The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government, Restaurants, and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.


  • AICPA Releases New SOC 2 Guide – What You Need to Know

    April 16, 2018, Jeff Cook, Principal, SOC Practice, Coalfire

    In March 2018, the American Institute of Certified Public Accountants (AICPA) released its highly anticipated new System and Organization Controls 2 (SOC 2) guide, which includes information for the extant (2016) trust services principles and the new (2017) trust services criteria. The following is a summary of some key highlights in the new guide, what changed, and what to expect for future SOC 2 efforts.

    Read more
  • Amanda Mesler of Microsoft Addresses the Women of Coalfire

    April 09, 2018, Anne Bayerkohler, Director, Commercial Services, Coalfire

    Last month RISE, Coalfire’s association of women in cybersecurity and leadership, welcomed our inaugural guest speaker, Amanda Mesler, General Manager of Microsoft Central and Eastern Europe. I had the great fortune to interview her and lead a discussion with our members.

    Read more
  • Sleuthing the Cloud: The Challenges of Forensics in Cloud Environments

    April 04, 2018, Robert Meekins, Director, Forensics, Coalfire

    More and more companies are embracing Cloud computing for the practicality, efficiency, and economy of outsourcing the housing, maintenance, and monitoring of applications and their associated infrastructure to a third-party provider. As the Cloud becomes more the norm than the exception, there is no lack of choices: Providers such as Amazon (AWS), Microsoft, IBM, and countless others are providing a variety of solutions, from e-commerce sites that process payments and credit cards, to developmental networks used to test and configure operational assets.

    Read more
  • Background Checks on AIs and Other Challenges in the PCI World

    April 01, 2018, Dan Stocker, Practice Director, Payments, Cloud & Tech

    Coalfire has noted a number of leading-edge technological challenges for enterprises managing the rapid pace of innovation while also aiming for PCI compliance. We'd like to review our recent experience and offer suggestions for these comparatively novel situations.

    Read more
  • A Good Shell Is Hard to Choose

    March 26, 2018, Killian Ditch, Senior Consultant, Labs

    I had the recent opportunity to speak at BSides SLC, held on the Sandy campus of Salt Lake Community College. I tailored my presentation to the student demographic and chose to talk about one of the fundamental concepts that a penetration tester must understand: types of shells. I touched on the differences between simple shell interaction and a full-featured terminal and then launched into a discussion focusing on web shells. Following the theory conversation, I demonstrated how control over a server could be established by exploiting a file inclusion vulnerability and default credentials to deploy two different web shells, each adapted for the particular platform.

    Read more
  • Displaying results 36-40 (of 313)
     |<  <  4 - 5 - 6 - 7 - 8 - 9 - 10 - 11 - 12 - 13  >  >| 

Recent Posts

Post Topics

Archives

Tags