15 3:18 p.m.23 views

POODLE vulnerability assessment

Vulnerability Summary: The POODLE vulnerability is due to a bug in SSL protocol, whereas Heartbleed and Shellshock were vulnerability due to a bug in software. Heartbleed and Shellshock were confined to systems that ran vulnerable versions of software, whereas POODLE affects any system running an...

1.4AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2023/09/18 6:57 p.m.22 views

A rundown of the OWASP top 10 for large language model applications

As part of the Open Worldwide Application Security Project OWASP AI Project, a community of international experts published a list of the top 10 critical vulnerabilities seen in Large Language Model LLM applications...

7.1AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2022/04/01 5:26 p.m.22 views

An integrated approach to security audits

A cyberattack can be devastating to any organization because it compromises sensitive data and, as a result, the financial position, strategic vision, and more important, the trust and credibility that the enterprise has built over the years. Given the magnitude of this risk, what role does the I...

6.9AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2021/12/16 12:1 a.m.22 views

Coalfire celebrates a decade as HITRUST assessor

Coalfire is incredibly excited for 2022. We are fully committed to developing world-class solutions for our teams and customers. On the immediate horizon is the newly announced i1 assessment, and were eagerly anticipating more news regarding CSFv10. Alongside these developments from HITRUST, were...

2.7AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2021/09/07 4:56 p.m.22 views

Rumors of an upcoming, major change to ISO 27002

Of the thousands of international standards published by the International Organization for Standardization ISO, some of the most popular ISO standards are management system standards, such as the well-known ISO 9001 standard for quality management and ISO 27001 for information security managemen...

1.9AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2021/08/31 4:18 p.m.22 views

Lift and drag: confronting complacency and disrupting inertia in cybersecurity strategy

Within corporate cybersecurity, resistance presents in a variety of forms. Individuals and institutions alike often face overwhelming peer pressure to "keep doing what made us successful in the past." In the face of that pressure, it can be difficult to generate or sustain momentum toward...

2.3AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2020/07/10 4:18 p.m.22 views

The Basics of Exploit Development 4: Unicode Overflows

If you have read the previous articles in this series, welcome back and keep reading. If not, I would encourage you to read those first before proceeding, as this article builds on concepts laid down in the previous installments. In this article, we will be covering a technique similar to the one...

1.4AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2018/05/23 6:57 p.m.22 views

Exploiting an Unsecured Dell Foglight Server

Dell Foglight for Virtualization is an infrastructure performance monitoring tool that can also be used to manage systems as well. It comes configured with a default username and password of "foglight."...

0.7AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2016/07/08 6:28 p.m.22 views

What you need to know: Navigating EU Data Protection changes – EU-US Privacy Shield and EU General Data Protection Regulation

If youre an organization with trans-Atlantic presence that transmits and stores European citizen data e.g. employee payroll & HR data, client & prospect data in the U.S. you will want to pay attention. What we will discuss was administered under the European Unions Data Protection Directive and a...

1.1AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2023/11/20 9:38 p.m.21 views

Navigating the AI security landscape: The federal push for responsible AI adoption

This blog post discusses the U.S. government's commitment to responsible AI through the Executive Order and proposed legislation, outlines key provisions for AI risk management, highlights efforts to strengthen federal AI governance, and emphasizes Coalfire's role in promoting responsible AI...

7.5AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2022/04/14 7:15 p.m.21 views

Penetration testing and red teaming: The differences and reasons why both are important to your business

Penetration testing, also known as ethical hacking, white-hat hacking, or pen testing, is one important form of security assessment that tests people, process, and technology to find security vulnerabilities that a potential attacker could exploit. Red teaming is a more targeted approach that...

0.9AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2020/08/27 5:44 p.m.21 views

The impact of Covid-19 on SOC reporting

The audit cycle for organizations that receive SOC reports includes new challenges related to Covid-19. Remote workforces are now the norm throughout the world, which introduces new risks. For example, connecting to corporate networks using personal computers that may be infected with malware is...

1.9AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2020/06/05 9:14 p.m.21 views

New HC3 report defines security assessments needed for healthcare organizations during and after COVID-19

The Health Sector Cybersecurity Coordination Center HC3 recently delivered a report that defines and articulates the security assessments and information technology audits that should be considered during and after the COVID-19 pandemic...

1.8AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2018/06/08 7:26 p.m.21 views

Pro Tips: Testing Applications Using Burp, and More

Burp Suite is one of my favorite tools for web application testing. The feature set is rich, and anything that it does not do by default can usually be added with an extension. There are a few things, however, that while they exist in Burp Suite, are not completely intuitive. Below are a few pro...

1.2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2018/05/31 9:51 p.m.21 views

PowerShell: In-Memory Injection Using CertUtil.exe

Have you ever heard the old saying," The only constant in life is change?" Nothing is truer in the world of penetration testing and information security than the certainty of change. New defenses are always emerging, and the guys and gals in the red team game are always having to evolve our effor...

1.3AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2018/03/21 10:15 p.m.21 views

Takeaways from GAM 2018: Internal Audit Embraces Cybersecurity

Last week, the Institute of Internal Auditors IIA held its 2018 Global Audit Management Conference at the Aria Resort in Las Vegas. With over 1,700 attendees, this was the most well-attended event in the history of the conference. Coalfire was one of the sponsors, and we were delighted to meet wi...

4.4AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2018/01/16 6:11 p.m.21 views

Has Your O365 Account Been Hacked?

In the past six months, Coalfire has seen an increase in businesses receiving fraudulent emails from legitimate client accounts with fraudulent invoice attachments. In several cases, the recipient paid the invoices not realizing they were fraudulent. The losses have ranged between thousands and...

1.6AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2017/09/19 5:28 p.m.21 views

Protecting Confidential Data: You May Not Be as Secure as You Think

Part One of a Three Part Series Unless you have been out of the country or otherwise shunning the news, you have likely heard that on September 7th and again on September 15th, Equifax reported that it suffered a security incident from May 13th through July 30th, 2017. This breach is broad reachi...

1.4AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2016/12/06 10:1 a.m.21 views

New PCI NESA Guidance is Good News for Non-Listed Encryption Solutions

While PCI P2PE is still the most secure approach, solution providers, who are not yet validated, can now offer additional clarity to merchants, QSAs, and acquirers...

3.1AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2016/01/07 11:12 a.m.21 views

PCI Council Gives Merchants Reprieve on PCI 3.1 Updates

The Payment Card Industry Security Standards Council PCI SSC released an update to its vulnerability standards and is giving merchants until June 2018 to migrate their security protocols, even though waiting is not recommended...

1.4AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/04/14 2:30 p.m.21 views

Where is your social security number today?

As April 15 approaches, the "water cooler" talk revolves around all types of topics related to the tax season. However, due to the overwhelming number of security breaches reported this past year, several individuals are finding that fraudulent tax filings were created with voluntarily provided...

2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2012/05/10 11:12 a.m.21 views

Coalfire Acquires Digital Resources Group in California

We have reached a new milestone at Coalfire and have announced the recent acquisition of privately held Digital Resources Group DRG in Redwood City, California. We are excited about our latest venture as it consolidates our leadership position within the IT Governance Risk and Compliance IT GRC...

1.3AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2023/10/17 7:8 p.m.20 views

Hexeon unleashed: human-centric offensive security amplified by technology

Part 3 in a blog series spotlighting Coalfire's 5th Annual Penetration Risk Report...

7AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2023/09/19 5:55 p.m.20 views

Penetration testing: shifting paradigms from reactive to proactive

Part 2 in a blog series spotlighting Coalfires 5th Annual Penetration Risk Report...

7AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2020/08/26 2:47 p.m.20 views

FedRAMP 101: How to get listed as “In Process”

Are you a cloud service provider working on a federal contract and need a FedRAMP authorization - but dont have a sponsor yet? Acquiring a committed government agency sponsor early in the FedRAMP process is crucial to your success and will ensure a smoother process. A major role for an agency...

2.1AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2020/03/19 9:44 p.m.20 views

Aligning Enterprise Cyber Risk and Business Strategy

Most business leaders have a contextual awareness of cyber risk and the threats facing their organizations. However, this contextual awareness rarely contributes to a clear, consolidated directive that can be applied across the organizations. Further, many organizations struggle to align their...

1.8AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2016/06/28 10:58 p.m.20 views

FedRAMP High Baseline Requirements Published

The Federal Risk and Authorization Management Program FedRAMP Project Management Office officially released its High baseline for High impact-level systems. This baseline is at the High/High/High categorization level for confidentiality, integrity, and availability in accordance with FIPS 199; an...

1.4AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2013/11/04 5:51 p.m.20 views

2013 PCI SSC European Community Meeting Wrap-Up

Matt Getzleman - PCI Practice Director, Dan Fritsche - Director, Solution Validation, Andrew Barratt - Managing Director UK, and Brian Pennington - Regional Sales Director, discuss the recent PCI SSC Community Meeting in Nice, France...

2.7AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2012/08/14 10:26 p.m.20 views

BYOD Survey Results: Employees are not playing it safe with company data

Employers are seeing a drastic increase in the number of employees using personal smartphones and tablets in the office. This "Bring Your Own Device" BYOD trend is causing headaches for the IT department and there is no stopping this trend. Due to the sensitive nature of company information often...

1.2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2012/02/20 12:25 p.m.20 views

Is your HIPAA Security and HITECH audit program in order?

Healthcare organizations have been working towards HIPAA and HITECH compliance for a few years now. "Surprise" HIPAA compliance audits conducted by the OCR have begun and at Coalfire weve come across some gaps that have led organizations to fall short of their compliance initiatives...

4AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2023/08/23 8:58 p.m.19 views

Behind the eight-ball: Why companies struggle with penetration risk

An introduction to a new blog series spotlighting Coalfires upcoming 5th Annual Penetration Risk report...

7AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2022/10/17 9:55 p.m.19 views

Spotlight: Women of Coalfire part 3

In this spotlight series, we are recognizing some of the women at Coalfire who have shattered glass ceilings and forged their own paths despite the obstacles they faced. Karen Laughton and Michi Everett are two of these women. Karen was the first female to hold an executive position in delivery a...

1.5AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2020/07/01 8:3 p.m.19 views

Successful DevSecOps begins with a cultural shift

A successful DevSecOps approach fosters cohesive collaboration between Development, Security, and Operations teams for the cultivation of outcomes that improve security while also maintaining the goals of DevOps. Within DevSecOps, security is an additional foundational component in the process...

1.9AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2020/05/06 9:20 p.m.19 views

Cloud Transformation and the Shared Security Model

For many organizations, the lure of the cloud is very strong. Large enterprises usually have several justifications for adopting cloud-based services including preserving capital, adding scalability to applications, and minimizing IT staffing needs. Small- to medium-sized organizations often look...

1.6AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2018/06/01 7:1 p.m.19 views

Continuous Monitoring in the Cloud

I recently spoke at the Cloud Security Alliances Federal Summit on the topic "Continuous Monitoring / Continuous Diagnostics and Mitigation CDM Concepts in the Cloud." As government has moved and will continue to move to the cloud, it is becoming increasingly important to ensure continuous...

1AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2017/05/25 5:12 p.m.19 views

Ransomware: the anatomy of paying a ransom to decrypt hostage files

Ransomware is on the rise and clients seeking to understand the process can learn from this clients story about being a victim of ransomware as to what can be expected and how to handle a ransomware attack. Recently a company facing a malware infection approached us to help them deal with the...

1.8AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2017/03/02 5:21 a.m.19 views

New York State Implements Cybersecurity Regulation 23 NYCRR 500

On March 1st, 2017, sweeping new cybersecurity requirements were placed on organizations regulated by the New York State Department of Financial Services. The law applies to a broad set of covered entities that are supervised by the NYDFS, including banks, trusts, budget planners, check cashers,...

3.3AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2016/12/28 1:20 p.m.19 views

What’s Your Computer Thinking About? Examining Random Access Memory (RAM)

How valuable would it be to be able to read another persons mind? To know what theyre thinking or planning to do would be invaluable. Or, how valuable would it be to know what they have done in the recent past, especially if you believed they were involved in some criminal activity? Who they were...

1.5AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/09/09 12:13 p.m.19 views

A huge applause from the NIST-OCR-HIPAA 2015 conference

It looked like the 8th annual conference may have garnered record-breaking attendance as I noticed hotel staff rushing to add skirted tables and chairs to the back of the room to accommodate a standing-room-only crowd. I guess that was to be expected given the star-studded line-up of presenters...

1.9AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2014/09/09 5:7 p.m.19 views

Apple Pay: A New Way to Pay

Every September, Apple announces exciting new products that promise to change how we interact with not only our devices, but with the world around us. 2014 has been no exception; in San Francisco this morning, Apple announced the iPhone 6, Apple Watch and Apple Pay. Even though Im excited about t...

1AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2014/07/30 8:47 a.m.19 views

The Federal Government in Financial Services' Cybersecurity

Its no secret that the internet has changed the way we do business in nearly every industry. On the other hand, the dangers of limited cyber regulations are quickly becoming a focus for the government due to the frequency and impact of data breaches. Its becoming apparent that convenience comes a...

3.4AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2014/05/07 2:38 p.m.19 views

Target Kill Chain Analysis

Last week, I talked with Wall Street Journal reporter Ben DiPietro about the persistent communications gap between the data center and the board room when it comes to recognizing and tackling security threats: In almost every breach situation after his company completes a forensic analysis, Mr...

1.1AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2011/10/26 7:45 p.m.19 views

Cyber Security Awareness - Are you Doing All You Can to Stay Safe?

Every company has vulnerabilities and must learn to protect themselves from fast-moving cyber threats. Below are a few tips to keep in mind as you examine your network security:...

1.6AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2011/09/01 4:11 p.m.19 views

Phishing Season: Spam on the rise

Within the past two weeks there have been several reports on the increase in email spam, which can be directly correlated to an increase in phishing schemes and malware attacks. These attacks are frequently being delivered under the guise of legitimate business: they come in the form of shipment...

1.1AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2023/10/06 5:32 p.m.18 views

The great divide of PCI DSS v4.0: Merchants, are you ready?

Are you ready for PCI DSS 4.0? Its vital to understand the changes to prepare properly and avoid costly delays in achieving compliance...

7AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2023/09/26 8:23 p.m.18 views

Cracking the code to compliance management

Based on recent research and findings from Coalfires 2023 Compliance Report, the second blog in this series outlines compliance program management and performance priorities for CISOs and compliance leaders...

7AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2023/08/29 9:56 p.m.18 views

Looking back at Black Hat 2023

From AI to the evolving threat landscape, Black Hat 2023 spotlighted the security industrys latest and greatest innovations...

7AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2023/08/04 3:56 p.m.18 views

Moving past MOVEit

The MOVEit hack resembles successful cyberattacks from the past, leading us to ask if federal agencies and contractors are using all the tools, methods, and technologies available to ward off the same type of cyberattacks...

7AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2022/10/12 1:3 a.m.18 views

Spotlight: Women of Coalfire part 1

There is no area of society in which women are free of obstacles to their success due to their gender. I am all too familiar with inequity impacting women - including in the military - where I fought to correct the injustices that affected servicewomen. In the past, servicewomen who became pregna...

3.1AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2020/12/18 4:10 p.m.18 views

Deploying your first Blueprints

Welcome back to the fourth and final part of this Azure Blueprints series. This section covers how to use some Blueprints provided by Microsoft and how to get started writing your Blueprints for managing your Azure Governance. Specifically, we will look more closely at a FedRAMP use case...

2.5AI score
Exploits0
Total number of security vulnerabilities603