April 22, 2023 Europe’s air-traffic agency appears to be the latest target in pro-Russian miscreants’ attempts to disrupt air travel.
Eurocontrol confirmed on Friday its website has been “under attack” since April 19, and said “pro-Russian hackers” had claimed responsibility for the disruption.
Read more…
Source: The Register
March 21, 2023
This new report maps and analyses cyber incidents in relation to aviation, maritime, railway and road transport covering the period of January 2021 to October 2022.
The report brings new insights into the cyber threats of the transport sector. In addition to the identification of prime threats and the analysis of incidents, the report includes an ... March 16, 2023
First announced by NATO Secretary General Jens Stoltenberg and European Commission President Ursula von der Leyen in January, the initiative brings together officials from both organisations to share best practices, share situational awareness, and develop principles to improve resilience. The Task Force will begin by focusing on four sectors: energy, transport, digital infrastructure, and space.
Announcing ... March 7, 2023
Today, the Transportation Security Administration (TSA) issued a new cybersecurity amendment on an emergency basis to the security programs of certain TSA-regulated airport and aircraft operators, following similar measures announced in October 2022 for passenger and freight railroad carriers. This is part of the Department of Homeland Security’s efforts to increase the cybersecurity resilience of U.S. critical infrastructure and ... February 15, 2023
Scandinavian airline SAS said it was hit by a cyber attack Tuesday evening and urged customers to refrain from using its app but later said it had fixed the problem.
News reports said the hack paralyzed the carrier’s website and leaked customer information from its app.
Read more…
Source: Skift
January 22, 2023
A copy of the U.S. Transportation Security Administration’s “no-fly list” has been found by a Swiss hacker exposed on the open internet in yet another case of misconfigured cloud storage.
First reported by The Daily Dot, the exposure of the database was found by a Swiss hacker known as “maia arson crimew” on a server run ... January 11, 2023
The U.S. Federal Aviation Administration’s (FAA) system that alerts pilots and other flight personnel about hazards or any changes to airport facility services and relevant procedures was not processing updated information, the civil aviation regulator’s website showed on Wednesday.
In an advisory, the FAA said its NOTAM (Notice to Air Missions) system had “failed”. There was ... January 6, 2023
Air France and KLM have informed Flying Blue customers that some of their personal information was exposed after their accounts were breached.
Flying Blue is a loyalty program allowing clients of multiple airlines, including Air France, KLM, Transavia, Aircalin, Kenya Airways, and TAROM, to exchange loyalty points for various rewards.
“Our security operations teams have detected suspicious ... December 20, 2022
The European Commission last week proposed rules governing the use of Advance Passenger Information in a bid to strengthen border security.
As commissioner for home affairs Ylva Johansson explained during a press conference, travel in and out of the Schengen zone – the 26 European countries between which passengers are free to travel without visas – ... November 15, 2022
A major vulnerability in a networking technology widely used in critical infrastructures such as spacecraft, aircraft, energy generation systems and industrial control systems was exposed by researchers at the University of Michigan and NASA.
It goes after a network protocol and hardware system called time-triggered ethernet, or TTE, which greatly reduces costs in high-risk settings by ... October 10, 2022
Unknown hackers attacked and temporarily shut down the public-facing websites of at least several major U.S. airports on Monday, a Department of Homeland Security official confirmed to USA TODAY.
The official from DHS’ Cybersecurity and Infrastructure Security Agency or CISA, declined to comment on who might have been behind what appeared to be a coordinated series ... October 1, 2022
The notorious North Korean hacking group ‘Lazarus’ was seen installing a Windows rootkit that abuses a Dell hardware driver in a Bring Your Own Vulnerable Driver attack.
The spear-phishing campaign unfolded in the autumn of 2021, and the confirmed targets include an aerospace expert in the Netherlands and a political journalist in Belgium.
According to ESET, which ... September 19, 2022
American Airlines has notified customers of a recent data breach after attackers compromised an undisclosed number of employee email accounts and gained access to sensitive personal information.
In notification letters sent on Friday, September 16th, the airline explained that it has no evidence that the exposed data was misused.
American Airlines discovered the breach on July 5th, ... September 13, 2022
A distinct group of espionage attackers who were formerly associated with the ShadowPad remote access Trojan (RAT) has adopted a new, diverse toolset to mount an ongoing campaign against a range of government and state-owned organizations in a number of Asian countries. The attacks, which have been underway since at least early 2021, appear to ... September 9, 2022
Albania said it suffered another cyberattack on the day the U.S. announced sanctions against Iran’s Ministry of Intelligence and Security (MOIS) for an attack launched against Tirana’s government computer systems in July.
“The national police’s computer systems were hit Friday by a cyberattack which, according to initial information, was committed by the same actors who in ... August 12, 2022
A digital vulnerability in the computer systems used on some Boeing Co aircraft that could have allowed malicious hackers to modify data and cause pilots to make dangerous miscalculations has been fixed, security researchers said on Friday.
Older versions of a digital tool used to calculate landing and take-off speeds on some aircraft could be tampered ... July 19, 2022
An Indian flight booking website majority-owned by US retail colossus Walmart has experienced a data breach, but is saying very little about what happened or the risks to customers.
News of the breach emerged on Monday, when customers received a message.
While the message to customers assures them that “no sensitive information pertaining to your Cleartrip account” ... July 11, 2022
Aerojet Rocketdyne, which makes propulsion and power systems for launch vehicles, missiles and satellites for NASA and the US military, has agreed to pay $9 million to settle charges it misrepresented its products’ compliance with cybersecurity requirements in federal government contracts.
The El Segundo, California-based company has a deep history in American space and military contracting, ... July 5, 2022
The German Federal Office for Information Security (BSI) has put out an IT baseline protection profile for space infrastructure amid concerns that attackers could turn their gaze skywards.
The document, published last week, is the result of a year of work by Airbus Defence and Space, the German Space Agency at the German Aerospace Center (DLR), ... April 19, 2022
Despite being unknown even to industry practitioners, the Data Distribution Service (DDS) protocol has been in use for more than a decade. This middleware software technology is responsible for running billions of public and private devices and mechanisms currently in use. DDS is integral in embedded systems that require real-time machine-to-machine communication, facilitating a reliable ...
