After sending the September updates in the second half of October, we got our shit together and we are gradually returning to our normal schedule. Alongside with Halloween, October also brings the start of carnival rehearsals in Olinda and Recife, so start getting your costumes ready and let's move on to the updates from your favorite cybersecurity tool!

💎 Discovery & Cloudflare

Cloudflare's WAF (Web Application Firewall) service is increasingly used by companies of all sizes, but it brings an unexpected behavior: for each website that uses the WAF, in addition to ports 80 and 443, the ports 2052, 2053, 2082, 2083, 2086, 2087, 2095, 2096, 8080, 8443, and 8880 may also be open.

This is not a security flaw, but it does create noise, since these ports were not explicitly configured and yet are found by tools like Unxpose. To reduce this noise, we've created the option to ignore additional Cloudflare ports, so any website using Cloudflare's WAF and detected on ports other than 80 and 443 will be ignored. Thanks to Denis for the suggestion!

Want to activate this setting? Just visit https://app.unxpose.com/settings/company. Once you activate it, websites will start to be ignored on the next scan.

💎 New findings on AWS

Several updates for the world's most used cloud provider! We have new IAM checks to ensure that your team is using the best practices for access management.

Does your company use AWS? Then be sure to visit https://app.unxpose.com/cloud and update your permissions.

💎 One more thing!

Here are more updates worth knowing:

• Host map: do you know in which country each host of your company is? Now in the Internet Exposure section, it's possible to see a map with the location of your hosts! Even better, you can also filter by country in the host table in the Network section;

• Performance in the Findings section: it's self explanatory, but we've improved the loading speed of this section by up to 5x.