This month we are looking at what interesting insights we have been able to find about cyber security within the IT sector.
Researchers have found hardcoded API keys within mobile applications - Researchers Discover Nearly 3,200 Mobile Apps Leaking Twitter API Keys (thehackernews.com). If you are involved in developing applications either for mobiles or for websites are you hard coding keys? Researchers have found hardcode keys in mobile applications which allow unauthorised access to Twitter accounts, and a recent new build website had developer keys still in place when the site was live. Are you checking your code doesn’t have hardcoded keys?
Malicious IIS extensions quietly open persistent backdoors into servers - Microsoft Security Blog. If you have Microsoft exchange servers then you need to read this article and think about whether you can put in place the suggested mitigation.
GitHub blighted by “researcher” who created thousands of malicious projects – Naked Security (sophos.com). If you use GitHub be aware of “researchers” uploading malicious repositories.
Further guidance & support
The Eastern Cyber Resilience Centre is a not-for-profit organisation, run by policing, with the intention of increasing cyber resilience of SMEs and third sector organisations within the East of England.
Our members can benefit from a range of services, from helping you improve your cyber resilience through our “little steps” programme to being notified about the threats relevant to you.
It’s completely free, with no strings or sales pitches attached.
Policing led – business focused.