Aviation


  • Air Canada releases statement after brief cyber attack

    September 22, 2023

    Air Canada appears to have been the victim of a cyber attack after the company released a statement regarding the incident on September 21st. According to the statement, an authorized group gained what the company describes as “limited” access to an internal Air Canada system. The system was related to the personal information of both staff ...

  • China: Identity of NSA hacker behind cyberattack on China’s leading aviation university identified

    September 14, 2023

    During the investigation of the cyberattack against Northwestern Polytechnical University (NPU), a leading Chinese aviation university, China has successfully extracted multiple samples of the spyware named SecondDate, and with the collaborative efforts of partners in various countries, the real identity of the US’ National Security Agency (NSA) personnel responsible for launching the cyberattack on NPU ...

  • CISA, FBI, and CNMF Release Advisory on Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475

    September 7, 2023

    Today, CISA, Federal Bureau of Investigation (FBI), and U.S. Cyber Command’s Cyber National Mission Force (CNMF) published a joint Cybersecurity Advisory (CSA), Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475. This CSA provides information on an incident at an Aeronautical Sector organization, with malicious activity occurring as early as January 2023. CISA, FBI, and CNMF confirmed ...

  • China’s Ministry of State Security warns of data security risks after Wuhan Earthquake Monitoring Center cyberattack

    August 16, 2023

    China’s Ministry of State Security (MSS) on Wednesday warned of data security risks after recent reports identified US intelligence agencies were behind a cyberattack on Wuhan Earthquake Monitoring Center. A joint investigation team formed by the National Computer Virus Emergency Response Center (CVERC) and Chinese cybersecurity company 360 discovered malicious backdoor software that exhibits characteristics of ...

  • UT Dallas joins national effort to respond to cyber attacks on public infrastructure

    August 1, 2023

    UT Dallas last week announced it’s joining a nationwide collaboration to research how to make network-connected infrastructure — including self-driving cars, drones and Wi-Fi-connected trains — more resilient to cyber attacks. The Richardson-based university joins eight others selected for the National Center for Transportation Cybersecurity and Resiliency, or TraCR, led by Clemson University in South Carolina. ...

  • A defense against attacks on unmanned ground and aerial vehicles

    July 21, 2023

    A University of Texas at Arlington engineering researcher is working on defenses that could thwart cyberattacks against networks of self-driving cars and unmanned aerial vehicles. “If hackers find a way to affect 10 out of 100 self-driving cars in a given area, they might have an impact on all 100 cars because the 10 hacked cars ...

  • Thousands of Aer Lingus staff data stolen in ransomware attack

    June 7, 2023

    A Russia-linked ransomware gang responsible for a global cyber attack that has led to 5,000 Aer Lingus staff having their data stolen may have acquired enough information for identity theft, a leading cybercrime expert has warned. US company Progress Software revealed last week hackers had found a way to compromise the MOVEit Transfer software which is ...

  • British Airways, Boots staff data compromised by payroll cyber hack

    June 5, 2023

    British Airways and retailer Boots said their staff were amongst those hit by a cyber attack on Zellis, a payroll provider used by hundreds of companies in Britain. British Airways, owned by IAG, said it had notified affected employees and was providing them with support. Read more… Source: MSN News  

  • North Korea Using Social Engineering to Enable Hacking of Think Tanks, Academia, and Media

    June 1, 2023

    The Federal Bureau of Investigation (FBI), the U.S. Department of State, and the National Security Agency (NSA), together with the Republic of Korea’s National Intelligence Service (NIS), National Police Agency (NPA), and Ministry of Foreign Affairs (MOFA), are jointly issuing this advisory to highlight the use of social engineering by Democratic People’s Republic of Korea ...

  • European air traffic control confirms website ‘under attack’ by pro-Russia hackers

    April 22, 2023

    Europe’s air-traffic agency appears to be the latest target in pro-Russian miscreants’ attempts to disrupt air travel. Eurocontrol confirmed on Friday its website has been “under attack” since April 19, and said “pro-Russian hackers” had claimed responsibility for the disruption. Read more… Source: The Register  

  • Understanding Cyber Threats in Transport

    March 21, 2023

    This new report maps and analyses cyber incidents in relation to aviation, maritime, railway and road transport covering the period of January 2021 to October 2022. The report brings new insights into the cyber threats of the transport sector. In addition to the identification of prime threats and the analysis of incidents, the report includes an ...

  • NATO and European Union launch task force on resilience of critical infrastructure

    March 16, 2023

    First announced by NATO Secretary General Jens Stoltenberg and European Commission President Ursula von der Leyen in January, the initiative brings together officials from both organisations to share best practices, share situational awareness, and develop principles to improve resilience. The Task Force will begin by focusing on four sectors: energy, transport, digital infrastructure, and space. Announcing ...

  • TSA issues new cybersecurity requirements for airport and aircraft operators

    March 7, 2023

    Today, the Transportation Security Administration (TSA) issued a new cybersecurity amendment on an emergency basis to the security programs of certain TSA-regulated airport and aircraft operators, following similar measures announced in October 2022 for passenger and freight railroad carriers. This is part of the Department of Homeland Security’s efforts to increase the cybersecurity resilience of U.S. critical infrastructure and ...

  • Scandinavian Airlines hit by cyber attack

    February 15, 2023

    Scandinavian airline SAS said it was hit by a cyber attack Tuesday evening and urged customers to refrain from using its app but later said it had fixed the problem. News reports said the hack paralyzed the carrier’s website and leaked customer information from its app. Read more… Source: Skift  

  • Hacker finds copy of TSA no-fly list on exposed cloud storage

    January 22, 2023

    A copy of the U.S. Transportation Security Administration’s “no-fly list” has been found by a Swiss hacker exposed on the open internet in yet another case of misconfigured cloud storage. First reported by The Daily Dot, the exposure of the database was found by a Swiss hacker known as “maia arson crimew” on a server run ...

  • U.S. Federal Aviation Administration says flight personnel alert system not processing updates after outage

    January 11, 2023

    The U.S. Federal Aviation Administration’s (FAA) system that alerts pilots and other flight personnel about hazards or any changes to airport facility services and relevant procedures was not processing updated information, the civil aviation regulator’s website showed on Wednesday. In an advisory, the FAA said its NOTAM (Notice to Air Missions) system had “failed”. There was ...

  • Air France and KLM notify customers of account hacks

    January 6, 2023

    Air France and KLM have informed Flying Blue customers that some of their personal information was exposed after their accounts were breached. Flying Blue is a loyalty program allowing clients of multiple airlines, including Air France, KLM, Transavia, Aircalin, Kenya Airways, and TAROM, to exchange loyalty points for various rewards. “Our security operations teams have detected suspicious ...

  • Eurozone plans to formalize passenger data, improve security

    December 20, 2022

    The European Commission last week proposed rules governing the use of Advance Passenger Information in a bid to strengthen border security. As commissioner for home affairs Ylva Johansson explained during a press conference, travel in and out of the Schengen zone – the 26 European countries between which passengers are free to travel without visas – ...

  • Cyber vulnerability in networks used by spacecraft, aircraft and energy generation systems

    November 15, 2022

    A major vulnerability in a networking technology widely used in critical infrastructures such as spacecraft, aircraft, energy generation systems and industrial control systems was exposed by researchers at the University of Michigan and NASA. It goes after a network protocol and hardware system called time-triggered ethernet, or TTE, which greatly reduces costs in high-risk settings by ...

  • Hackers took down U.S. airport web sites, Department of Homeland Security confirms

    October 10, 2022

    Unknown hackers attacked and temporarily shut down the public-facing websites of at least several major U.S. airports on Monday, a Department of Homeland Security official confirmed to USA TODAY. The official from DHS’ Cybersecurity and Infrastructure Security Agency or CISA, declined to comment on who might have been behind what appeared to be a coordinated series ...