Lucene search
+L
CoalfireMost viewed

603 matches found

The Coalfire Blog
The Coalfire Blog
added 2011/06/14 5:25 p.m.15 views

Coalfire Expands Dallas Office and Names Kurt Hagerman Managing Director

I am pleased to announce that our Dallas office is growing by leaps and bounds. Leading the charge is Kurt Hagerman, the newly appointed managing director. Kurt will serve more than 60 clients in the Southwest region and oversee Coalfires strategic vision while building new client relationships f...

0.8AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2011/06/09 12:8 a.m.15 views

HIPAA Compliance and Call Centers

In a previous post titled Is It Safe to Speak? Protection for Telephone-Based Payment Card Data, I commented on the PCI SSC new requirements for call center operations and recording systems. Call center security has been a hot topic for a long time. How safe is the information that is given over...

1.9AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2011/05/09 12:43 a.m.15 views

Botnets: 2011 Rocky Mountain Information Security Conference

Botnets have become one of the most dangerous cyber threats affecting businesses today. Botnets criminals focus on the same things as most criminals: money and information. That is why these criminals are targeting payroll, human resources departments, C-level executives and senior strategists...

1.3AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2024/01/31 4:23 p.m.14 views

Guardians of IoT: Addressing IoT security vulnerabilities in electric vehicles and charging stations

The rise of electric vehicles EVs and charging infrastructure necessitates robust security measures, especially in the context of IoT integration. Explore the vulnerabilities in EV systems and potential risks, proposing mitigation strategies like firmware updates, user authentication, intrusion...

7.6AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2023/04/26 8:56 p.m.14 views

White House cyber strategy: leadership is now accountable

The National Cybersecurity Strategy represents one of the most significant market-driving forces in the history of IT. It ushers in a new era of standards, requirements, and best practices that will define how our economy works and how buyers interact with sellers for decades to come...

6.9AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2023/03/10 9:12 p.m.14 views

FAQ: Transitioning to the highly anticipated new revision of ISO 27001

For a group like Coalfire Certification that lives and breathes these standards daily, it has been an exciting few months monitoring the progress of this publication and its review through the various ISO working groups...

1.2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2022/12/19 8:54 p.m.14 views

FedRAMP just got better – and is here to stay

Today, President Biden signed the National Defense Authorization Act NDAA, taking a giant step forward in securing the federal governments cloud-first mission. The FedRAMP® Federal Risk and Authorization Management Program Authorization Act, outlined in section 5921 of the NDAA, formalizes the...

3.4AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2022/11/08 9:45 p.m.14 views

Mobile app usage soars but security still falls short

Benchmark analysis of mobile apps shows 99% have security or privacy vulnerabilities. These weaknesses can cause exposure of sensitive information and jeopardize brand reputation, customer trust and company value...

2.7AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2022/05/26 6:48 p.m.14 views

Understanding compliance platform capabilities: black box automation has its limitations

Compliance is hard. It is not a "black box" of opaque inputs and outputs, where systems and data are hidden and where users are oblivious to their inner workings. There has yet to be a product made that can magically produce all the evidence sufficient for testing and verification across the wide...

2.6AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2022/05/04 5:7 p.m.14 views

CMMC – The smoke is clearing

The smoke is finally starting to clear on "CMMC 2.0." Hundreds of companies are already lining up for Cybersecurity Maturity Model Certification assessments. Everything is taking place faster and with far more urgency than most organizations have planned around or prepared for...

2.3AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2022/05/02 7:9 p.m.14 views

A survey of FedRAMP’s new supply chain requirements

Over the past few years, supply chain management has shifted from a background requirement that everyone unknowingly relies upon, to being a commonly talked about aspect of our everyday lives. The Federal government has ramped up its effort to gain a handle on supply chain threats as a result of...

1.8AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2022/01/20 11:28 p.m.14 views

The right ASM tools include understanding where the real risk lies

While companies are just scratching the surface of understanding their Internet-facing architecture, hackers have been monitoring growing attack surfaces to find vulnerabilities where companies arent looking or maybe not prioritizing and reaping the reward through bug bounty programs...

3.3AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2021/03/02 12:49 a.m.14 views

General Overview of Vulnerability Management

In a world where most companies take nearly six months to detect a data breach, establishing a comprehensive and continuous process for identifying, classifying, mitigating and preventing security vulnerabilities within an organization can help prevent current cybersecurity challenges...

2.1AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2020/12/14 8:50 p.m.14 views

Azure Policies

Welcome back to Part Two of our four-part Blueprint Series. Today's post covers the use of Azure Policies within a Blueprint deployment along with ARM templates and permissions management. Azure Policies are the critical component of Azure Blueprints. Policies, like ARM Templates, are JSON...

1.3AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2020/07/20 3:15 p.m.14 views

So Long, Privacy Shield

In whats rapidly becoming the splashiest news to hit the privacy space in years, the Court of Justice of the EU CJEU, the highest court in the European Union, invalidated the U.S. Privacy Shield, a legal instrument that made it possible for organizations operating in the United States to transfer...

2.2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2020/04/28 11:47 p.m.14 views

Applied ThreadFix: Security teams collaborating with development teams

Modern enterprises are distributed. Most ThreadFix deployments have stakeholders spanning development and security teams and those team members are spread around the globe. To support these distributed organizations, ThreadFix has a number of collaboration features that make teams more efficient...

7AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2020/04/27 4:44 p.m.14 views

So your company has decided to do FedRAMP - What does that mean?

The exponential increase in cloud adoption in recent years has led to a dramatic increase in technology companies evolving from software and application companies to Software as a Service SaaS, Platform as a Service PaaS or Infrastructure as a Service IaaS providers. The 2011 release of the Cloud...

3.5AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2020/04/02 6:51 p.m.14 views

With IoT, common devices pose new threats

For Instance… Hackers Setting Your 3D Printer on Fire The world is careening toward the reality that almost all electronics in your home and business are connected to the internet. Many of these devices contain things like heating elements, batteries, and motors that are entirely...

7AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2018/07/13 3:34 p.m.14 views

NIST SP 800-171A Assessment: Finalized Assessment Objectives Foster a Roadmap to Compliance

On June 13, 2018, NIST formally released their Special Publication SP 800-171A, Assessing Security Requirements Controlled Unclassified Information CUI.This publication provides organizations with an assessment methodology to evaluate their compliance with the CUI security requirements defined in...

1.3AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2018/07/09 10:25 p.m.14 views

Incident Response: Do Your Vendor Contracts Have Claws (for Liability)?

In previous blogs, weve discussed some of the struggles organizations have when responding to cyber incidents. For many, it is the recovery aspect, and specifically vendor liability for the data or privacy breach, that poses many questions. In trying to assign liability, the obvious place to star...

3.2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2018/05/16 8:36 p.m.14 views

AWS Certified Cloud Practitioner: A Valuable Certification for Professionals in Non-Technical Roles

Within the past year, AWS unveiled what is arguably one of the best programs they have ever offered to non-technical professionals in the AWS Partner Network APN: the AWS Certified Cloud Practitioner certification. The program, which is especially valuable for those in sales or marketing roles,...

3.7AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2018/03/05 6:23 p.m.14 views

NIST Interagency Report on IoT: An Incremental Step Toward IoT Standards

The Internet of Things IoT has been widely regarded as representing a significant cybersecurity risk, which will only grow as connected devices continue to proliferate. As an important step in addressing these concerns, the Interagency International Cybersecurity Standardization Working Group IIC...

2.2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2018/02/06 7:42 p.m.14 views

Introducing Red Baron - Automate the Creation of Resilient, Disposable, Secure, and Agile Infrastructure for Red Teams

The need to automate the creation of disposable red-team infrastructure is key to providing effective adversary simulations. As Coalfire Labs continued to grow, our team needed a system to quickly configure and spin up C2 and/or phishing infrastructure, run multiple campaigns at the same time, an...

2.1AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2017/10/19 8:32 p.m.14 views

Scripted Inputs and Splunk

Splunk is an extremely versatile tool when dealing with data: - Monitor files? Check! - Listen in on an open port? Check! - Monitor the file system? Performance monitor? HTTP Event Collector? - Check, check aaaaand check! But what if the data you want to ingest does not have a method listed...

0.1AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2017/07/18 10:36 p.m.14 views

Just a Few Seats Left at the Coalfire Adaptive Pen Testing Training at Black Hat!

Black Hat is just around the corner, and Coalfire is gearing up for the best Adaptive Penetration Testing Training yet! Weve adapted the Adaptive Penetration Test Training course with new instructors, enriched content, and new labs to provide the richest training to date. The revised training now...

2.1AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2017/06/05 6:35 p.m.14 views

Q&A from P2PE-NESA Webinar for Merchants

The selection of a PCI-listed P2PE solution and determination of expected benefits can be challenging for even the most sophisticated merchants. The introduction of the NESA program can make decisions more difficult. To help guide merchants, Coalfire and FreedomPay held a webinar "P2PE & NESA for...

1.5AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2017/04/17 10:41 p.m.14 views

Ransomware Response: To Pay or Not to pay

Recently, I was speaking with a CISO friend of mine and he mentioned that his company suffered a breach. I asked if it was a ransomware attack, and sadly, that was the case. Malware had infected nearly every connected computer. Clearly there was a breakdown in protective controls, but Ill get to...

6.9AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2017/02/02 7:42 p.m.14 views

Reconciling Quarterly ASV and QSA Scanning Requirements

In the compliance realm, the term "quarterly" seems to be a sound and straight-forward term used to provide guidance and to aid entities in adhering to requirements. However, its meaning can vary based on its context in relation to dealing with various compliance requirements from your ASV and QS...

2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2016/10/27 10:4 a.m.14 views

Ghosts in the Bank

It was a dark night. A car pulled up in the parking space next to me and quickly extinguished his lights. I looked out the my window and saw the driver. He gave me a quick nod and we exited our cars. Opening the trunk I pulled out my tools for the night. A backpack full of trash bags, a flash...

0.2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2016/04/04 5:6 p.m.14 views

What to Expect in the PCI 3.2 Update

A preview of new requirements and guidance expected later this month from the Payment Card Industry Security Standards Council was announced Thursday. The PCI DSS 3.2 version represents the first update to the standard that the Council has released since 3.1 in April 2015 and 3.0 in November of...

2.6AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/10/08 3:32 p.m.14 views

Report from the PCI SSC North American Community Meeting

The Payment Card Industry Security Standards Council held their 2015 North American Community Meeting this year in Vancouver, BC, from September 29 - October 1. Coalfire was well represented at the meeting, with Dan Fritsche, Managing Director, Application Security, making two presentations at th...

0.6AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/03/06 4:2 p.m.14 views

COSO Framework for Service Organizations and SOC Reporting (Part 2 of 3)

Every SOC report whether it is a SOC 1, SOC 2 or SOC 3 should include information about the service organizations risk assessment process. Risk assessment can take many forms and there is no "one size fits all" format. Risk assessment is intended to be an evolutionary process, designed to meet th...

2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2014/12/11 12:14 p.m.14 views

Law Firm - Forensics Services

As cyber threats and attacks have increased year over year, Coalfire has seen a drastic increased need for support to law firms in cybersecurity cases. Attacks and threats vary so often, many law firms lack the skills required to properly evaluate cyber-attacks involving their clients. As such la...

2.8AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2014/10/29 5:25 p.m.14 views

IT Security Horror Story: Digging your own grave with Default Credentials

I recently performed a penetration test that really required no "hacking skills" whatsoever. I was able to obtain domain administrator rights simply by logging into web applications and network hardware using default credentials...

0.9AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2014/10/29 9:56 a.m.14 views

IT Security Horror Story: Slow Network, Big Phish

It was a typical morning, just like any other for Annie. She arrived at the office just in time to fill her coffee mug and get to her desk to read her email that had been piling up since Friday. After reading through the standard office wide emails she came across one from the help desk...

1.2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2014/09/10 8:8 a.m.14 views

PCI Community Meeting - EMV Chip Update

Randy Vanderhoof, Executive Director, EMV Migration Forum EMF, presented the EMV Chip Update today at Day Two of the PCI Community Meeting. The session provided attendees with insights into the EMV chip migration process in the U.S. and how this impacts PCI security efforts...

1.4AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2014/09/08 10:4 a.m.14 views

Stop Hitting the Snooze Button

In the aftermath of the most damaging retail breach in history, a CEO in the financial industry explained his companys position on the issue:...

1.7AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2014/06/26 10:23 a.m.14 views

What you need to know from the OCR’s Report to Congress on Breaches and HIPAA Rules Compliance

Last week the HHS Office for Civil Rights OCR issued their Annual Report to Congress on Breaches of Unsecured Protected Health Information PHI for calendar years 2011 and 2012. This is their second annual report required by the Health Information Technology for Economic and Clinical Health HITECH...

1.2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2014/06/25 9:30 a.m.14 views

Emerging Threats and Going Beyond Compliance

I recently presented to a C-level gathering of retail finance executives about the industrys changing threat landscape and the emerging threats facing omni-channel sellers. The retail security environment has changed dramatically in the past few years. Not that long ago, retailers mostly worried...

3.6AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2014/06/02 12:45 p.m.14 views

The Lesson of eBay

After every major cyber breach, security professionals are asked about the lessons we can learn from them. While the technical details of the eBay attack arent yet public, we can already learn lessons about from companys public statements and its communications to its customers...

2.8AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2014/04/17 10:51 a.m.14 views

The Top 3 Security Issues in Federal Cloud Computing

A journalist recently asked me for my top three pressing concerns related to Federal cloud security. Here are a few points I had to offer up...

7AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2014/02/06 1:4 p.m.14 views

Target Hackers Broke in Via HVAC Company?

When I first heard about the account used to gain access to the Target environment, my first reaction was to laugh at the ridiculousness of the HVAC vendor having an impact on the CDE like it seems to or is rumored to have had in the recent breach. Then I started thinking with the PCI controls,...

3.2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2013/12/12 3:15 p.m.14 views

Free and low-cost tools for PCI DSS Compliance

Complying with the PCI DSS requires policies and processes plus implementing and managing a variety of software tools. As a QSA who has performed many PCI assessments for merchants and service providers, Ive seen and assessed a variety of free and low-cost under $200 software tools that help our...

3.1AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2013/09/10 12:54 p.m.14 views

PCI DSS 3.0 puts emphasis on year-round awareness

Its easy to think of PCI compliance as just another annual hoop to jump through. Of course, after the annual audit, the business is safe for another 12 months, right? Well, not exactly, and with the upcoming release of PCI DSS 3.0, there will be an even bigger reason to think about compliance...

1.9AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2013/06/28 7:45 a.m.14 views

The Rapidly Changing World of Mobile Application Payment Systems Compliance

In this series of Compliance Talk, Dirk and Ken are back at their favorite coffee shop, this time joined by Dan Fritsche. Dan is Coalfires Director of Solution Validated Services and is considered a thought leader on mobile payments, P2PE and other emerging trends in the payments industry...

1.8AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2013/05/13 12:0 a.m.14 views

Determining if your Company is Prepared for FedRAMP

Many companies interested in pursuing FedRAMP are seeking guidelines, checklists and any referenceable source to help them understand and determine their level of preparedness to go through the FedRAMP process. The GSAs FedRAMP.gov site provides documentation on the FedRAMP process in their "Guid...

2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2013/03/11 12:44 p.m.14 views

Whether you are a large or small business, beware of these 5 common security problems

Every January, the trade press if full of new years resolution-like advice… things to do in the coming year, even Coalfire made a few predictions for 2013. I work at Coalfire Labs, and since our business is IT security and testing, we want to share some advice on how to avoid your systems and...

0.2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2013/01/16 1:19 p.m.14 views

FedRAMP PMO - FedRAMP Process and Developing SSP webinar Q&A

The FedRAMP program continues to gain momentum and GSA and the FedRAMP PMO conduct great, interactive, webinars available to attend live or to watch later. There is much to learn from the GSA on how to navigate the FedRAMP process according to their requirements...

3.5AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2012/10/29 3:37 p.m.14 views

Penetration Testing Frequently Asked Questions

You may have noticed this recent article about Googles contest that rewarded a hacker for discovering a vulnerability in Chrome. Once Google verified the vulnerability, they were able to fix the bug and issue the cash prize to the hacker. This is a very public example similar to what Coalfire Lab...

1AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2012/10/29 1:45 p.m.14 views

IT Security Horror Stories: The Case of the Phantom Technician

At Coalfire Labs, we discover--and help our clients address--a lot of scary security and compliance problems. Like zombies out looking for a victim, nefarious characters are out to attack your IT infrastructure and compromise your systems. Even when organizations have protections in place, the...

2AI score
Exploits0
Total number of security vulnerabilities603