A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. I have a great weird and wonderful selection for you this week. OK, I could have just opted for the usual major breaches and boy, don’t we have a few of those? No, instead some really odd geeky and perhaps quite pointless ones caught my attention. First is a look at air craft hacking.

Hacking and hackers are popular topics that are known and uttered by almost everyone, yet ethical hacking is rather a mystery to most. In this article, we will explain what it is and how it can be beneficial for your organization.

This blog was written by an independent guest blogger. There are billions of mobile phone users in the world, and every day, the number increases as people find convenience in the use of smartphones. As the number of smartphone user increases, technologies, apps, and software are continually created for these devices. However, as people shift their use to mobile devices, so are cybercriminals. Hackers are now finding ways they can to target mobile phone users.

We’re pleased to announce the debut of ManageEngine Application Control Plus, an application whitelisting, blacklisting, and privilege management solution. IT operations could come to a standstill if applications suddenly ceased to exist, but applications can be considered double-edged swords. As important as applications are, they also form the largest threat vectors in any network.

the k8s-security-configwatch GitHub Action, an open source tool from Sysdig, secures your GitOps workloads by detecting changes on your Kubernetes security configuration.

A network security assessment is an audit designed to find security vulnerabilities that are at risk of being exploited, could cause harm to business operations or could expose sensitive information.

The most recent National Institute of Standards and Technology (NIST) guidelines have been updated for passwords in section 800-63B. The document no longer recommends combinations of capital letters, lower case letters, numbers and special characters. Yet most companies and systems still mandate these complexity requirements for passwords. What gives?

In an ever-evolving security world, we to need to secure more with even fewer resources. While the cybersecurity skills gap increases, leaving “350,000 U.S. cybersecurity jobs unfilled yearly,” it is vital to work together to protect our environments and educate others. Creating a customer community can do just that.

GraphQL is a query language for APIs and a set of tools that enable sending and processing queries. While originally developed at Facebook, it has since grown beyond the social network's specific use case. Essentially, the client describes the type of data they want, and the server delivers only that data. At Bearer, we use GraphQL internally to drive our dashboard.

System and Organization Controls for Service Organizations 2 (SOC 2) compliance isn’t mandatory. No industry requires a SOC 2 report. Nor is SOC 2 compliance law or regulation. But your service organization ought to consider investing in the technical audit required for a SOC 2 report. Not only do many companies expect SOC 2 compliance from their service providers, but having a SOC 2 report attesting to compliance confers added benefits, as well.