Aviation


  • Airline DMARC Policies Lag, Opening Flyers to Email Fraud

    August 19, 2020

    More than half of global airlines do not have DMARC policies in place, opening their customers up to email fraud attacks, a new report found. DMARC (Domain-based Message Authentication, Reporting & Conformance) is considered the industry standard for email authentication to prevent attackers from sending mails with counterfeit addresses. It does so by authenticating the sender’s ...

  • US defense and aerospace sectors targeted in new wave of North Korean attacks

    July 30, 2020

    Tracked under the codename of “Operation North Star,” McAfee said these attacks have been linked to infrastructure and TTPs (Techniques, Tactics, and Procedures) previously associated with Hidden Cobra — an umbrella term the US government uses to describe all North Korean state-sponsored hacking groups. As for the attacks themselves, McAfee said they were run-of-the-mill spear-phishing emails ...

  • Ripple20 vulnerabilities will haunt the IoT landscape for years to come

    June 16, 2020

    Cyber-security experts have revealed today 19 vulnerabilities in a small library designed in the 90s that has been widely used and integrated into countless of enterprise and consumer-grade products over the last 20+ years. The number if impacted products is estimated at “hundreds of millions” and includes products such as smart home devices, power grid equipment, ...

  • Easyjet hacked: 9 million people’s data accessed plus 2,200 credit card details grabbed

    May 17, 2020

    Budget British airline Easyjet has been hacked, it has told the stock markets, admitting nine million people’s details were accessed and more than 2,000 customers’ credit card details stolen. Some information about the attack was released to the London Stock Exchange by the company, which claimed it had been targeted by “a highly sophisticated source”. Email addresses and “travel ...

  • Airplane Hack Exposes Weaknesses of Alert and Avoidance Systems

    May 4, 2020

    The aircraft safety system known as the Traffic Alert and Collision Avoidance System (TCAS) can be coerced into sending an airplane on a mid-air rollercoaster ride – much to the horror of those onboard. Researchers were able to cobble together an effective method for spoofing the TCAS using a $10 USB-based Digital Video Broadcasting dongle and ...

  • DoppelPaymer Ransomware Used to Steal Data from Supplier to SpaceX, Tesla

    March 3, 2020

    A company that provides custom parts to aerospace giants Lockheed Martin, SpaceX and Boeing, has been the target of an attack by an emerging type of ransomware that can both encrypt files and exfiltrate data. Colorado-based Visser Precision said it was targeted by a “cyber incident” that involved the attacker accessing and stealing company data after a security ...

  • Airports Council International and The Aviation Information Sharing and Analysis Center enter cooperative agreement

    January 23, 2020

    Airports Council International (ACI) World and A-ISAC announced today they have signed an agreement that better enables ACI members to join the A-ISAC for access to airport-specific cyber threat intelligence and actionable data that will enhance their ability to build cyber resiliency. Both organizations play an active role in supporting the global aviation network; by increasing ...

  • Israel launches civil aviation cybersecurity plan

    January 13, 2020

    The Israeli government approved a civil aviation cybersecurity program, the Israel National Cyber Directorate (INCD) reported on Sunday. As part of the plan, a national steering committee will be established, to advance Israel’s capabilities in this field. The committee, headed by the INCD, will have representatives from Israel’s Ministry of Transport, the Civil Aviation Authority, Israel’s Airports ...

  • More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting

    December 12, 2019

    The threat group regularly referred to as APT33 is known to target the oil and aviation industries aggressively. This threat group has been reported on consistently for years, but our recent findings show that the group has been using about a dozen live Command and Control (C&C) servers for extremely narrow targeting. The group puts up multiple layers of obfuscation to ...

  • Unpatchable security flaw found in popular SoC boards

    August 20, 2019

    Security researchers have discovered an unpatchable security flaw in a popular brand of system-on-chip (SoC) boardsmanufactured by Xilinx. The vulnerable component is Xilinx’s Zynq UltraScale+ brand, which includes system-on-chip (SoC), multi-processor system-on-chip (MPSoC), and radio frequency system-on-chip (RFSoC) products used inside automotive, aviation, consumer electronics, industrial, and military components. According to security researchers with Inverse Path — F-Secure’s hardware ...

  • British Airways E-Ticketing Flaw Exposes Passenger Flight, Personal Data

    August 13, 2019

    A vulnerability in British Airways’ e-ticketing system could enable a bad actor to view passengers’ personal data or change their booking information. A security bug discovered in British Airways’ e-ticketing system has the potential to expose passengers’ data, including their flight booking details and personal information. Researchers on Tuesday said that check-in links being sent by British ...

  • Cyberattack warning to small plane owners: How your aircraft could be vulnerable

    July 30, 2019

    The alert from the DHS critical infrastructure computer emergency response team. warns that modern flight systems are vulnerable to hacking if a person manages to gain unrestricted access to an aircraft. The alert also recommends that small plane owners restrict unauthorized physical access to their aircraft the best they can. It warns that access should remain limited until ...

  • Cyberwarfare in space: Satellites at risk of hacker attacks

    July 2, 2019

    There’s an urgent need for NATO and its member countries to address the cybersecurity of space-based satellite control systems because they’re vulnerable to cyberattacks – and if left unaddressed, it could have severe consequences for global security, a new paper from a major thinktank on international affairs has warned. Almost all modern military engagements rely on space-based assets, ...

  • NASA’s crap infosec could be ‘significant threat’ to space ops

    March 11, 2019

    NASA’s Office of the Inspector General has once again concluded the American space agency’s tech security practices are “not consistently implemented”. Confirmation that the US government department’s infosec abilities are not up to scratch was a repeat of last year’s federally mandated security audit, which also found that processes and procedures were below par. Oversight personnel from ...

  • Flaw in Multiple Airline Systems Exposes Passenger Data

    February 7, 2019

    Researchers have discovered that multiple airline e-ticketing systems do not encrypt check-in links. The security faux pas could allow bad actors on the same network as the victim to view – and in some cases even change – their flight booking details or boarding passes. Security researchers at Wandera said that eight airlines have been sending ...

  • Airbus data breach impacts employees in Europe

    January 30, 2019

    European aerospace corporation Airbus disclosed today a security breach that impacted its commercial aircraft manufacturing business. The company said the security breach “resulted in unauthorised access to data.” According to a press release published earlier today, Airbus said that “some personal data was accessed,” but “mostly professional contact and IT identification details of some Airbus employees in Europe.” Read more… Source: ...

  • NASA discloses data breach

    December 19, 2018

    The US National Aeronautics and Space Administration (NASA) admitted today to getting hacked earlier this year. In an internal memo sent to all employees, the agency said that an unknown intruder gained access to one of its servers storing the personal data of current and former employees. Social Security numbers were also compromised, NASA said. The agency ...

  • OilRig APT Continues Its Ongoing Malware Evolution

    September 13, 2018

    The Iran-linked APT appears to be in a state of continuous tool development, analogous to the DevOps efforts seen in the legitimate software world. OilRig, an APT group believed to have ties to Iran, has been spotted in yet another campaign in the Middle East – this time targeting victims within an undisclosed government using an ...

  • Delta Confirms Breach Of Customer Payment Details

    April 5, 2018

    Hackers have had access to Delta customer payment data for over six months after third party breach US airline Delta Air Lines and American department store Sears Holding have both confirmed a data breach, after an incident involving a third party tech provider. Delta said that it was notified last week by 7.ai, a company that provides online chat ...

  • ‘Significant amount’ of sensitive security data stolen in Perth Airport hacking

    December 10, 2017

    A skilled hacker in Vietnam stole sensitive security details and building plans from Perth Airport after breaking into its computer systems. The West Australian can reveal Vietnamese man Le Duc Hoang Hai used the credentials of a third-party contractor to get access to the airport’s computer systems in March last year. Prime Minister Malcolm Turnbull’s cybersecurity adviser Alastair ...