A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. We’ve been here before right? Many times? I know many countries have or are cracking down on IoT security but would it also cover this market?

I talk to a lot of engineers every day. SREs. Systems Architects. Security Engineers. What I am hearing from them is that they are moving away from passwords — both in their personal lives, opting for more secure forms of authentication like biometrics and second factors, and at work. It just doesn’t make sense anymore to protect your personal bank with a second factor, but to share around an SSH key to access critical server infrastructure.

We are squeaking this one in under the wire as we say goodbye to the second full year in this long pandemic. It has been a busy year with lots of new features and improvements. To get the new year started right we are putting on a joint webinar with our friends at Tines. As we go into 2022 we do so with hope and optimism that we will start moving towards a brighter future for all.

As infrastructures and workloads transition to cloud and teams adopt a CI/CD development process, there is a new paradigm shift: infrastructure is becoming code. This approach of treating infrastructure as code (IaC) is incredibly powerful, brings us many advantages, and enables transformative concepts like immutability. We define infrastructures in a declarative way and version them using the same source code control tools (in particular git) that we use for our application code.

In the first half of 2021, average ransomware demands surged by 518%, while payments climbed by 82%. There has been a growing number of attacks in healthcare, with 560 healthcare facilities hit by ransomware last year in the U.S. alone. As new attacks generate headlines each week, we get real-world use cases for how ransomware proliferates in diverse ways, including social engineering attacks and exploitation of vulnerabilities.