Collaborate Disseminate
Coalfire released its fourth annual Securealities Penetration Risk Report which analyzes enterprise and cloud service providers (CSPs) internal and external attack vectors, application development and mobile app security, social engineering and phishin… Continue reading Risk management focus shifts from external to internal exposure
NightDragon and Coalfire announced a partnership to advance the maturity of NightDragon’s portfolio companies around key cybersecurity and compliance requirements, including FedRAMP. Backed by Coalfire’s expertise, NightDragon companies wil… Continue reading NightDragon partners with Coalfire to accelerate portfolio compliance and cybersecurity readiness
The two security pros who were arrested for doing their job are still angry. Gary DeMurcurio and Justin Wynn, who work as penetration testers for Colorado-based security firm Coalfire Labs, were charged with burglary in September 2019 after they broke into an Iowa courthouse. Unlike in a typical break-in, though, Iowa state officials had hired DeMercurio and Wynn to test the courthouse’s defenses, then alert the authorities about any vulnerabilities that actual thieves may try to exploit. While prosecutors eventually dropped charges against the two pen-testers, the case made national headlines and highlighted the risks that security professionals take as part of their employment. Now, DeMercurio and Wynn are breaking their silence with a presentation at Black Hat, the virtual cybersecurity conference where they plan to detail their experience, and may delve into how performative security tactics, like arresting people without grounds, doesn’t actually solve anything. “The citizens of Iowa […]
The post The long-lasting consequences of Coalfire’s Iowa pentest fiasco appeared first on CyberScoop.
Continue reading The long-lasting consequences of Coalfire’s Iowa pentest fiasco
The COVID-19 pandemic has made it harder for banks to trace the source of payment card data stolen from smaller, hacked online merchants. On the plus side, months of quarantine have massively decreased demand for account information that thieves buy and use to create physical counterfeit credit cards. But fraud experts say recent developments suggest both trends are about to change — and likely for the worse. Continue reading COVID-19 ‘Breach Bubble’ Waiting to Pop?
A roundup of UK focused cyber and information security news stories, blog posts, reports and threat intelligence from the previous calendar month, January 2020.After years of dither and delay the UK government finally nailed its colours to the mast, no… Continue reading Cyber Security Roundup for February 2020
On Sept. 11, 2019, two security experts at a company that had been hired by the state of Iowa to test the physical and network security of its judicial system were arrested while probing the security of an Iowa county courthouse, jailed in orange jumps… Continue reading Iowa Prosecutors Drop Charges Against Men Hired to Test Their Security
Coalfire, a trusted provider of cybersecurity assessment and advisory services, announced that it has partnered with Qualys, a leading provider of cloud-based security and compliance solutions, to integrate Qualys’ vulnerability management and co… Continue reading Coalfire partners with Qualys to further strengthen its cloud automation services
Mike Weber is the Vice President of Coalfire and Rebecca Larson is the Director, Vulnerability Assessment Operations of Coalfire. Coalfire ASV Scanning: – ASV program (love, praise, struggle)– Development and growth of scanning, 1-5 person … Continue reading Coalfire ASV Scanning – Enterprise Security Weekly #132
Coalfire ASV Scanning: – ASV program (love, praise, struggle)– Development and growth of scanning, 1-5 person team, partnership, marketing position– Published opinion piece, getting knowledge, supporting the industry– Scan p… Continue reading Coalfire ASV Scanning – Enterprise Security Weekly #132
Corporate security experts need to emerge from behind their physical cubicles and their digital firewalls to ensure that new technologies don’t create new vulnerabilities that could threaten their jobs, according to two executive-focused panels Monday at the RSA cybersecurity conference in San Francisco. Firms often fail to implement security measures amid their transition to the cloud, or when they implement the accelerated software production strategy known as DevOps, because security leaders fail to communicate with other departments, panelists said. “Because [new tools] are enabling business in a more rapid fashion, CISOs need to figure out how to turn security from ‘the business of no’ into something that enables functions,” said Kurt Hagerman, an executive adviser at the consultancy firm Coalfire. “You have to tie the value of your security program to the business. And that’s a skill a lost of CISOs today lack.” Too few companies have leaders who work together […]
The post Why CISOs must get better at connecting to the rest of the company appeared first on CyberScoop.
Continue reading Why CISOs must get better at connecting to the rest of the company