Lucene search
+L
CoalfireMost viewed

603 matches found

The Coalfire Blog
The Coalfire Blog
added 2012/10/29 1:45 p.m.14 views

IT Security Horror Stories: The Case of the Phantom Technician

At Coalfire Labs, we discover--and help our clients address--a lot of scary security and compliance problems. Like zombies out looking for a victim, nefarious characters are out to attack your IT infrastructure and compromise your systems. Even when organizations have protections in place, the...

2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2012/05/02 7:56 a.m.14 views

The hackerproof password? Tips and advice on password management

Having some security expert tell you that you should be creating strong passwords that are unique per account and change frequently is like your dentist telling you that you should floss morning, night and after consuming any dentally dangerous foods. The majority of us say, "yeah right". The tru...

0.2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2012/02/18 12:5 a.m.14 views

Password Management: How many do you need to remember?

In todays online world, the proliferation of usernames and passwords has resulted in a cottage industry springing up to meet the need to keep track of them in a secure manner. Software and hardware providers have developed a number of unique approaches to deal with this problem, but they all...

3AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2012/01/17 12:30 p.m.14 views

Coalfire in the News

Its been quite a season in the world of IT security as we move into 2012. As experts in our field, we are often asked to comment on current trends and recent stories. Take some time to check out what we have had to say recently:...

2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2011/08/29 4:25 p.m.14 views

Coalfire Appoints Larry Jones to Board of Directors

We are proud to announce the election of Larry Jones to our board of directors. Larry is the former CEO of StarTek, Activant, Message Media and NeoData, and is a seasoned veteran in technology services. He also serves on the board of Comverge, Inc., a publicly traded provider of smart grid, deman...

3.6AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2024/01/25 4:23 p.m.13 views

The dark side of AI data privacy: What you need to know to stay secure

This blog post examines the threats of data leakage, bias, and overcollection in AI systems, offering valuable insights and recommendations for effective risk mitigation...

7.3AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2024/01/16 4:23 p.m.13 views

Mastering AI Risks: Navigating the NIST AI RMF Core with Coalfire

This article delves into mastering AI risks through the application of the NIST AI Risk Management Framework RMF Core. It emphasizes the importance of understanding and mitigating the multifaceted risks associated with AI, from ethical dilemmas to data security, and introduces Coalfires tailored...

7.2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2023/10/24 8:54 p.m.13 views

Maximizing the value of threat modeling

Explore four practices that maximize the value of threat models throughout the entire development lifecycle...

7.1AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2023/07/18 3:3 p.m.13 views

The state of cybersecurity compliance in 2023 – part 1

This first blog in the series captures the key takeaways from Coalfires Annual Compliance Report...

7AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2023/05/10 4:25 p.m.13 views

Four key questions for privacy programs in the U.S.

With new state privacy laws passed each year, organizations are tasked with developing privacy programs that are compliant with applicable laws. To help organizations identify their current privacy program maturity, privacy professionals can ask four questions to determine where they stand...

7AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2022/11/15 12:14 a.m.13 views

Threat and vulnerability management - No time for complacency

There was some very good news in Coalfires 4th Annual Penetration Risk Report. Most notable was that high-risk vulnerabilities have been cut almost in half since 2018 when we first began reporting our pen testing research derived from thousands of direct client engagements. Also of note, the larg...

1.2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2022/10/26 7:4 p.m.13 views

FAQ: Transitioning to the highly anticipated new revision of ISO 27001

For a group like Coalfire Certification that lives and breathes these standards daily, it has been an exciting few months monitoring the progress of this publication and its review through the various ISO working groups...

1.2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2022/09/20 6:14 p.m.13 views

It’s time to bite the bullet for more secure software

On September 14, 2022, the Office of Management and Budget OMB released their M-22-18 memorandum on "Enhancing the Security of the Software Supply Chain through Secure Software Development Practices." This document builds upon previous government documents such as Executive Order EO 14028...

2.1AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2022/06/08 5:41 p.m.13 views

Security as a differentiator: How to market the secure customer experience

Leveraging software development lifecycle security as a go-to-market differentiator is imperative in setting companies apart from competitors. As Coalfires Cloud Advisory Board and my colleague Gail Coury eloquently pointed out in our recent Securealities Report, Smartest Path to DevSecOps...

1.5AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2022/06/06 9:24 p.m.13 views

View TPRM risk through four lenses

In recent years, as attackers seek to gain entry and disrupt business through vendors, Third Party Risk Management TPRM has proven to be a top priority item for every organization. As organizations mitigate the risks associated with a third party-related attack, leaders should continue to address...

2.1AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2022/04/22 4:34 p.m.13 views

A little actually doesn’t go a long way: Fight the urge to shortcut your TPRM program

Third Party Risk Management TPRM is hard to get right. Ineffective TPRM is when 83% of legal and compliance leaders identify third party risks after due diligence, despite spending 73% of effort on due diligence. This is supported by 49% of business leaders saying they lack a centralized strategy...

1.3AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2022/04/07 9:42 p.m.13 views

Governing the organization

Security is the biggest risk to business today. Managing security has become one of the hardest jobs in the enterprise, and failing to do so effectively can create opportunities for severe operational disruption. One of the keystone conclusions from Coalfires Cloud Advisory Boards the Smartest Pa...

Exploits0
The Coalfire Blog
The Coalfire Blog
added 2022/04/04 7:21 p.m.13 views

A Bridge Over the Chasm: A Primer on the Release of PCI 4.0

The Payment Card Industry PCI Security Standards Council SSC has just released version 4.0 of the Data Security Standard DSS. Developing DSS 4.0 took almost four years and included several rounds of Request for Comments RFC from Participating Organizations and other interested parties. This new...

2.4AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2022/02/03 6:13 p.m.13 views

The Long-Term Impact of Log4j

In its aftermath, Log4j vulnerabilities put the spotlight on vendor management and supply chain security practices. Software suppliers should expect vendor security questionnaires to expand in scope and detail around application security practices. Its relatively easy for software buyers to...

1.6AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2021/09/23 8:53 p.m.13 views

Staying current with HITRUST advisory changes

As a result of an ever-evolving threat landscape, compliance requirements are proliferating at an unprecedented rate. It can be overwhelming to keep up with the staggering number of new and updated regulations, compliance frameworks, and standards. HITRUST®, founded in 2007, recognized this...

1.7AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2021/02/16 10:35 p.m.13 views

AppSec concerns: UUID generation

During static analysis, one of the things the application security team checks for is strong random number generation for security sensitive contexts. We see weaknesses in this space quite often for temporary passwords and session identifiers, but an increasingly common variant is for universally...

4.1AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2020/10/27 6:16 p.m.13 views

Using Azure Blueprints to Control Azure Compliance

As Peter Parker says, with great power comes great responsibility. And so it goes with public cloud: With cloud scale and agility come cloud-scale problems and compliance nightmares. Every day, IT professionals balance the need to act quickly--often leveraging cloud speed of execution to implemen...

1.5AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2020/09/30 12:51 a.m.13 views

Help Net Security – ThreadFix 3.0 Review

Help Net Security recently published a review of ThreadFix 3.0. Security Researcher, Toni Grzinic, took a deep dive into our vulnerability management platform and broke down everything from infrastructure, reporting and analytics, to integrations, and beyond. Click here to read Tonis full review ...

1AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2020/06/04 11:35 p.m.13 views

Using DAST to Expand DevOps Security Coverage

The state of application security is constantly evolving with changing web architectures and approaches. These changes are making security teams employ a wider range of techniques and toolsets to find vulnerabilities within their applications. Web and mobile applications each present their own...

1.3AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2020/05/27 11:37 p.m.13 views

Planning Ahead to Prevent Vulnerabilities

The cost to remediate vulnerabilities increases as those vulnerabilities make it further into the development process. If they make it into a final release, those vulnerabilities can leave organizations vulnerable to attacks, costing time and resources to address, as well as causing damage to the...

3AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2020/05/26 3:56 p.m.13 views

Establishing risk appetite is key to effective risk management

The mission of an enterprise risk management program is to respond to and monitor risks to the enterprises operations and objectives. In order to properly respond to and monitor risks, the enterprise must establish risk appetite thresholds. Well-established and well-communicated risk appetite...

2.1AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2020/05/18 4:24 p.m.13 views

FedRAMP – 8 years in and 100 assessments achieved

Back in 2011, if you had asked me what cloud computing was, I would have looked at you with a blank look on my face. At the time, I was supporting a Federal client when my boss asked me to assist in applying to become a 3PAO. I had no clue what 3PAO even stood for it stands for Third-Party...

2.5AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2019/10/02 10:22 p.m.13 views

ERC.Net – A Toolset for Analyzing Windows Application Crashes

ERC.Net is a collection of tools designed to assist in analyzing and debugging Windows application crashes in order to identify potential security vulnerabilities. Supporting both 64 and 32 bit applications, ERC.Net has many use cases including parsing Windows file headers, identifying compile-ti...

2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2019/08/26 9:3 p.m.13 views

Dodge Data Breaches with Real-Time PCI Compliance

Its been five years since the PCI Council released the first "Best Practices for Maintaining PCI DSS Compliance" guidance document in August 2014. Since then, many prominent payment data breaches have occurred, with the finger often pointing to lapses in the affected organizations compliance...

3.7AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2019/04/18 4:9 p.m.13 views

Coalfire participates in cybersecurity disaster exercise at the 2019 HSCC Spring Summit

The Healthcare and Public Health Sector Coordinating Council HSCC conducted their biannual Joint Cybersecurity Working Group JCWG All-Hands Meeting on April 3-4, 2019. As a member of HSCC, Coalfire participated in the JCWG meeting with other security leaders from across the healthcare industry an...

6.9AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2018/11/06 9:19 p.m.13 views

Upcoming Changes to Cryptographic Findings in Q4 2018

The security world is a constantly changing and evolving landscape, and as part of Coalfire's commitment to security, we need to constantly review and update vulnerability information for vulnerability scanning to keep up. We've made some changes to previously acceptable vulnerability checks, whi...

0.8AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2018/06/07 8:54 p.m.13 views

A Cyber Engineering Primer: Vulnerability Management Lifecycle

According to the SANS Institute, "Vulnerability management is the process in which vulnerabilities in IT are identified and the risks of these vulnerabilities are evaluated. This evaluation leads to correcting the vulnerabilities and removing the risk or a formal risk acceptance by the management...

2.2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2018/04/23 7:8 p.m.13 views

PCI Compliance: Early-TLS and Cloud Service Providers

Organizations tracking their PCI compliance are likely aware of the impending June 30, 2018 deadline to disable SSLv3 and early-TLS. This blog post examines the special case of Cloud Service Providers CSPs and how their customers should proceed to achieve compliance...

4AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2018/02/15 8:34 p.m.13 views

Cyber Engineering for 2018 and Beyond

2017 could be considered one of the most exciting or horrifying years in the technology industry. End-of-year statistics showed that the number of reported breaches in the business sector saw a 21% increase over the previous year, and headlines from all major news outlets were riddled with report...

2.5AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2017/12/01 5:16 p.m.13 views

She Powers Tech

November 28th at the Venetian in Las Vegas, AWS re:INVENT held an important session that could shape the future of technology. The sold-out session, SHE POWERS TECH: Women Supporting Women in Tech, filled a ballroom with 500 women in technology and a few men who were interested in the topic. The...

2.9AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2017/10/06 2:58 p.m.13 views

Blockchain: Are You Ready?

By now, most of us have heard of Bitcoin. Few of us really know the specifics about what that is. Fewer still have a workable or even cursory knowledge of the underlying technology that makes Bitcoin possible...

2.2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2017/09/12 4:19 a.m.13 views

Blueborne – Don’t Panic!

Here is what we know right now: Security company Armis recently released research identifying eight newly discovered vulnerabilities that exist in the wireless communications protocol Bluetooth, which could potentially affect a large percentage of the estimated 8.2 billion Bluetooth enabled...

2.5AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2017/07/12 5:49 p.m.13 views

Getting cert-y with all-5 AWS certs

I thought my recent experience achieving all five 5 AWS certs might be helpful to others in the community that are looking to do the same. However, this blog isnt meant to stand on its own, and I encourage everyone interested in going for all 5 certs to read other blogs posts too...

2.4AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2017/05/09 8:43 p.m.13 views

SOC 2 Type 1 and SOC 2 Type 2 Frequently Asked Questions

Coalfires SOC Practice Directors Dixon Wright and Jeff Cook recently conducted a webinar on AWS and SOC Reporting, What you need to know. The presentation provided a lot of good points that organizations should know or be prepared for regardless of the technology that is being used. Below you wil...

2.3AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2017/03/01 2:21 p.m.13 views

Cloud Burst?

The cloud can burst!? This weeks AWS service disruption showed us the importance of architecting a system to account for failure, and how to be successful when deploying your solution in the cloud...

3.4AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2017/02/02 10:49 a.m.13 views

FedRAMP Readiness Assessment Report (RAR) template launched

As part of the FedRAMP Accelerated process, cloud service providers CSPs can now complete a Readiness Assessment Report RAR to demonstrate their readiness for the FedRAMP process. The RAR is required for CSPs pursuing the FedRAMP JAB approval route. CSPs should also consider having a Readiness...

2.8AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2016/12/14 9:13 p.m.13 views

FedRAMP in Bloomberg

Recently Bloomberg Government published an article that describes the increasing awareness of the Federal Risk and Authorization Management Program FedRAMP as a major factor affecting the federal marketspace. The article indirectly indicates a major first-mover advantage, as there are "only 77...

0.8AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/10/19 12:11 p.m.13 views

EC Ruling Invalidates Safe Harbor - Now What?

In a ruling on October 7, 2015 the European Court of Justice ECJ invalidated the principal European component of the U.S.-E.U. Safe Harbor Framework when it ruled in Schrems v. Data Protection Commissioner. In the ruling the court said that the existing U.S.-EU Safe Harbor agreement, overseen by...

1.2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/10/01 5:3 p.m.13 views

WS2-Cybersecurity Fundamentals Workshop

2 day Workshop Saturday 17 October - Sunday 18 October, 9:00 a.m. - 5:00 p.m...

1.3AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/09/29 10:53 a.m.13 views

RFPs and Needs Assessments for Higher Education

In this blog post, I will be discussing RFP best practices for Higher Education Institutions. Having worked with higher education organizations for a number of years, Ive noticed some trends that could be useful as you and your department or institution head into another year of projects that may...

1.9AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/05/18 2:51 p.m.13 views

COSO Framework for Service Organizations and SOC Reporting (Part 3 of 3)

In part 1 of this series, we discussed the recent changes to the COSO framework and the overall impact that the updated framework has on service organizations that receive Service Organization Controls SOC reports...

1.5AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/04/15 1:16 p.m.13 views

PCI DSS version 3.1 released!

As expected, a "minor" revision to the PCI DSS 3.0 standard now version 3.1 was released by the PCI SSC today to address the vulnerabilities exposed by the POODLE and BEAST browser attacks. PCI DSS 3.1 primarily addresses the insecure use of SSL as an encryption protocol within a Cardholder Data...

1.8AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/02/24 12:31 p.m.13 views

COSO Framework for Service Organizations and SOC Reporting (Part 1 of 3)

One of the most important reference tools that companies use to establish and evaluate their internal controls is the Committee of Sponsoring Organizations COSO Internal Control - Integrated Framework. Initially published in 1992 the 1992 Framework, the COSO framework has been the most widely use...

3AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/02/09 11:13 a.m.13 views

Emerging Payment Technologies and Due Diligence: A Warning about “Silver Bullets”

2015 will be an exciting year for the payments industry, especially for merchants that now have a number of new payment technologies at their disposal. Emerging payment technologies such as Point-to-Point-Encryption P2PE, Tokenization, EMV/Chip and Signature and Mobile Payment Acceptance are...

1.1AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/01/15 9:15 a.m.13 views

Their Claim to Fame – So-Called HIPAA-Compliance Experts and Tools

Have you noticed how many vendors and software solutions are out there claiming they can make you HIPAA-compliant? Well, at the end of the day thats simply not possible because only you can make your organization HIPAA-compliant. I came up with a list of "red flags" that I typically see from...

2.4AI score
Exploits0
Total number of security vulnerabilities603