(Guest Blog) For decades, companies have relied on perimeter protection solutions to restrict their digital resources. These included passwords to authenticate users, intrusion detection systems and firewalls. With time, passwords became inadequate in preventing unauthorized access, and most shifted to two-factor authentication systems like one-time SMS codes or tokens. This change significantly enhanced security, but the approach only focused on securing the perimeter.

We see the word “cyber” everywhere today. It’s included in all the hashtags, events names and even in hand sanitizer available for purchase at Toys ‘R Us: Cyber Clean (72% ethanol alcohol, with aloe.) With the market booming and the buzzword exploding, many of us still don’t understand what this vague word means.

In part one we discussed what a Red Team Assessment is, but how does a Red Team Assessment differ from a Penetration Test? With a Red Team Assessment, we’re testing the whole company, essentially how it fares up to a worst-case scenario attack, whether that’s by a competitive company engaging in corporate espionage hell-bent on disrupting business, or harvesting data, or a criminal organisation breaking in and stealing physical equipment or damaging key infrastructure.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. It is nice to see a company caught up in a breach getting some help to make things right:

Honeytokens act like tripwires, alerting organizations of malicious threats lurking at the footsteps of their sensitive data. They're a very effective intrusion detection system. So effective, in fact, that the European Union Agency for Cybersecurity (ENISA) highly recommends their use in network security. If strategically distributed thought an ecosystem, honeytokens could event prevent supply chain attacks.

Content scrapers are automated bots that steal your content from websites and mobile apps for their own use without permission, usually for malicious purposes. Content scrapers typically copy all the content from a webpage and portray it as their own content. Bots can scrape all of the content on a website in a matter of seconds, even for large websites such as eCommerce sites with thousands of product pages. These bots can scrape public website information such as text, images, HTML and CSS code.