The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government, Restaurants, and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.


  • Waiting, Waiting, Waiting... Is There a Right Time for Breach Notification?

    September 28, 2018, Andrew Brosman, Consultant, Cyber Risk Advisory

    Recently, a popular online retailer revealed a month-long data breach. Card-skimming code was found capturing customer credit card data from the payment page of its website and sending that data to what appeared to be a legitimate server (with a similar domain name and a valid HTTPS certificate). The company has not yet determined which customer accounts may have been affected, so the extent of the damage is yet to be determined.

    Read more
  • The Dangers of Client Probing on Palo Alto Firewalls

    August 15, 2018, Esteban Rodriguez, Consultant, Coalfire Labs, Coalfire

    While performing a routine internal penetration test, I began the assessment by running Responder in analyze mode just to get an idea of what was being sent over broadcast. Much to my surprise, I found that shortly after running it, a hash was captured by Responder’s SMB listener. 

    Read more
  • Our Analysis: Gartner’s Hype Cycle for Risk Management, 2018

    August 08, 2018, Bob Post, Senior Practice Director, Cyber Risk Advisory, Coalfire

    For those of us charged with managing cyber risk as well as planning and budgeting for cybersecurity, the Gartner “Hype Cycle for Risk Management, 2018” provides some helpful perspectives that are useful in setting both priorities and expectations.

    Read more
  • New SEC Cyber Risk Disclosure Guidance: What Does It Mean for Public Companies?

    February 28, 2018, Nick Son, Vice President, Cyber Risk Services, Coalfire

    On February 21, the U.S. Securities and Exchange Commission (SEC) issued the long overdue cybersecurity interpretive guidance to address the methods and timing of cybersecurity risks and incidents disclosures. To signify the importance of this updated guidance, five SEC commissioners issued the guidance. The new guidance does not change any of the existing SEC rules, but it does address two new topics.

    Read more
  • The Spectre of Chips on Meltdown

    January 05, 2018, Victor Teissler, Security Associate, Coalfire

    The news is rife with emerging details of Intel and other chip vulnerabilities and the hardware bugs that can potentially exploit them. While details are still developing and will likely continue to be uncovered in the days, weeks, and even months ahead, we will explore what is known to date.

    Read more
  • Displaying results 1-5 (of 49)
     |<  < 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10  >  >| 

Recent Posts

Post Topics

Archives

Tags