1. Home
  2. Blog
  3. October 2015

The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government, Restaurants, and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.

  • The Ghosts Inside - Horror Stories 2015

    October 26, 2015, Joseph Hesse, Director of Penetration Testing

    By 8 p.m. the donuts from the previous day had gone stale, what was left of them anyway. There was the eerie feeling of spirits in the night mist tonight. It was late October and the chill was thick with Halloween. You could smell it in the haze. I consider myself quite tough, but when you are a ghost it’s always a little… spooky.

    Read more

  • Breaching a bank in 20 minutes - Horror Stories 2015

    October 26, 2015, Ryan MacDougall, Sr. Security Consultant

    I arrived onsite to suite #102 (the bank’s corporate headquarters) around 9:40 a.m. I was impersonating a local utility worker – with all the garments like a hardhat, clipboard, obnoxious yellow vest, and some old Timberland work boots. I played the part well.

    Read more

  • The 100 Million Dollar Getaway - Horror Stories 2015

    October 26, 2015, Price McDonald, Director Labs Professional Services

    In today's security landscape, companies face daily threats to their reputation and intellectual property.  The typical response to these threats is to purchase a tool or a service claiming to be a magical silver bullet that can respond to all "cyber" threats.  In reality, the quest for a security silver bullet is a fool's errand, and any solid security program will revolve around continuous evaluation and training against emerging threats.

    Read more

  • The Clock is ticking for EU and US to Negotiate New Safe Harbor Deal: What You Can Do to Stay Out of Legal Limbo

    October 22, 2015, John Rostern, VP, Technology Advisory and Assessment Services

    European authorities have given the European Union and US officials three months to come up with an alternative to the Safe Harbor agreement after the European Court of Justice (ECJ) declared Safe Harbor laws invalid earlier this month.  The new agreement must protect the personal data of European citizens from ‘massive and indiscriminate surveillance conducted by the U.S. government’, the authorities said.  These actions were ruled incompatible with EU law in an Oct. 6 decision by the ECJ.

    Read more

  • EC Ruling Invalidates Safe Harbor - Now What?

    October 19, 2015, John Rostern, VP, Technology Advisory and Assessment Services

    In a ruling on October 7, 2015 the European Court of Justice (ECJ) invalidated the principal European component of the U.S.-E.U. Safe Harbor Framework when it ruled in Schrems v. Data Protection Commissioner.  In the ruling the court said that the existing U.S.-EU Safe Harbor agreement, overseen by the U.S. Federal Trade Commission (FTC), is flawed in that it allows the U.S. government access to online information related to citizens of the European Union (EU).

    Read more

  • Audio Video Media Forensics

    October 13, 2015, Brian Prendergast, Forensic Consultant, Coalfire Labs

    Our media forensics practice is a fast growing part of Coalfire.  We’re often asked what we can do, and this post is intended to be a quick primer to provide some background if you’re in need of this service and what you can expect from us and others in the field.

    Read more

  • Coalfire Contributes to New Book on Cybersecurity

    October 12, 2015, Larry Jones, CEO

    Today marks the launch of a new book published by the New York Stock Exchange and Palo Alto Networks called, "Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers." I’m proud to have worked with my predecessor, the late Rick Dakin, to contribute a chapter to this book, which provides boards, executives, and officers at enterprises, government agencies, and other organizations with useful, expert advice on how to best protect their businesses from cyberattacks.

    Read more

  • Report from the PCI SSC North American Community Meeting

    October 08, 2015, Joseph Tinucci, Senior Director, Managed Services

    The Payment Card Industry Security Standards Council held their 2015 North American Community Meeting this year in Vancouver, BC, from September  29 – October 1.  Coalfire was well represented at the meeting, with Dan Fritsche, Managing Director, Application Security, making two presentations at the event (Point-to-Point Encryption and Securing Virtual Payments).  Since I was also there, and I am a guest blogger for the Treasury Institute for Higher Education’s PCI DSS blog, I posted about the PCI DSS trends that I observed at the meeting.

    Read more

  • WS2-Cybersecurity Fundamentals Workshop

    October 01, 2015, Justin Orcutt, Regional Sales Manager

    (2 day Workshop) Saturday 17 October - Sunday 18 October, 9:00 a.m. – 5:00 p.m.

    Read more

  • Chip Cards Finally Come to America – But What Does it Mean for Merchants and Consumers?

    October 01, 2015, Andrew Barratt, Managing Director, Europe

    Like it or not, today the U.S. finally adopts EMV technology. While the implementation by most major retailers and large U.S. banks is expected to be delayed, the “chip and PIN” card types are coming to America to stay.

    The real debate is, will EMV adoption do anything for card data security?

    Andrew Barratt, Coalfire’s Managing Director of Europe, explained some lessons learned from the United Kingdom. He sat down with John Rostern, executive vice president, to discuss the EMV liability shift.

    Read more

Recent Posts

Post Topics

Archives

Show more

RSS Feed

The Coalfire BlogSubscribe to Feed
Chrome users will need to install RSS Subscription Extension (by Google)

Tags

2.0 3.0 access Agency AICPA Assessment assessments audit AWS AWS Certified Cloud Practitioner AWS Certs AWS Summit bitcoin Black Hat Black Hat 2017 blockchain Blueborne Breach BSides BSidesLV Burp BYOD Chertoff cloud Compliance credit cards C-Store Cyber cyber attacks Cyber Engineering Cyber Risk cyber threats cyberchrime cyberinsurance cybersecurity danger Dangers Data DDoS DevOps DFARS DFARS 7012 diacap diarmf Digital Forensics DoD DRG DSS e-banking Ed Education encryption engineering ePHI Equifax Europe EU-US Privacy Shield federal FedRAMP financial services FISMA Foglight forensics GDPR government GRC hack hacker hacking Halloween Health Healthcare heartbleed Higher Higher Education HIMSS HIPAA HITECH HITRUST HITRUST CSF Horror interview IoT ISO IT JAB JSON keylogging labs LAN law firms leadership legal legislation merchant mobile NESA News NH-ISAC NIST NIST 800-171 NIST SP 800-171 NotPetya NRF NYCCR O365 OCR of P2PE PA-DSS password passwords Payments PCI PCI DSS penetration Penetration Testing pentesting Petya/NotPetya PHI Phishing Phising policy POODLE PowerShell Presidential Executive Order Privacy program Ransomware Retail Risk RSA Safe Harbor scary security security. SOC SOC 2 social social engineering Spectre Splunk Spooky SSAE State Stories Story test Testing theft Virtualization Visa vulnerability Vulnerability management web Wifi wireless women XSS
Close