Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For Asset Monitoring, we now push out tests more frequently at record speed within 25 minutes from hacker to scanner. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers.

Amazon’s AWS Systems Manager, better known as SSM to long-time AWS users, was announced at the end of 2017, replacing the similarly named EC2 Systems Manager that had launched a year prior. Similar to other AWS products, System Manager provides a broad spectrum of features instead of a focused and opinionated product.

Network security is a top-of-mind concern for business executives and technical leaders alike. The costs of a major breach can range in the hundreds of millions of dollars, and it can take years for companies’ reputations to recover. But when most people think about network security, network modeling, visualization, and path analysis probably don’t spring to mind. We believe it should.

Have you ever worked with a company that operates as “close to broken” as reasonably possible? Companies that follow that mindset usually do not have the most robust security practice, and they certainly will walk very close to the edge of compliance. Even if you don’t work in such a dysfunctional enterprise as described above, many companies still do not appreciate the interconnection of security and compliance.

(Guest Blog) For decades, companies have relied on perimeter protection solutions to restrict their digital resources. These included passwords to authenticate users, intrusion detection systems and firewalls. With time, passwords became inadequate in preventing unauthorized access, and most shifted to two-factor authentication systems like one-time SMS codes or tokens. This change significantly enhanced security, but the approach only focused on securing the perimeter.

We see the word “cyber” everywhere today. It’s included in all the hashtags, events names and even in hand sanitizer available for purchase at Toys ‘R Us: Cyber Clean (72% ethanol alcohol, with aloe.) With the market booming and the buzzword exploding, many of us still don’t understand what this vague word means.

In part one we discussed what a Red Team Assessment is, but how does a Red Team Assessment differ from a Penetration Test? With a Red Team Assessment, we’re testing the whole company, essentially how it fares up to a worst-case scenario attack, whether that’s by a competitive company engaging in corporate espionage hell-bent on disrupting business, or harvesting data, or a criminal organisation breaking in and stealing physical equipment or damaging key infrastructure.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. It is nice to see a company caught up in a breach getting some help to make things right:

Honeytokens act like tripwires, alerting organizations of malicious threats lurking at the footsteps of their sensitive data. They're a very effective intrusion detection system. So effective, in fact, that the European Union Agency for Cybersecurity (ENISA) highly recommends their use in network security. If strategically distributed thought an ecosystem, honeytokens could event prevent supply chain attacks.

Content scrapers are automated bots that steal your content from websites and mobile apps for their own use without permission, usually for malicious purposes. Content scrapers typically copy all the content from a webpage and portray it as their own content. Bots can scrape all of the content on a website in a matter of seconds, even for large websites such as eCommerce sites with thousands of product pages. These bots can scrape public website information such as text, images, HTML and CSS code.