Transportation


  • American Airlines discloses data breach after employee email compromise

    September 19, 2022

    American Airlines has notified customers of a recent data breach after attackers compromised an undisclosed number of employee email accounts and gained access to sensitive personal information. In notification letters sent on Friday, September 16th, the airline explained that it has no evidence that the exposed data was misused. American Airlines discovered the breach on July 5th, ...

  • Uber security breach ‘looks bad’, potentially compromising all systems

    September 15, 2022

    Uber reportedly has suffered another massive security incident, which is likely more extensive than its 2016 data breach and potentially may have compromised its entire network. It also can result in access logs being deleted or altered. A hacker on Thursday was believed to have breached multiple internal systems, with administrative access to Uber’s cloud services ...

  • Albania Claims New Cyberattack on Day the US Sanctions Iran for July Attack

    September 9, 2022

    Albania said it suffered another cyberattack on the day the U.S. announced sanctions against Iran’s Ministry of Intelligence and Security (MOIS) for an attack launched against Tirana’s government computer systems in July. “The national police’s computer systems were hit Friday by a cyberattack which, according to initial information, was committed by the same actors who in ...

  • Hackers target hotel and travel companies with fake reservations

    August 21, 2022

    A hacker tracked as TA558 has upped their activity this year, running phishing campaigns that target multiple hotels and firms in the hospitality and travel space. The threat actor uses a set of 15 distinct malware families, usually remote access trojans (RATs), to gain access to the target systems, perform surveillance, steal key data, and eventually ...

  • RTLS systems vulnerable to MiTM attacks, location manipulation

    August 16, 2022

    Security researchers have uncovered multiple vulnerabilities impacting UWB (ultra-wideband) RTLS (real-time locating systems), enabling threat actors to conduct man-in-the-middle attacks and manipulate tag geo-location data. RTLS technology is widely used in industrial environments, mass transit, healthcare, and smart city applications. Its primary role is to assist in safety by defining geofencing zones using tracking tags, signal ...

  • Potential hack for some Boeing planes fixed

    August 12, 2022

    A digital vulnerability in the computer systems used on some Boeing Co aircraft that could have allowed malicious hackers to modify data and cause pilots to make dangerous miscalculations has been fixed, security researchers said on Friday. Older versions of a digital tool used to calculate landing and take-off speeds on some aircraft could be tampered ...

  • Automotive supplier breached by 3 ransomware gangs in 2 weeks

    August 10, 2022

    An automotive supplier had its systems breached and files encrypted by three different ransomware gangs over two weeks in May, two of the attacks happening within just two hours. The attacks followed an initial breach of the company’s systems by a likely initial access broker (IAB) in December 2021, who exploited a firewall misconfiguration to breach ...

  • TSA revises and reissues cybersecurity requirements for pipeline owners and operators

    July 21, 2022

    WASHINGTON – The Transportation Security Administration (TSA) announced the revision and reissuance of its Security Directive regarding oil and natural gas pipeline cybersecurity. This revised directive will continue the effort to build cybersecurity resiliency for the nation’s critical pipelines. Developed with extensive input from industry stakeholders and federal partners, including the Department’s Cybersecurity and Infrastructure Security ...

  • Walmart-controlled flight booking service suffers substantial data leak

    July 19, 2022

    An Indian flight booking website majority-owned by US retail colossus Walmart has experienced a data breach, but is saying very little about what happened or the risks to customers. News of the breach emerged on Monday, when customers received a message. While the message to customers assures them that “no sensitive information pertaining to your Cleartrip account” ...

  • CISA released Security Advisory on MiCODUS MV720 Global Positioning System (GPS) Tracker

    July 19, 2022

    CISA has released an Industrial Controls Systems Advisory (ICSA) detailing six vulnerabilities that were discovered in MiCODUS MV720 Global Positioning System Tracker. Successful exploitation of these vulnerabilities may allow a remote actor to exploit access and gain control the global positioning system tracker. These vulnerabilities could impact access to a vehicle fuel supply, vehicle control, or ...

  • Russian cyber attack on Lithuania unlikely to provoke military response

    June 28, 2022

    A NATO member is under attack. Normally the meaning of this would be frighteningly clear, but this is an attack with a difference: not a physical attack, but a cyber attack; and working out what a cyber attack means is never simple. The NATO member in question is the Baltic state of Lithuania, which was targeted on ...

  • Russian hackers claim responsibility for cyberattack on Lithuania

    June 27, 2022

    Russian hacker group Killnet has claimed responsibility for a denial-of-service (DDOS) cyberattack on Lithuania, saying it was in response to the decision by Vilnius to block the transit of some sanctioned goods to the Russian exclave of Kaliningrad. Lithuanian state and private institutions were hit by the denial-of-service cyberattack on Monday, the Baltic country’s National Cyber ...

  • Automotive fabric supplier TB Kawashima announces cyberattack

    June 25, 2022

    TB Kawashima, part of the Japanese automotive component manufacturer Toyota Boshoku of the Toyota Group of companies, announced that one of its subsidiaries has been hit by a cyberattack. The company did not confirm but there is reason to suspect that it is dealing with an attack from the LockBit ransomware group. TB Kawashima is a manufacturer ...

  • Hackers Can Steal Your Tesla by Creating Their Own Personal Keys

    June 9, 2022

    Last year, Tesla issued an update that made its vehicles easier to start after being unlocked with their NFC key cards. Now, a researcher has shown how the feature can be exploited to steal cars. For years, drivers who used their Tesla NFC key card to unlock their cars had to place the card on the ...

  • Microsoft seizes 41 domains tied to ‘Iranian phishing ring’

    June 7, 2022

    Microsoft has obtained a court order to seize 41 domains used by what the Windows giant said was an Iranian cybercrime group that ran a spear-phishing operation targeting organizations in the US, Middle East, and India. The Microsoft Digital Crimes Unit said the gang, dubbed Bohrium, took a particular interest in those working in technology, transportation, ...

  • Australian digital driving licenses can be defaced in minutes

    May 30, 2022

    An Australian digital driver’s license (DDL) implementation that officials claimed is more secure than a physical license has been shown to easily defaced, but authorities insist the credential remains secure. New South Wales, Australia’s most populous state, launched its DDL program in 2019, and as of 2021 officials there said that slightly more than half of ...

  • What’s wrong with automotive mobile apps?

    May 25, 2022

    The recent story about the 19-year-old hacker who took control of several dozen Tesla cars has become something of a sensation. We already know that there was an issue with a third-party app that enabled access to data from Teslas. This made it possible for the security researcher to lock and unlock the cars, turn the ...

  • GM credential stuffing attack exposed car owners’ personal info

    May 24, 2022

    US car manufacturer GM disclosed that it was the victim of a credential stuffing attack last month that exposed some customers’ information and allowed hackers to redeem rewards points for gift cards. General Motors operates an online platform to help owners of Chevrolet, Buick, GMC, and Cadillac vehicles manage their bills, services, and redeem rewards points. Car ...

  • Critically Underrated: Studying the Data Distribution Service (DDS) Protocol

    April 19, 2022

    Despite being unknown even to industry practitioners, the Data Distribution Service (DDS) protocol has been in use for more than a decade. This middleware software technology is responsible for running billions of public and private devices and mechanisms currently in use. DDS is integral in embedded systems that require real-time machine-to-machine communication, facilitating a reliable ...

  • Powerful cyber attack on Russia’s Civil Aviation Authority servers: no more data nor back-up

    March 29, 2022

    A powerful and effective cyberattack on the Russian Federal Air Transport Agency (Rosaviatsia) infrastructure that took place on Saturday morning has erased all documents, files, aircraft registration data and mails from the servers. In total, about 65 terabytes of data was erased. The news became known on Monday morning, the agency’s official website (favt.ru) went ...