As organizations look to take their 2022 security concerns head-on, they need to create resilient cybersecurity programs that help them make smarter, faster, informed decisions. In our recent webinar, I had the pleasure of chatting with security professionals Mike Wilkes from SecurityScorecard, Scott Fuller from Access Health, and John Beal from St. Charles Health. They discuss the challenges they face and how their security plans for 2022 to mitigate risk across their entire ecosystem.

It should come as little surprise that when enterprise and IT leaders turned their attention to the cloud, so did attackers. Unfortunately, the security capabilities of enterprises have not always kept up with the threat landscape. Poor visibility, management challenges and misconfigurations combine with other security and compliance issues to make protecting cloud environments a complex endeavor.

Things tend to slow down for many businesses at the end of the year. As the holidays roll in and employees take time off with their families, December is generally a time to take stock of what transpired over the year and start looking ahead to the next one. Unfortunately, that’s not how cybercriminals operate.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. What a start to 2022…. I happened to be on Twitter New Year’s Day and spotted a flurry of tweets about MS Exchange. Digging deeper it looks like a lot were firefighting a serious bug.

One way to enhance SSH login security is by using two-factor authentication (2FA). This approach forces an administrator to self-identify with an additional security verification in addition to the local admin credentials. This tutorial guides you through setting up Google Authenticator PAM to enable 2FA for users connecting to SSH on a Linux server. We’ll use nano as our editor in examples.

As one large, global financial institution prepared for employees to return to the office, its IT team identified a significant issue with the company's more than 8,000 access switches. The switches in question were used to provide connectivity to IP Phones – a crucial part of people's work across virtually all areas of the company.

Security researchers say they have seen a “massive wave” of malicious hackers exploiting the comment feature in Google Docs to spread malicious content into the inboxes of unsuspecting targeted users. According to a blog post published by Avanan, the comments functionality of Google Docs, as well as its fellow Google Workplace web-based applications Google Sheets and Google Slides, is being exploited to send out malicious links.

For the newest instalment in our series of interviews asking leading technology specialists about their achievements in their field, we’ve welcomed Kathleen Moriarty, Chief Technology Officer at the Center for Internet Security. During her tenure in the Dell EMC Office of the CTO, Kathleen had the honour of being appointed and serving two terms as the Internet Engineering Task Force (IETF) Security Area Director and as a member of the Internet Engineering Steering Group from March 2014-2018.

DevOps and Security. One encourages speed, agility, iterative learning, enabling technology to keep up with the pace of business. The other wants to keep you safe, slows things down, crosses all the T's and dots all the I's. They seem to be at odds with one another — but do they need to be? DevSecOps says no, that’s not the way it has to be.

Application Programming Interface (APIs), allow services to communicate with each other. Naturally, applications that are interconnected through many APIs, require thorough security testing, as each connection could potentially include software vulnerabilities. Since there are different methods to test these junctions, I want to briefly discuss the benefits and weaknesses of the most commonly used API testing methods in this article.