Transportation


  • Principles of operational technology cyber security

    October 1, 2024

    Critical infrastructure organisations provide vital services, including supplying clean water, energy, and transportation, to the public. These organisations rely on operational technology (OT) to control and manage the physical equipment and processes that provide these critical services. As such, the continuity of vital services relies on critical infrastructure organisations ensuring the cyber security and safety ...

  • Millions of Kia vehicles were vulnerable to remote attacks with just a license plate number

    September 27, 2024

    In June of 2024 security researchers uncovered a set of vulnerabilities in the Kia dealer portal that allowed them to remotely take over any Kia vehicle built after 2013—and all they needed was a license plate number. According to the researchers: “These attacks could be executed remotely on any hardware-equipped vehicle in about 30 seconds, regardless ...

  • Storm-0501: Ransomware attacks expanding to hybrid cloud environments

    September 26, 2024

    Microsoft has observed the threat actor tracked as Storm-0501 launching a multi-staged attack where they compromised hybrid cloud environments and performed lateral movement from on-premises to cloud environment, leading to data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware deployment. The said attack targeted multiple sectors in the United States, including government, manufacturing, transportation, and ...

  • UK railway stations Wi-Fi affected by cyber attack

    September 26, 2024

    The wi-fi has been hacked at 19 UK railway stations to display a message about terror attacks. Network Rail confirmed that the wi-fi systems at stations including London Euston, Manchester Piccadilly, Liverpool Lime Street, Birmingham New Street, Edinburgh Waverley and Glasgow Central were affected. People reported logging on to the wi-fi at the stations on Wednesday ...

  • Sunken superyacht believed to contain watertight safes with sensitive intelligence data

    September 21, 2024

    Specialist divers surveying the wreckage of the $40 million superyacht that sank off Sicily in August, killing seven people including British tech tycoon Mike Lynch, have asked for heightened security to guard the vessel, over concerns that sensitive data locked in its safes may interest foreign governments, multiple sources told CNN. Italian Prosecutors who have opened ...

  • Almost 500GB of data allegedly leaked in RansomHub attack on Kawasaki

    September 18, 2024

    Kawasaki Motors Europe (KME) recently released a statement confirming it was the victim of a cyber attack. The attack caused significant service disruptions as the cybercriminals threatened to release stolen data. KME confirmed, “At the start of September, Kawasaki Motors Europe (KME) was the subject of a cyberattack which, although not successful, resulted in the company’s ...

  • Teenager arrested following cyber attack on Transport for London

    September 13, 2024

    A 17-year-old boy has been arrested following a cyber attack on Transport for London. Hackers may have accessed the bank details and home addresses of at least 5,000 customers, TfL admitted on Thursday. The Information Commissioner has been informed. National Crime Agency officers said they had arrested a teenager from Walsall, in the West Midlands, on ...

  • Chinese-made cargo equipment enables cyber, espionage risks in US ports

    September 12, 2024

    A year-long probe led by GOP members of two House panels found that numerous seaports around the U.S. contain technology originating from Chinese manufacturers that could enable espionage and sabotage. The study conducted by lawmakers and staff on the House Homeland Security Committee and Select Committee on the Chinese Communist Party said that it was an ...

  • Thousands of Avis car rental customers had personal data stolen in cyberattack

    September 9, 2024

    Car rental giant Avis is notifying hundreds of thousands of people that their personal information and driver’s license numbers were stolen in an August cyberattack. The New Jersey-headquartered company said in a data breach notice filed with several U.S. attorneys general over the past week that it discovered intruders in one of its business applications on ...

  • UK: TfL still affected by ‘ongoing cyber incident’

    September 6, 2024

    Transport for London (TfL) has restricted its online services as its computer systems continue to be affected by a cyber attack. The organisation said it took action including limiting access to some live travel information services via apps and its website, and preventing passengers from viewing their journey history for trips paid for by contactless cards. ...

  • US Department of Homeland Security looks to infosec testbed to help protect ports

    September 6, 2024

    The US Department of Homeland Security has outlined plans to enhance cyber security through the Maritime Transport System (MTS).The department’s aim is to protect the system and infrastructure used to ensure safe and free navigation of US waterways. Ports are a vital part of the US economy, contributing $649 to GDP and generating 13 million jobs. ...

  • Mystery database containing sensitive info on 762,000 car-owners discovered by researchers

    September 6, 2024

    In early August, cybersecurity researchers from Cybernews discovered an unprotected database containing sensitive information on hundreds of thousands of Chinese individuals. To this day, they haven’t figured out who the database belongs to, or why it was generated and left open in the first place. Using Elasticsearch, a search engine for databases, the team of researchers ...

  • Tropic Trooper spies on government entities in the Middle East

    September 5, 2024

    Tropic Trooper (also known as KeyBoy and Pirate Panda) is an APT group active since 2011. This group has traditionally targeted sectors such as government, healthcare, transportation and high-tech industries in Taiwan, the Philippines and Hong Kong. Kaspersky recent investigation has revealed that in 2024 they conducted persistent campaigns targeting a government entity in the Middle ...

  • Transport for London dealing with ‘ongoing cyber security incident’

    September 3, 2024

    Transport for London (TfL) is dealing with whats it calls an “ongoing cyber security incident”. The organisation, which is responsible for most of London’s transport network, has not shared specific details of the incident but it confirmed there is currently no evidence customer data has been compromised. Shashi Verma, TfL’s chief technology officer, said: “We have ...

  • Head Mare: adventures of a unicorn in Russia and Belarus

    September 2, 2024

    Head Mare is a hacktivist group that first made itself known in 2023 on the social network X (formerly Twitter). In their public posts, the attackers reveal information about some of their victims, including organization names, internal documents stolen during attacks, and screenshots of desktops and administrative consoles. By analyzing incidents in Russian companies, Kaspersky researchers ...

  • A million airport parking customers affected in huge data breach

    August 31, 2024

    A million Park’N Fly customers have had their sensitive data stolen after the company suffered a cyberattack. The news was confirmed in a data breach notification letter sent out by the company, which noted the threat actors accessed the company’s IT infrastructure in July 2024 using stolen VPN credentials. The crooks stole people’s full names, email ...

  • #StopRansomware: RansomHub Ransomware

    August 29, 2024

    The Federal Bureau of Investigation (FBI) and partners are releasing this joint advisory to disseminate known RansomHub ransomware IOCs and TTPs. These have been identified through FBI threat response activities and third-party reporting as recently as August 2024. RansomHub is a ransomware-as-a-service variant—formerly known as Cyclops and Knight—that has established itself as an efficient and successful ...

  • SMS scammers use toll fees as a lure

    August 27, 2024

    In April 2024, the FBI warned about a new type of smishing scam. Smishing is the term we use for phishing attacks sent via text message. This particular smishing scam tries to trick users into clicking a link by telling them they owe a “small amount” in toll fees. The scammers send a text claiming that ...

  • Port of Seattle says it was hit with possible cyberattack; outage affects airport, phone systems

    August 25, 2024

    The Port of Seattle said Saturday it was hit with a “possible cyberattack” that impacted Seattle-Tacoma International Airport, phone systems, and websites. The outage was first reported Saturday morning just after 9 a.m. PT, described as an “internet and web systems outage.” A few hours later, Seattle-Tacoma International Airport posted on X and said the Port ...

  • US FAA revising aircraft cybersecurity rules

    August 22, 2024

    US regulators are seeking to revise and simplify the framework for cybersecurity provision on aircraft, in order to harmonise with European certification standards and avoid continually having to issue special conditions. This revision follows several years of work to address the need to protect against unlawful electronic interference as aircraft systems have evolved – notably since ...