Blog

SOC 2 vs. ISO 27001: Which Security Framework is Right for Your Organization?

By / 2025-10-17

In today’s threat landscape, proving your organization’s commitment to information security is no longer optional — it’s a business requirement. Whether you’re a SaaS provider, managed service firm, or global enterprise, two of the most widely recognized standards often come up in client conversations: SOC 2 and ISO 27001. While both frameworks demonstrate strong security …

SOC 2 vs. ISO 27001: Which Security Framework is Right for Your Organization?Read More »

Penetration Testing: Staying Ahead of Cybercriminals.

By / 2025-10-17

Why Conduct Penetration Testing? In today’s interconnected world, cyber threats are more sophisticated than ever. Organizations face constant risks from attackers seeking to exploit vulnerabilities for financial gain, reputational damage, or unauthorized access to sensitive data. Penetration testing (pen testing) is one of the most effective ways to strengthen defenses and ensure resilience against real-world …

Penetration Testing: Staying Ahead of Cybercriminals.Read More »

Cybersecurity Starts with Everyone: Why Employee Training Is Your Best Defense

By / 2025-10-17

In the age of increasingly sophisticated cyber threats, your organization’s strongest security tool isn’t just a firewall or endpoint protection software — it’s your people. Cybersecurity is no longer the sole responsibility of IT departments. Every employee, from interns to executives, plays a vital role in protecting both company and personal data. That’s why consistent, …

Cybersecurity Starts with Everyone: Why Employee Training Is Your Best DefenseRead More »

Disinformation, Deepfakes & Digital Deception: Understanding the Modern Identity Threat

By / 2025-10-17

In today’s hyperconnected world, what you see — and hear — can no longer be trusted at face value. Fueled by advances in artificial intelligence, deepfakes and disinformation campaigns are emerging as powerful tools for cybercriminals and state actors alike. Whether impersonating a CEO’s voice to authorize a wire transfer or manipulating public opinion with …

Disinformation, Deepfakes & Digital Deception: Understanding the Modern Identity ThreatRead More »

Ransomware-as-a-Service & Credential Theft: Today’s Greatest Threats to Business Security

By / 2025-10-20

In today’s digital economy, cybersecurity is no longer a luxury — it’s a necessity for survival. Two of the most formidable threats facing organizations of all sizes in 2025 are Ransomware-as-a-Service (RaaS) and credential theft. These modern attack methods have democratized cybercrime, giving even inexperienced hackers the tools to launch devastating campaigns. The result? Rising …

Ransomware-as-a-Service & Credential Theft: Today’s Greatest Threats to Business SecurityRead More »

Looking to cut cost? Penetration testing will save you money. Here’s why.

By / 2025-10-03

Due to the current health crisis (and Saudi-Russian oil price war) the global economy teeters between recession and depression, and the duration of the down turn is unclear. Smart companies are looking for ways to save money to hunker down and weather the storm. Here are 6 reasons why penetration testing will actually save you …

Looking to cut cost? Penetration testing will save you money. Here’s why.Read More »

Remote-Workforce-Security

Remote Workforce Security: Self-Assessment Questionnaire

By / 2025-10-03

Offering options for remote work to all employees will help slow the spread of COVID-19, but may introduce risk if not a previously supported or planned policy. This self-assessment questionnaire allows organizations to consider high priority security risks potentially introduced by implementing new remote working strategies. And ways to mitigate them.

OmniCenter 12.1.1 SQL Injection

By / 2020-01-29

By Luis Rios OmniCenter 12.1.1 and below (and 12.0.8 and below) is affected by an unauthenticated SQL Injection (Boolean Based Blind). The injection allows an attacker to read sensitive information from the database used by the application. Background During the course of a penetration test, we encountered the OmniCenter application.  An Internet search showed no …

OmniCenter 12.1.1 SQL InjectionRead More »

ILLUMANT #1 Bug Bounty Hunter on Alibaba

By / 2019-01-31

In 2018 Illumant topped the list of bug hunters for Alibaba’s bug bounty program: To see this info on Alibaba, go the following link and select the year 2018: https://security.alibaba.com/top.htm?tab=1

Assessments

Compliance

Security Awareness Training

Other Links

Contact Information

431 Florence Street, Suite 210
Palo Alto California, US
Phone: 650 961 5911
Fax: 650 961 5912
Email: info@illumant.com

2006-2025 © Illumant, LLC. All Rights Reserved.