The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique IT GRC issues that impact the industries we serve, including RetailFinancial Services, Healthcare, Higher Education, Software, Government and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.


  • Apple Pay and PCI Compliance

    November 20, 2014, Matt Getzelman, PCI Practice Director

    Matt Getzelman

    A year ago, many retail cybersecurity discussions began and ended with PCI compliance. Today, after a gut-wrenching 10 months of data breaches stretching from mom-and-pop shops to category-leading brands, the discussions are broader, the risks are better understood and every link in the customer data chain is coming under newfound scrutiny. Read More

    Posted in: Payments | 0 Comments

  • Coalfire Interview with Matt Goodrich of FedRAMP PMO

    November 14, 2014, Rob Barnes, Director, Federal Practice

    Rob Barnes

    FedRAMPcentral from Coalfire is publishing an exclusive interview series with FedRAMP Director Matt Goodrich. This is the first in a series of interviews on the future plans for the FedRAMP program, answers from Matt to frequently asked questions from CSPs and recommendations for those pursuing FedRAMP. Read More

    Posted in: federal, fedramp, fisma, gsa | 0 Comments

  • Reverse Shells and Your Car

    November 10, 2014, Nick Nam, Senior Penetration Tester, Coalfire Labs

    Nick Nam

    This is the second post in a series about automotive infotainment system vulnerabilities and attack vectors.  In the last post, we demonstrated how a mobile phone can be used as an attack vector to compromise an infotainment unit through manipulating the address book synchronization used by the system.  In this post, we explore how it could be possible to get a shell on the system, and how to deliver messages outside the infotainment system onto the CAN bus. Read More

    Posted in: appsec, automotive, GRC, hacking, labs, pentesting, Risk | 0 Comments

  • The PCI Enforcement Hammer is Ready to Drop

    October 31, 2014, Rick Dakin, CEO, Co-founder and Chief Security Strategist

    Rick Dakin

    The time for nervous anticipation for PCI breach response is over …. VISA has issued dramatic PCI Data Security Standard Compliance enforcement guidance for Level 1 and 2 merchants and all Service Providers.  Effective January 1st, 2015, noncompliance costs will be applied sooner and will escalate quicker.  For many merchants and service providers looking for a reason to improve compliance just got one.  The cost for noncompliance will easily hit $250,000 for many small and mid-sized merchants and service providers. Read More

    Posted in: Payments, PCI, Visa | 0 Comments

  • Truth is SCARIER than Fiction Redux

    October 30, 2014, Mike Weber, Managing Director, Coalfire Labs

    Mike Weber

    Yes... To be honest, although we really do some neat stuff here at Coalfire Labs that can be pretty scary, I’ve got to give a shout out to “reality” for being even scarier than any emulated attack we could possibly develop.  The astounding number of data breaches announced this year is just shocking, really.  It really felt like there was a new one every month.  As it turns out, there was!  Even more than that on average, as we’ve had at least 14 of them over a 10 month span. Read More

    Posted in: cloud, credit cards, cybersecurity, danger, hacking, Halloween, keylogging, labs, password, penetration, retail, risk, security, theft | 0 Comments

  • Displaying results 1-5 (of 149)
     |<  < 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10  >  >| 
Follow us to get the latest updates.