Lucene search
K
CoalfireRecent

603 matches found

The Coalfire Blog
The Coalfire Blog
added 2016/10/27 9:27 a.m.11 views

To [Hell] Shell and Back

My initial thought was it has to be the firewall keeping my reverse shell from getting out of their environment. So, leveraging the command execution vulnerability, I started testing outbound internet access from the vulnerable server to my server on the internet, only to find that the port I had...

0.1AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2016/10/25 8:18 a.m.17 views

How Twitter, Amazon, and others were impacted by last Friday's DDOS attack - and what you might want to do about it.

Our partner, Chertoff Group issued the following advisory. Client Advisory: October 21 distributed denial of service DDoS attack. A major distributed denial of service DDoS attack recently 10/21/16 disrupted Internet communications throughout parts of the United States in several waves, and there...

3.2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2016/10/03 2:39 p.m.12 views

What does the FBI have to say about ransomware

The FBI provided guidance on ransomware at a recent FBI/US Secret Service/ISAC event. They defined ransomware as a type of malware that is commonly transmitted through malicious email, which is disguised to look normal. Once the email link has been clicked on, or an email attachment has been...

6.8AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2016/09/22 5:34 p.m.12 views

The Cost of a FedRAMP Assessment from a 3PAO Perspective

FedRAMP.gov recently published a blog titled How Much Does It Cost to Go Through FedRAMP? As a FedRAMP Third Party Assessment Organization 3PAO, we wanted to provide additional factors for consideration for organizations that are evaluating or pursuing a FedRAMP authorization...

2.3AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2016/08/29 8:3 a.m.11 views

FedRAMP Prioritization

Coalfire has been participating in the American Council for Technology and the Industry Advisory Council ACT-IAC Cloud Computing community of interest in order to contribute in developing the new FedRAMP JAB Prioritization process...

1.8AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2016/08/22 1:39 p.m.10 views

Thoughts on BSides Las Vegas 2016

I recently attended "Infosec Week" in Vegas - Black Hat, BSides and DEFCON. BSides is a high point every year. This smaller Con has a plethora of perks which make it a "must attended" and also offers many of the same benefits or advantages or opportunities as Black Hat and DEFCON...

1.3AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2016/08/22 12:35 p.m.10 views

Best of Enterprise and AD Exploitation at Black Hat / DEFCON

Lots of hacks, lots of people, lots of content, and lots of parties. That basically sums up this years BlackHat and Defcon. The two conferences seem to get bigger every year with no sign of slowing down, which emphasizes how cybersecurity is becoming more and more of an issue for everyone:...

1.9AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2016/08/17 2:48 p.m.16 views

What is Defcon

The first year I attended, I was lucky enough to identify interesting wireless signals with a distinct sound - that of the POCSAG and FLEX protocols. Decoding these signals revealed party invites to the Telephreak party where I listened to raw, uncensored lightning talks covering topics from car...

0.9AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2016/08/17 1:20 p.m.9 views

Hacker Summer Camp – Recap of BSidesLV, Black Hat & Defcon

What a week! Hacker summer camp in Vegas was amazing! This was my first time through for all three of the conferences in Vegas - BSidesLV, Black Hat, and Defcon. Ive been to BSidesLV and Defcon plenty of times, but experiencing all of these back-to-back -to-back!, with a bit of overlap gives a...

1.2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2016/07/13 8:23 a.m.6 views

Sam Pfanstiel Appointed Director, Solution Architecture for Payments

Coalfire today announced Sam Pfanstiel has joined the company as the Director of Solution Architecture for Payments. Pfanstiels experience spans solution engineering and consulting as well as research and development positions...

1.8AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2016/07/13 8:15 a.m.11 views

Robert Flores Named Vice President of IT

Coalfire welcomes Robert Flores as the newest addition to the cybersecurity risk management and compliance service leaders leadership team as its Vice President of Information Technology. Flores has a proven track record of driving strategy for high-growth IT companies while managing billion-doll...

3AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2016/07/08 6:28 p.m.21 views

What you need to know: Navigating EU Data Protection changes – EU-US Privacy Shield and EU General Data Protection Regulation

If youre an organization with trans-Atlantic presence that transmits and stores European citizen data e.g. employee payroll & HR data, client & prospect data in the U.S. you will want to pay attention. What we will discuss was administered under the European Unions Data Protection Directive and a...

1.1AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2016/06/30 10:16 a.m.11 views

One Way to Boost Proactive Cybersecurity

Its clear from media articles that new CISOs need to make an immediate impact on their organizations security program in the first 90 days with action items such as "make a quarterly plan for the next year"...

3.8AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2016/06/29 11:3 a.m.18 views

Creating a Cyber Insurance Policy

According to research from PartnerRe and Advisen, the global cyber-insurance market is currently worth $2 billion a year, a number which is expected to double by 2020.With 60% of underwriters and brokers seeing a significant demand in cyber-insurance from customers, there is clearly a great...

1.4AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2016/06/28 10:58 p.m.20 views

FedRAMP High Baseline Requirements Published

The Federal Risk and Authorization Management Program FedRAMP Project Management Office officially released its High baseline for High impact-level systems. This baseline is at the High/High/High categorization level for confidentiality, integrity, and availability in accordance with FIPS 199; an...

1.4AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2016/05/24 1:9 p.m.16 views

AWS releases PCI DSS Quick Start for Deploying PCI DSS In-Scope Workloads

In the next step to help customers adopt their platform for PCI, Amazon Web Services AWS has released their PCI DSS Quick Start program. The PCI DSS Quick Start program is the next evolution of cloud providers developing tools for rapid deployment of standardized configurations to drive adoption ...

1.7AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2016/05/05 3:44 p.m.16 views

Coalfire goes to Washington!

Our CEO Larry Jones visited The White House Thursday morning to join with First Lady Michelle Obama and Dr. Biden in the celebration of the Joining Forces initiatives fifth-year anniversary and announce Coalfires pledge to hire and train veterans and military spouses...

2.9AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2016/04/04 5:6 p.m.13 views

What to Expect in the PCI 3.2 Update

A preview of new requirements and guidance expected later this month from the Payment Card Industry Security Standards Council was announced Thursday. The PCI DSS 3.2 version represents the first update to the standard that the Council has released since 3.1 in April 2015 and 3.0 in November of...

2.6AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2016/01/19 4:6 p.m.24 views

What You Need to Know From the Cybersecurity Act of 2015: Part One

On Dec. 18, 2015, President Obama signed into law an omnibus spending bill that included the Cybersecurity Act of 2015 "The Act". The Act was a compromise of cybersecurity information sharing bills that passed the House and Senate earlier in 2015. It creates a voluntary process for sharing...

1.6AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2016/01/07 11:12 a.m.21 views

PCI Council Gives Merchants Reprieve on PCI 3.1 Updates

The Payment Card Industry Security Standards Council PCI SSC released an update to its vulnerability standards and is giving merchants until June 2018 to migrate their security protocols, even though waiting is not recommended...

1.4AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/12/10 11:35 a.m.6 views

2016 Cybersecurity Predictions

The lessons learned from this past year teach us that no one is immune to cyber threats. The sooner corporate boards and executives come to understand that cybersecurity breaches are a very real and pervasive threat; then the hard work can begin to take preemptive measures and prepare an...

4.3AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/11/19 1:19 p.m.11 views

Highlights from the HITRUST Health Industry Third Party Assurance Summit

On June 29, 2015, the Health Information Trust Alliance HITRUST announced that several massive payer organizations, including Anthem, Health Care Services Corp., Highmark, Humana, and UnitedHealth Group will require their business associates to obtain CSF certification. While this is old news,...

1.6AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/10/26 11:34 a.m.9 views

The Ghosts Inside - Horror Stories 2015

By 8 p.m. the donuts from the previous day had gone stale, what was left of them anyway. There was the eerie feeling of spirits in the night mist tonight. It was late October and the chill was thick with Halloween. You could smell it in the haze. I consider myself quite tough, but when you are a...

0.2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/10/26 11:29 a.m.15 views

Breaching a bank in 20 minutes - Horror Stories 2015

I arrived onsite to suite 102 the banks corporate headquarters around 9:40 a.m. I was impersonating a local utility worker - with all the garments like a hardhat, clipboard, obnoxious yellow vest, and some old Timberland work boots. I played the part well...

2.2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/10/26 10:37 a.m.16 views

The 100 Million Dollar Getaway - Horror Stories 2015

In todays security landscape, companies face daily threats to their reputation and intellectual property. The typical response to these threats is to purchase a tool or a service claiming to be a magical silver bullet that can respond to all "cyber" threats. In reality, the quest for a security...

0.3AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/10/22 9:18 a.m.15 views

The Clock is ticking for EU and US to Negotiate New Safe Harbor Deal: What You Can Do to Stay Out of Legal Limbo

European authorities have given the European Union and US officials three months to come up with an alternative to the Safe Harbor agreement after the European Court of Justice ECJ declared Safe Harbor laws invalid earlier this month. The new agreement must protect the personal data of European...

2.1AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/10/19 12:11 p.m.12 views

EC Ruling Invalidates Safe Harbor - Now What?

In a ruling on October 7, 2015 the European Court of Justice ECJ invalidated the principal European component of the U.S.-E.U. Safe Harbor Framework when it ruled in Schrems v. Data Protection Commissioner. In the ruling the court said that the existing U.S.-EU Safe Harbor agreement, overseen by...

1.2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/10/13 10:10 a.m.11 views

Audio Video Media Forensics

Our media forensics practice is a fast growing part of Coalfire. Were often asked what we can do, and this post is intended to be a quick primer to provide some background if youre in need of this service and what you can expect from us and others in the field...

5.1AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/10/12 12:39 p.m.12 views

Coalfire Contributes to New Book on Cybersecurity

Today marks the launch of a new book published by the New York Stock Exchange and Palo Alto Networks called, "Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers." Im proud to have worked with my predecessor, the late Rick Dakin, to contribute a chapter to th...

3.2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/10/08 3:32 p.m.13 views

Report from the PCI SSC North American Community Meeting

The Payment Card Industry Security Standards Council held their 2015 North American Community Meeting this year in Vancouver, BC, from September 29 - October 1. Coalfire was well represented at the meeting, with Dan Fritsche, Managing Director, Application Security, making two presentations at th...

0.6AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/10/01 5:3 p.m.13 views

WS2-Cybersecurity Fundamentals Workshop

2 day Workshop Saturday 17 October - Sunday 18 October, 9:00 a.m. - 5:00 p.m...

1.3AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/10/01 4:31 p.m.6 views

Chip Cards Finally Come to America – But What Does it Mean for Merchants and Consumers?

Like it or not, today the U.S. finally adopts EMV technology. While the implementation by most major retailers and large U.S. banks is expected to be delayed, the "chip and PIN" card types are coming to America to stay. The real debate is, will EMV adoption do anything for card data security?...

1.7AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/09/29 10:53 a.m.13 views

RFPs and Needs Assessments for Higher Education

In this blog post, I will be discussing RFP best practices for Higher Education Institutions. Having worked with higher education organizations for a number of years, Ive noticed some trends that could be useful as you and your department or institution head into another year of projects that may...

1.9AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/09/22 11:52 a.m.10 views

DerbyCon is right around the corner (Sept. 23 - 25)

DerbyCon is right around the corner Sept. 23 - 25 and we wanted to highlight two sessions that Coalfire Labs team members will be presenting...

2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/09/16 8:57 a.m.10 views

Coalfire Receives Investment from The Carlyle Group and The Chertoff Group

Im pleased to announce that we recently closed on a significant investment from The Carlyle Group and The Chertoff Group - two prestigious investment groups that both have extensive experience in the cybersecurity space. The selection of these two firms came after an extensive six-month process o...

2.5AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/09/09 12:13 p.m.19 views

A huge applause from the NIST-OCR-HIPAA 2015 conference

It looked like the 8th annual conference may have garnered record-breaking attendance as I noticed hotel staff rushing to add skirted tables and chairs to the back of the room to accommodate a standing-room-only crowd. I guess that was to be expected given the star-studded line-up of presenters...

1.9AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/07/22 2:53 p.m.11 views

Guest blog: PCI audits and how to recognize a good QSA auditor and partner

Many organizations approach a PCI audit with fear and trepidation. There are a lot of stories out there about how difficult, expensive and disruptive a PCI audit can be, but I want to see if I can add some balance to this view. I believe that when it comes to a PCI auditor it matters a great deal...

2.7AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/07/13 1:50 p.m.8 views

PCI Scope Assessments for Higher Education Institutions

With the release of PCI DSS version 3.0 and more recently 3.1, many Higher Education Institutions have found it hard to know which SAQs they should be filling out since there are now nine options. Higher Education Institutions have very complex merchant card environments and with the new...

1.7AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/07/10 8:42 a.m.14 views

What the PCI Council’s Point-to-Point-Encryption (P2PE) Update Means for You

Last week, the PCI Security Standards Council PCI SSC published the updated P2PE v2.0 standard. The Summary of Changes from v1.1 to v2.0, the updated P2PE Glossary and the PIM template are available in the PCI SSC documents library. According to the announcement, the highlights of the new version...

0.6AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/07/01 3:16 p.m.15 views

Banking with digital currency - A futuristic application

Digital Currency is a thing? $3 Billion dollars USD of money is out there in a digital format, not printed or managed by a government. It has many different product names and each one operates separately. One example of a digital currency is Bitcoin. It is only one of the many digital currencies...

1.7AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/06/25 5:26 p.m.8 views

Funeral Services for Rick Dakin

The funeral for Rick Dakin will be held on Tuesday, June 30 at 10 a.m. at the Gatehouse Lionsgate, located at 1055 South 112th Street, Hwy 287, Lafayette, CO 80026. Arrangements are being made through the Crist Mortuary in Boulder, Colorado. An online memorial page and guestbook will be set up...

1AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/06/22 9:57 p.m.16 views

In Memory of Our Friend, Rick Dakin

We are deeply saddened to announce that our founder and CEO Rick Dakin passed away suddenly over the weekend...

2.5AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/06/22 6:4 p.m.15 views

Is penetration testing required for HIPAA compliance?

In this blog post were going to focus our discussion on the technical requirement part of this standard. The evaluation is supposed to establish the extent to which a covered entitys or business associates security policies and procedures meet the requirements of the HIPAA Security Rule. A questi...

0.6AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/06/04 3:21 p.m.11 views

P2PE in Higher Education--Reducing Applicable Controls

Point to Point Encryption P2PE is the hottest topic in the PCI world right now and many of our Higher Education clients are anxious to take advantage of the solutions available to them. However, with 2.0 not yet released, and then the subsequent release of the audit guidelines, there are many...

0.2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/06/03 4:0 p.m.9 views

Final HITECH Act Stage 3 Meaningful Use Rules May Require Annual Risk Analysis plus a Risk Management Component

The comments are in and the HHS is scrambling to review them all before they issue the final Stage 3 Meaningful Use rules later this summer. Comments from entities such as CHIME and HIMSS represent good news and bad news for healthcare providers, depending on how you look at it. The HIPAA Securit...

0.7AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/05/29 3:26 p.m.10 views

Big news from the HITRUST 2015 conference: The HITRUST CSF is gaining momentum as the de facto framework amongst healthcare organizations

As the HITRUST 2015 conference in Grapevine, Texas ended, I was reminded of the numerous predictions that flagged 2015 the year of the healthcare breach. And in just the first half of the year weve already witnessed three mega breaches that combined to compromise over 90 million patient records. ...

2.5AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/05/18 2:51 p.m.12 views

COSO Framework for Service Organizations and SOC Reporting (Part 3 of 3)

In part 1 of this series, we discussed the recent changes to the COSO framework and the overall impact that the updated framework has on service organizations that receive Service Organization Controls SOC reports...

1.5AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/05/15 3:27 p.m.11 views

Evolving Financial Services Security Requirements: Part 1

Through the end of the year, the New York State Department of Financial Services NYSDFS, or DFS for short, expects to proceed with a number of initiatives to help strengthen cybersecurity at its regulated companies. Among these changes will be integration of regular, targeted assessments of...

3AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/04/30 8:16 a.m.9 views

Reporting LIVE from the HIMSS 2015 Cybersecurity Command Center

Well, its not exactly live anymore but it certainly was worth tweeting live from the brand new Cybersecurity Command Center CCC at HIMSS 2015 in Chicago a couple weeks ago given all the excitement. The CCC was the place to be at HIMSS this year with standing room only at the educational sessions...

1.8AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2015/04/28 10:44 a.m.11 views

Upcoming Podcast: Python security projects

Join Coalfire penetration tester Dan McInerney on Thursday April 30th at 6:00pm ET on the Security Weekly Podcast...

2.3AI score
Exploits0
Total number of security vulnerabilities603