The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique IT GRC issues that impact the industries we serve, including RetailFinancial Services, Healthcare, Higher Education, Software, Government and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.


  • Social Engineering- Beyond the Baseline

    December 15, 2014, Brandon Edmunds, Senior Security Consultant, Coalfire Labs

    Brandon Edmunds

    Coalfire Labs does a lot of Social Engineering testing. Traditional Social Engineering testing involves a mundane process of taking a sample of a population and then attacking those “targets” with some pretext calls or a phishing email in order to obtain credentials. Metrics are recorded and then reported back in some form of a deliverable, usually a report. As an example, in a standard Social Engineering engagement, we had a Pretext Calling campaign that included a target selection of 10 users. We made 10 phone calls and talked three of the targeted people out of their passwords. Read More

    Posted in: engineering, labs, social engineering, test, testing | 0 Comments

  • Law Firm - Forensics Services

    December 11, 2014, Jennifer Velnoskey, Regional Sales Director

    Jennifer Velnoskey

    As cyber threats and attacks have increased year over year, Coalfire has seen a drastic increased need for support to law firms in cybersecurity cases.  Attacks and threats vary so often, many law firms lack the skills required to properly evaluate cyber-attacks involving their clients. As such law firms across the nation are looking to partner with skilled cybersecurity companies to provide expert testimony, litigation consulting, and support related to cases involving cyber-attacks. Read More

    Posted in: cyber attacks, cyber threats, forensics, hack, interview, labs, law firms, legal, Risk | 0 Comments

  • Top 10 Cybersecurity Predictions for 2015

    December 09, 2014, Rick Dakin, CEO, Co-founder and Chief Security Strategist

    Rick Dakin

    Fueled by cybercrime, cyber warfare, and cyber terrorism, the cost of cybersecurity and risk management will double in 2015. That’s the bad news. The good news is there will be a shift to cyber offense that will begin to stem the tide of cyber threats. Read More

    Posted in: cyberchrime, Risk | 0 Comments

  • Beep Beep, I'm Your Car

    November 24, 2014, Nick Nam, Senior Penetration Tester, Coalfire Labs

    Nick Nam

    Thus far we’ve demonstrated two separate vulnerabilities that may be used to obtain a shell on the vehicle.  The obvious question is then, what now? What can one actually do with this access?  It’s at this point that we look to the work Charlier Miller, et al. have done with CAN bus manipulation/exploitation.  Suddenly all of those threats and demonstrations published in papers, news articles, and TV spots become real-world, remote exploits.  In order to send messages to physical car components, without physical access, we need a way to send CAN messages.  The CAN, or the Controller Area Network bus, is very simple, broadcast-based protocol that allows microcontrollers to communicate.  This is how all of the Transmission Control Units (TCU) in your vehicle send and receive messages. Read More

    Posted in: appsec, automotive, hacking, labs, pentesting, risk, vulnerability | 0 Comments

  • Apple Pay and PCI Compliance

    November 20, 2014, Matt Getzelman, PCI Practice Director

    Matt Getzelman

    A year ago, many retail cybersecurity discussions began and ended with PCI compliance. Today, after a gut-wrenching 10 months of data breaches stretching from mom-and-pop shops to category-leading brands, the discussions are broader, the risks are better understood and every link in the customer data chain is coming under newfound scrutiny. Read More

    Posted in: Payments | 0 Comments

  • Displaying results 1-5 (of 153)
     |<  < 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10  >  >| 
Follow us to get the latest updates.