603 matches found
Successful DevSecOps begins with a cultural shift
A successful DevSecOps approach fosters cohesive collaboration between Development, Security, and Operations teams for the cultivation of outcomes that improve security while also maintaining the goals of DevOps. Within DevSecOps, security is an additional foundational component in the process...
The Basics of Exploit Development 3: Egg Hunters
Hello dear reader. If you have read the other articles in this series, welcome back! If not I encourage you to read the previous installments before proceeding with this post. This post covers a surprisingly useful technique in exploit development called Egg Hunters. In order to demonstrate how E...
Will ISO 27701 Be the New GDPR Certification?
On August 6, ISO published the ISO/IEC 27701:2019 "ISO 27701" standard, which lays out the requirements for implementing an organizational program to govern the handling of personally identifiable information PII, known as a Privacy Information Management System PIMS. In many ways, the new standa...
How I Found CVE-2018-8819: Out-of-Band (OOB) XXE in WebCTRL
I like to do bug bounties from time to time, mostly when I am sacrificing sleep once the kids are finally out cold. This seemed like a worthy experience to document. Let me just start by saying I dont plan on going into the whole recon bits too deeply here. Maybe I will someday if I ever have...
New SEC Cyber Risk Disclosure Guidance: What Does It Mean for Public Companies?
On February 21, the U.S. Securities and Exchange Commission SEC issued the long overdue cybersecurity interpretive guidance to address the methods and timing of cybersecurity risks and incidents disclosures. To signify the importance of this updated guidance, five SEC commissioners issued the...
NIST SP 800-171: What U.S. Government Contractors Need to Know
In December 2016, NIST released Special Publication 800-171, Revision 1: Protecting Controlled Unclassified Information in Nonfederal Systems. Since that publication, I have worked with dozens of government contractors to help them understand this publication and determine if and how it applies t...
Capital One Fraud Seminar Recap
Recently, I was honored to be invited as a panelist at a recent seminar hosted by Capital One Spark Business to share some views on fraud prevention and cybersecurity with their customers. I was joined by a few other industry experts, Gerald Glickman, a Manager of Capital Ones Fraud Analysis team...
Accelerating Point-to-Point (P2PE) Adoption
How Coalfire is Helping Increase Access to PCI-listed P2PE Solutions - Use of a PCI-listed P2PE solution offers significant security and compliance benefits. However, merchants and service providers are still challenged to take full advantage of this opportunity. Coalfire has invested in solving...
How Twitter, Amazon, and others were impacted by last Friday's DDOS attack - and what you might want to do about it.
Our partner, Chertoff Group issued the following advisory. Client Advisory: October 21 distributed denial of service DDoS attack. A major distributed denial of service DDoS attack recently 10/21/16 disrupted Internet communications throughout parts of the United States in several waves, and there...
Creating a Cyber Insurance Policy
According to research from PartnerRe and Advisen, the global cyber-insurance market is currently worth $2 billion a year, a number which is expected to double by 2020.With 60% of underwriters and brokers seeing a significant demand in cyber-insurance from customers, there is clearly a great...
What does PCI DSS 3.1 and PA-DSS 3.1 mean for you and your organization
In the wake of the POODLE vulnerability identified by NIST and subsequent attacks, the PCI SSC has announced its intent to release the first revision of the PCI DSS 3.0 and PA-DSS 3.0 standards. The PCI DSS 3.1 and PA-DSS 3.1 standards will indicate that the SSL v3.0 protocol no longer meets the...
A billion reasons to enhance your penetration testing
There are so many questions regarding those leaked Russian passwords. Is this for real? What sites are on that list? How can you tell if your sites users are in the "Russian Billion"? Isnt this just a matter of changing user passwords? Bottom line: As a company with websites that have user...
PCI DSS 3.0 ROC Reporting Template Released
Heads up for our PCI customers: the PCI SSC released the "ROC Reporting Template for v3.0" this last weekend and it is available here. This document supports the PCI DSS 3.0 standard and must be used by all QSA organizations to create and submit a Report on Compliance ROC. What does this mean?...
Agencies to report progress with FedRAMP
The FedRAMP PMO recently conducted webinars on April 23 and 25 regarding Agencies requirement to report their progress on compliance with FedRAMP. The discussion covered the FedRAMP progress to date, the reporting requirements and process for moving services to FedRAMP authorized cloud service...
War on Passwords? Check with Your QSA First!
Passwords have long been the workhorse of user authentication schemes, and many security experts are speaking out on the need for more effective controls. It seems like hardly a week goes by when we dont see a password breach in the news...
Recent Surveys Reveal Trends and Spending Habits for Retailers in PCI Compliance
Recently, Gartner Research released two separate research reports on retailer PCI DSS compliance progress, trends and strategies. These reports are based on a survey of 77 merchants of varying sizes and covers a wide range of topics, including compliance status, spending and the incidence of...
Privacy information management system considerations for ISO 42001
Organizations that want to pursue ISO 42001 certification and have an existing ISO management system in place need to consider how to integrate an AI management system with their current management system to ensure common objectives and obligations are maintained. The following blog post explores...
Guardians of IoT: Strengthening the security of IoT-connected medical devices in the healthcare industry
The healthcare ecosystem requires stakeholders to have a comprehensive grasp of the industry-specific vulnerabilities, especially in its emerging technology. Coalfire examines key healthcare-specific IoT vulnerabilities, helping healthcare IoT manufacturers and medical facility administrations kn...
Top 10 challenges of building an in-house application security program
Building a successful application security program can be a daunting task, as it involves many different skill sets. Resource constraints, lack of expertise, and cultural resistance are among the many challenges preventing organizations from reaping the full benefits of an in-house AppSec program...
Threat-informed defense: The evolution of red teaming in cybersecurity
While there are several approaches to vulnerability management like pen testing and red teaming, adversary emulation is the only method that contributes to a threat-informed defense cybersecurity strategy...
Threat-informed defense: The evolution of red teaming in cybersecurity
While there are several approaches to vulnerability management like pen testing and red teaming, adversary emulation is the only method that contributes to a threat-informed defense cybersecurity strategy...
End the compliance management blues
Coalfire teamed up with one of the worlds leading security technology engineering firms, anecdotes, to expand Compliance Essentials capabilities - automating compliance workflows and risks, evidence collection, and audit execution. All within one platform...
Accelerating CMMC compliance
The reason the Cybersecurity Maturity Model Certification program is so critical to national security can be traced back to the second World War: To counter German submarine attacks against Allied supply chains, British intelligence hacked a German Enigma machine, stole the code, intercepted enem...
Part two: Reverse engineering and patching with Ghidra
In the first installment of our three-part blog series we learned how to root the Flashforge Finder 3D printer and acquire its firmware. In this post, we will delve into reverse engineering and patching the software using the new open source NSA tool Ghidra, which rivals its expensive competitors...
Deserialized Double Dirty
Recently I was able to fully root a NetApp OnCommand Performance Manager appliance using a Java Deserialization vulnerability and Dirty COW...
The Dangers of Client Probing on Palo Alto Firewalls
While performing a routine internal penetration test, I began the assessment by running Responder in analyze mode just to get an idea of what was being sent over broadcast. Much to my surprise, I found that shortly after running it, a hash was captured by Responders SMB listener...
Managing Your Vulnerabilities, FedRAMP Style
As a member of Coalfires Cyber Engineering team, I frequently get questions about vulnerability Deviation Requests DRs from Cloud Service Providers CSPs seeking Federal Risk and Authorization Management Program FedRAMP authorizations. In this post, Ill try to answer questions we frequently...
Highlights from the HITRUST Third-Party Assurance Summit
The HITRUST TPA Summit brought together experts representing customers, vendors, and assessor firms in various aspects of risk management to share best practices, lessons learned and effective third-party risk management strategies leveraging the HITRUST CSF Assurance Program and HITRUST Assessme...
News and Updates from the PCI Europe Community Meeting
In September, Hurricane Irma forced the PCI SSC to cancel the North America Community Meeting; and the uncertainty of Catalonian independence from Spain may have led some to stay home from the Europe Community Meeting held in Barcelona last week. Nevertheless, the Coalfire team was well-represent...
President’s Cybersecurity Executive Order
On May 11, 2017, President Trump released the Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. This E.O. -- while stand alone in focus --should be seen in the context of a greater move in the Executive Branch to elevate the awareness...
AWS releases PCI DSS Quick Start for Deploying PCI DSS In-Scope Workloads
In the next step to help customers adopt their platform for PCI, Amazon Web Services AWS has released their PCI DSS Quick Start program. The PCI DSS Quick Start program is the next evolution of cloud providers developing tools for rapid deployment of standardized configurations to drive adoption ...
In Memory of Our Friend, Rick Dakin
We are deeply saddened to announce that our founder and CEO Rick Dakin passed away suddenly over the weekend...
Heartbleed Aftershocks: Community Health Systems Breach, 4.5 Million Records Lost
The news this week that hackers from China compromised 4.5 million customer records held by Community Health Systems is just the latest indication that companies are not adequately protecting the information of the consumers they serve...
Is the “Day of Reckoning” getting closer for a large scale cyber-attack?
The "Phony War" is how commentators described the seven-month period of eerie quiet that prevailed in Western Europe between Germanys 1939 invasion of Poland and its later move into the Benelux countries, when erstwhile allies Britain and France avoided offensive operations and simply waited for...
New National Exam Program Risk Alert
In case you missed the most recent National Exam Program Risk Alert, you might want to head over to their website and determine what this may mean for you and your company. Since this may be a topic at your next board meeting, you should be prepared to answer any potential questions. Your board...
BYOD Survey 2013: Employees and Companies Remain Lax with BYOD Security
Despite a dramatic increase in mobile device sales in the past year, BYOD security among employees remains static. Gartner forecasts 2013 tablet shipments to grow 67.9 percent, with shipments reaching 202 million units, while the mobile phone market will grow 4.3 percent, with volume of more than...
Information Governance: Get Data Classification Right First
Data classification is one of the most crucial elements of an effective information governance process--yet its also one that many companies fail to implement well. In its simplest terms, data classification is the process of categorizing data based on its level of sensitivity. When done properly...
Guardians of IoT: Safeguarding connectivity of input and output channels
Ensuring the security of the Internet of Things IoT demands a meticulous examination of industry-specific vulnerabilities and a profound comprehension of data handling. Have you taken the necessary steps to confirm that your chosen third-party security vendor possesses a comprehensive understandi...
What are the impacts of FedRAMP® Rev. 5?
The FedRAMP PMO released the final Rev. 5 security control baselines and transition guidance for cloud service providers CSPs who have achieved authorization to operate ATO and those still in the planning stages. All CSPs should review the guidance as soon as possible and start developing a plan...
HIMSS 2023 Conference recap
HIMSS 2023, the largest annual healthcare technology conference, was a great success. The conference highlighted the importance of compliance, data privacy, and cyber security for healthcare organizations. With the increasing use of electronic systems and devices, protecting patient data has beco...
Maximizing ROI on cybersecurity training
Most awareness training strategies fail to promote a strong cybersecurity culture and meaningfully influence workers's behavior. It's time to leverage motivation to change attitudes and improve the ROI on training...
FedRAMP® CSPs face a new challenge meeting FIPS Compliance
The Federal Risk and Authorization Management Program FedRAMP requires Cloud Service Providers CSPs to meet federal mandates and achieve or maintain a FedRAMP authorization. One of those mandates require the consistent use of FIPS 140-2 validated cryptographic modules everywhere cryptography is...
Sitting in cars with hackers
Are organizations doing enough to protect customer data? The auto industry can teach us a lot about vulnerability management...
Hacking Ham Radio: WinAPRS – Part 2
In part one of this series on vulnerability research in ham radio software, we discussed ham radio and digital communications via packet radio. We reviewed some relevant packet radio protocols such as AX.25, APRS, and KISS. We then chose WinAPRS as our target application. In this installment we...
Properties of secure hash functions
The news of NIST and their SHA-3 algorithm competition and a recent lunch and learn at Denim Group reminded me of the Cryptographic lectures I gave at UTSA. One of the hardest concepts my students had grasping was secure cryptographic hash functions, partially because of the number theory, but al...
Mining Splunk's Internal Logs
Splunk is great about logging its warnings and errors, but it wont tell you about them - you have to ask! As the leading machine-generated data analysis software, its not surprising that Splunk excels at creating robust logs. The current version of Splunk Enterprise v 8.05 generates 22 different...
How to strengthen your cybersecurity program
The first step toward becoming physically fit is looking in the mirror, acknowledging your weaknesses, and making a commitment that youll do whatever it takes to improve yourself. This is true for personal fitness, but can this approach also apply to the cybersecurity program at your growing...
IoT Discussion at the Leidos Supplier Innovation & Technology Symposium
Coalfire was asked to participate on a technical panel about the Internet of Things IoT at the Leidos Supplier Innovation & Technology Symposium on June 6. This event is a dynamic day enabling Leidos largest suppliers as well as targeted start-ups to showcase their offerings and capabilities to a...
Microsoft Word Document Upload to Stored XSS: A Case Study
Anytime I see a file upload form during an application test, my attention is piqued. In a best-case scenario, I can upload a reverse shell in a scripting language available on the webserver. If the application is running in PHP or ASP for example, it becomes quite easy. If I cant get a backdoor...
Cooking Up Shells with Chef
I was able to compromise a Chef server on one of my recent engagements. Owning a Chef server means having the keys to the castle. I wasnt quite sure how to go about using this tool. Im familiar with Puppet as Ive spent the majority of my career on the systems side. Having never run into Chef, I...