In part one we discussed what a Red Team Assessment is, but how does a Red Team Assessment differ from a Penetration Test? With a Red Team Assessment, we’re testing the whole company, essentially how it fares up to a worst-case scenario attack, whether that’s by a competitive company engaging in corporate espionage hell-bent on disrupting business, or harvesting data, or a criminal organisation breaking in and stealing physical equipment or damaging key infrastructure.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. It is nice to see a company caught up in a breach getting some help to make things right:

Honeytokens act like tripwires, alerting organizations of malicious threats lurking at the footsteps of their sensitive data. They're a very effective intrusion detection system. So effective, in fact, that the European Union Agency for Cybersecurity (ENISA) highly recommends their use in network security. If strategically distributed thought an ecosystem, honeytokens could event prevent supply chain attacks.

Content scrapers are automated bots that steal your content from websites and mobile apps for their own use without permission, usually for malicious purposes. Content scrapers typically copy all the content from a webpage and portray it as their own content. Bots can scrape all of the content on a website in a matter of seconds, even for large websites such as eCommerce sites with thousands of product pages. These bots can scrape public website information such as text, images, HTML and CSS code.

Zoho ManageEngine Desktop Central is an endpoint management solution offered by Zoho. A server running this software can push updates to managed systems, remotely control and lock them, apply access controls and more. In March 2020, a remote code execution (RCE) vulnerability was identified (tracked as CVE-2020-10189) in the ManageEngine software due to the deserialization of untrusted, user-controlled input in the getChartImage function of the FileStorage class within the application.

Organizations are increasingly turning to microservices to facilitate their ongoing digital transformations. According to ITProPortal, more than three quarters (77%) of software engineers, systems and technical architects, engineers and decision makers said in a 2020 report that their organizations had adopted microservices. Almost all (92%) of those respondents reported a high level of success.

This blog post aims to provide an overview of the state of cyber security in universities and other higher education organisations. Security has been a challenge for a long time at schools, colleges and universities. Aligning ourselves with the glass-half-full attitude, these organisations and institutions have shown good progress with basic security controls. Information security is a prerequisite for various business dealings in the public sector, grant funding and procurement processes.