CISM (Certified Information Security Manager) is an advanced certification designed for IT professionals who focus on information security management. Here, we’ll discuss what CISM is, the CISM certification process, and the benefits of being CISM-certified.

In the early days of the internet, cybersecurity was fairly straightforward, with all solutions and strategies geared toward prevention. While prevention remains critical, cybersecurity has also had to evolve, with businesses layering their defenses and regularly evaluating the status of their safeguards to adapt to change—whether those be organizational or within the wider cybersecurity sphere.

Developing software today requires a keen sensitivity to creating secure code. Even NIST admits that "Few software development life cycle (SDLC) models explicitly address software security in detail, so secure software development practices usually need to be added to each SDLC model to ensure the software being developed is well secured."This is why NIST developed the secure software development...

“BootHole” GRUB2 Bootloader Secure Boot BypassAs of July 29th, a buffer overflow vulnerability has been disclosed in the way that GRUB2 parses its configuration file, grub.cfg that can lead to full control over an affected system before OS boot. This bypass vulnerability has been assigned CVE-2020-10713. GRUB2 is utilized on almost all modern Linux systems, Windows systems since 2012 that...

Now more than ever, businesses are adapting to long-term remote work policies. This causes staff to greatly rely on personal devices to access corporate networks, which often contain sensitive data. But being away from the office, and the in-house security infrastructure presents new opportunities for malicious actors to breach your network.Furthermore, newer technologies, such as the IoT, present...

While fuzzing may sound like just another buzzword in the cybersec landscape, it has continued to gain popularity over the last several years and shows no signs of going away. Development teams know that unless their developers all just came down from Mount Olympus, there are likely to be security holes in their applications - and they need tools that can be used by anyone to simulate real attacks...

On June 30th 2020, F5 disclosed a Remote Code Execution (RCE) (CVE-2020-5902) vulnerability in their Traffic Management User Interface (TMUI), also referred to as the Configuration Utility. The directory traversal vulnerability can allow execution of system commands, as well as reading and writing of files and execution of arbitrary Java code. This vulnerability has a CVSSv3 base score of 9.8. ...

CVE-2020-2021 Palo Alto Networks PAN-OSA critical severity authentication bypass vulnerability in certain configurations of Palo Alto Networks PAN-OS devices using Security Assertion Markup Language (SAML) authentication.On June 29, 2020, Palo Alto issued a security advisory for PAN-OS versions with SAML authentication enabled and the 'Validate Identity Provider Certificate' option disabled ...

Ripple20As of June 16th 2020, a total of 19 vulnerabilities, collectively called Ripple20, were found within an embedded TCP/IP stack software library. This library, developed by Treck, Inc. was used in the manufacturing chain across all industries and could affect several hundred million devices. Four vulnerabilities are considered critical and are tracked against CVE-2020-11896, CVE-2020-11897,...