-
The Ghosts Inside - Horror Stories 2015
October 26, 2015, Joseph Hesse, Director of Penetration Testing
By 8 p.m. the donuts from the previous day had gone stale, what was left of them anyway. There was the eerie feeling of spirits in the night mist tonight. It was late October and the chill was thick with Halloween. You could smell it in the haze. I consider myself quite tough, but when you are a ghost it’s always a little… spooky.
Read more
-
Breaching a bank in 20 minutes - Horror Stories 2015
October 26, 2015, Ryan MacDougall, Sr. Security Consultant
I arrived onsite to suite #102 (the bank’s corporate headquarters) around 9:40 a.m. I was impersonating a local utility worker – with all the garments like a hardhat, clipboard, obnoxious yellow vest, and some old Timberland work boots. I played the part well.
Read more
-
The 100 Million Dollar Getaway - Horror Stories 2015
October 26, 2015, Price McDonald, Director Labs Professional Services
In today's security landscape, companies face daily threats to their reputation and intellectual property. The typical response to these threats is to purchase a tool or a service claiming to be a magical silver bullet that can respond to all "cyber" threats. In reality, the quest for a security silver bullet is a fool's errand, and any solid security program will revolve around continuous evaluation and training against emerging threats.
Read more
-
The Clock is ticking for EU and US to Negotiate New Safe Harbor Deal: What You Can Do to Stay Out of Legal Limbo
October 22, 2015, John Rostern, VP, Technology Advisory and Assessment Services
European authorities have given the European Union and US officials three months to come up with an alternative to the Safe Harbor agreement after the European Court of Justice (ECJ) declared Safe Harbor laws invalid earlier this month. The new agreement must protect the personal data of European citizens from ‘massive and indiscriminate surveillance conducted by the U.S. government’, the authorities said. These actions were ruled incompatible with EU law in an Oct. 6 decision by the ECJ.
Read more
-
EC Ruling Invalidates Safe Harbor - Now What?
October 19, 2015, John Rostern, VP, Technology Advisory and Assessment Services
In a ruling on October 7, 2015 the European Court of Justice (ECJ) invalidated the principal European component of the U.S.-E.U. Safe Harbor Framework when it ruled in Schrems v. Data Protection Commissioner. In the ruling the court said that the existing U.S.-EU Safe Harbor agreement, overseen by the U.S. Federal Trade Commission (FTC), is flawed in that it allows the U.S. government access to online information related to citizens of the European Union (EU).
Read more
-
Audio Video Media Forensics
October 13, 2015, Brian Prendergast, Senior Consultant, Cyber Risk Advisory - Forensics, Coalfire
Our media forensics practice is a fast growing part of Coalfire. We’re often asked what we can do, and this post is intended to be a quick primer to provide some background if you’re in need of this service and what you can expect from us and others in the field.
Read more
-
Coalfire Contributes to New Book on Cybersecurity
October 12, 2015, Larry Jones, CEO
Today marks the launch of a new book published by the New York Stock Exchange and Palo Alto Networks called, "Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers." I’m proud to have worked with my predecessor, the late Rick Dakin, to contribute a chapter to this book, which provides boards, executives, and officers at enterprises, government agencies, and other organizations with useful, expert advice on how to best protect their businesses from cyberattacks.
Read more
-
Report from the PCI SSC North American Community Meeting
October 08, 2015, Joseph Tinucci, Senior Director, Managed Services
The Payment Card Industry Security Standards Council held their 2015 North American Community Meeting this year in Vancouver, BC, from September 29 – October 1. Coalfire was well represented at the meeting, with Dan Fritsche, Managing Director, Application Security, making two presentations at the event (Point-to-Point Encryption and Securing Virtual Payments). Since I was also there, and I am a guest blogger for the Treasury Institute for Higher Education’s PCI DSS blog, I posted about the PCI DSS trends that I observed at the meeting.
Read more
-
WS2-Cybersecurity Fundamentals Workshop
October 01, 2015, Justin Orcutt, Regional Sales Manager
(2 day Workshop) Saturday 17 October - Sunday 18 October, 9:00 a.m. – 5:00 p.m.
Read more
-
Chip Cards Finally Come to America – But What Does it Mean for Merchants and Consumers?
October 01, 2015, Andrew Barratt, Managing Director, Europe
Like it or not, today the U.S. finally adopts EMV technology. While the implementation by most major retailers and large U.S. banks is expected to be delayed, the “chip and PIN” card types are coming to America to stay.
The real debate is, will EMV adoption do anything for card data security?
Andrew Barratt, Coalfire’s Managing Director of Europe, explained some lessons learned from the United Kingdom. He sat down with John Rostern, executive vice president, to discuss the EMV liability shift.
Read more