The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government, Restaurants, and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.


  • Common Questions and Answers Salesforce ISVs Need to Know for FedRAMP

    July 09, 2018, David Clevenger, Senior Director FedRAMP Assessment Services, Coalfire

    Many Salesforce Independent Software Vendors (ISVs) are interested in pursuing FedRAMP to serve federal customers, but have many questions about the process. The four questions below are the most common questions that Coalfire receives from these ISV partners; we have provided some basic responses to help provide a better understanding of the Salesforce FedRAMP process.

    Read more
  • Executing Meterpreter on Windows 10 and Bypassing Antivirus

    June 26, 2018, Esteban Rodriguez, Consultant, Coalfire Labs, Coalfire

    One of my Labs colleagues recently published an article on the Coalfire Blog about executing an obfuscated PowerShell payload using Invoke-CradleCrafter. This was very useful, as Windows Defender has upped its game lately and is now blocking Metasploit’s Web Delivery module. I wanted to demonstrate an alternate way to achieve the same goal, without dropping any files on the host system while providing more options depending on what ports can egress the network.

    Read more
  • The CMS Allows Health Plans to Host Their Own Enrollment Applications for Improved Consumer Experience

    June 26, 2018, Andrew Williams, Product Director, Coalfire

    As part of the ongoing implementation of the Affordable Care Act (ACA), the Centers for Medicare and Medicaid Services (CMS) recently began permitting direct enrollment entities (qualified health plan issuers and web-brokers) to host their own enrollment applications on their websites instead of proxying enrollment interactions to Healthcare.gov. This is an optional program called Enhanced Direct Enrollment (EDE), which will go into effect during the open enrollment period for PY 2019.

    Read more
  • The Threats That Are Your Weakest Link

    June 25, 2018, Mike Weber, Vice President, Coalfire Labs

    Coalfire published the latest report in its Securealities series, The Penetration Risk Report, and it’s based on findings from Coalfire penetration tests. It includes data drawn from engagements with businesses of all sizes, spanning financial services, retail, healthcare, and technology/cloud service providers. Some findings were contrary to current accepted wisdom on cybersecurity while other findings confirmed long held notions for others.

    Read more
  • IoT Discussion at the Leidos Supplier Innovation & Technology Symposium

    June 12, 2018, Abel Sussman, Senior Project Manager, Commercial Services, Coalfire

    Coalfire was asked to participate on a technical panel about the Internet of Things (IoT) at the Leidos Supplier Innovation & Technology Symposium on June 6. This event is a dynamic day enabling Leidos’ largest suppliers as well as targeted start-ups to showcase their offerings and capabilities to a diverse set of federal leaders and key contractors.

    Read more
  • Displaying results 6-10 (of 304)
     |<  <  1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10  >  >| 

Recent Posts

Post Topics

Archives

RSS Feed

The Coalfire BlogSubscribe to Feed
Chrome users will need to install RSS Subscription Extension (by Google)

Tags