Welcome to Friday’s news overview – this is the place where we keep you up to date on the latest technology updates, cybersecurity news, and more. Here’s what’s going on in the tech world today:

leaky cloud apps

Misconfigured cloud services are causing mobile apps to leak data

Thousands of iOS and Android applications have been caught leaking user data, due to developers not implementing the correct security controls. Huge amounts of mobile users’ personal information was up for grabs: a transport app was found to be leaking payment data, a mobile wallet app was accidentally releasing session data and financial info, and medical apps were exposing test results alongside profile pictures of the people those results belonged to. Not ideal.

Around 14% of the 1.3+ million public cloud service-reliant apps that were scanned didn’t have the right security settings in place. Network credentials, system configuration files, and server architecture keys were discovered online, and were relatively easy to access.

Security researchers who found the problem had this to say: “A lot of these apps have cloud storage that was not configured properly by the developer or whoever set things up and, because of that, data is visible to just about anyone. And most of us have some of these apps right now,” Read more here.

Star Alliance experiences a data breach

The aviation sector just can’t catch a break this week. First it was Malaysia airlines suffering a cyber attack, now Star Alliance has also fallen victim to a data breach of its own.

The breach was the result of a “highly sophisticated” attack on Sita, Star Alliance’s IT provider – and also a provider to Malaysia Airlines, New Zealand Air, Jeju Air (South Korea), as well as 90% of the global aviation industry. The breach resulted in vast amounts of frequent flyer data being exposed.

Sita had this to say: “We recognise that the Covid-19 pandemic has raised concerns about security threats, and, at the same time, cyber-criminals have become more sophisticated and active. This was a highly sophisticated attack.

Latest

Looking for vulnerabilities in systems

Security Essentials Series – Vulnerability Scans vs Penetration Tests

Our Cyber security basics series continues with a look at whether your current situation requires vu...

Data protection

Security Essentials Series – Why is Cyber Essentials good for GDPR?

This Security Essentials Series blog focuses on data protection and why Cyber Essentials is a good s...

Origins of cybercrime

Security Essentials Series – 80% of Cyber Threats are Protected by Cyber Essentials

As we continue our focus on basic cyber protections, we delve into a little more detail on the CE st...