Welcome to Friday’s news overview – this is the place where we keep you up to date on the latest technology updates, cybersecurity news, and more. Here’s what’s going on in the tech world today:

leaky cloud apps

Misconfigured cloud services are causing mobile apps to leak data

Thousands of iOS and Android applications have been caught leaking user data, due to developers not implementing the correct security controls. Huge amounts of mobile users’ personal information was up for grabs: a transport app was found to be leaking payment data, a mobile wallet app was accidentally releasing session data and financial info, and medical apps were exposing test results alongside profile pictures of the people those results belonged to. Not ideal.

Around 14% of the 1.3+ million public cloud service-reliant apps that were scanned didn’t have the right security settings in place. Network credentials, system configuration files, and server architecture keys were discovered online, and were relatively easy to access.

Security researchers who found the problem had this to say: “A lot of these apps have cloud storage that was not configured properly by the developer or whoever set things up and, because of that, data is visible to just about anyone. And most of us have some of these apps right now,” Read more here.

Star Alliance experiences a data breach

The aviation sector just can’t catch a break this week. First it was Malaysia airlines suffering a cyber attack, now Star Alliance has also fallen victim to a data breach of its own.

The breach was the result of a “highly sophisticated” attack on Sita, Star Alliance’s IT provider – and also a provider to Malaysia Airlines, New Zealand Air, Jeju Air (South Korea), as well as 90% of the global aviation industry. The breach resulted in vast amounts of frequent flyer data being exposed.

Sita had this to say: “We recognise that the Covid-19 pandemic has raised concerns about security threats, and, at the same time, cyber-criminals have become more sophisticated and active. This was a highly sophisticated attack.

Latest

ledgeredge trading corporate bonds cybersecurity fintech

vISM Case Study: Working in Close Partnership with LedgerEdge

Secarma and LedgerEdge have developed an ongoing consultancy-based cybersecurity partnership, workin...

Cybersecurity Misconceptions

At Secarma, we're passionate about security. That's why, as part of Cybersecurity Awareness Month 20...

Cybersecurity Events in the Capital

Over the past month or so, the Secarma team have been very busy with cybersecurity events. From the ...