top of page

IT industry update

This month we are looking at what interesting insights we have been able to find about cyber security within the IT sector.



  1. Researchers have found hardcoded API keys within mobile applications - Researchers Discover Nearly 3,200 Mobile Apps Leaking Twitter API Keys (thehackernews.com). If you are involved in developing applications either for mobiles or for websites are you hard coding keys? Researchers have found hardcode keys in mobile applications which allow unauthorised access to Twitter accounts, and a recent new build website had developer keys still in place when the site was live. Are you checking your code doesn’t have hardcoded keys?

  2. Malicious IIS extensions quietly open persistent backdoors into servers - Microsoft Security Blog. If you have Microsoft exchange servers then you need to read this article and think about whether you can put in place the suggested mitigation.

  3. GitHub blighted by “researcher” who created thousands of malicious projects – Naked Security (sophos.com). If you use GitHub be aware of “researchers” uploading malicious repositories.


Further guidance & support


The Eastern Cyber Resilience Centre is a not-for-profit organisation, run by policing, with the intention of increasing cyber resilience of SMEs and third sector organisations within the East of England.


Our members can benefit from a range of services, from helping you improve your cyber resilience through our “little steps” programme to being notified about the threats relevant to you.



It’s completely free, with no strings or sales pitches attached.


Policing led – business focused.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page