- Researcher breaches Toyota supplier portal with info on 14,000 partners
February 7, 2023
Toyota’s Global Supplier Preparation Information Management System (GSPIMS) was breached by a security researcher who responsibly reported the issue to the company. GSPIMS is the car manufacturer’s web application that allows employees and suppliers to remotely log in and manage the firm’s global supply chain. Read more… Source: Bleeping Computer
- Hacker finds copy of TSA no-fly list on exposed cloud storage
January 22, 2023
A copy of the U.S. Transportation Security Administration’s “no-fly list” has been found by a Swiss hacker exposed on the open internet in yet another case of misconfigured cloud storage. First reported by The Daily Dot, the exposure of the database was found by a Swiss hacker known as “maia arson crimew” on a server run ...
- Ransomware severs 1,000 ships from on-shore servers
January 19, 2023
Norwegian maritime risk management business is getting a lesson in that very area, after a ransomware attack forced its ShipManager software offline and left 1,000 ships without a connection to on-shore servers. DNV said the attack happened on January 7, and updated its report yesterday to say it involved ransomware – but affected vessels are not ...
- Nissan North America data breach caused by vendor-exposed database
January 17, 2023
Nissan North America has begun sending data breach notifications informing customers of a breach at a third-party service provider that exposed customer information. The security incident was reported to the Office of the Maine Attorney General on Monday, January 16, 2023, where Nissan disclosed that 17,998 customers were affected by the breach. Read more… Source: Bleeping Computer
- U.S. Federal Aviation Administration says flight personnel alert system not processing updates after outage
January 11, 2023
The U.S. Federal Aviation Administration’s (FAA) system that alerts pilots and other flight personnel about hazards or any changes to airport facility services and relevant procedures was not processing updated information, the civil aviation regulator’s website showed on Wednesday. In an advisory, the FAA said its NOTAM (Notice to Air Missions) system had “failed”. There was ...
- Air France and KLM notify customers of account hacks
January 6, 2023
Air France and KLM have informed Flying Blue customers that some of their personal information was exposed after their accounts were breached. Flying Blue is a loyalty program allowing clients of multiple airlines, including Air France, KLM, Transavia, Aircalin, Kenya Airways, and TAROM, to exchange loyalty points for various rewards. “Our security operations teams have detected suspicious ...
- Toyota, Mercedes, BMW API flaws exposed owners’ personal info
January 4, 2023
Almost twenty car manufacturers and services contained API security vulnerabilities that could have allowed hackers to perform malicious activity, ranging from unlocking, starting, and tracking cars to exposing customers’ personal information. The security flaws impacted well-known brands, including BMW, Roll Royce, Mercedes-Benz, Ferrari, Porsche, Jaguar, Land Rover, Ford, KIA, Honda, Infiniti, Nissan, Acura, Hyundai, Toyota, and ...
- LockBit ransomware claims attack on Port of Lisbon in Portugal
December 30, 2022
A cyberattack hitting the Port of Lisbon Administration (APL), the third-largest port in Portugal, on Christmas day, has been claimed by the LockBit ransomware gang. The Port of Lisbon is part of the critical infrastructure in Portugal’s capital city, being one of the most accessed ports in Europe, due to its strategic location, and serving container ...
- Eurozone plans to formalize passenger data, improve security
December 20, 2022
The European Commission last week proposed rules governing the use of Advance Passenger Information in a bid to strengthen border security. As commissioner for home affairs Ylva Johansson explained during a press conference, travel in and out of the Schengen zone – the 26 European countries between which passengers are free to travel without visas – ...
- Uber suffers new data breach after attack on vendor, info leaked online
December 12, 2022
Uber shared further information with BleepingComputer on how its data was stolen in a breach on Teqtivity, which provides asset management and tracking services for the company. Uber has suffered a new data breach after a threat actor leaked employee email addresses, corporate reports, and IT asset information stolen from a third-party vendor in a cybersecurity ...
- DeathStalker targets legal entities with new Janicab variant
December 8, 2022
“Dosen’t matter how long you wait for the bus on a rainy day, X seconds was enough to get wet?” Just to clarify, the above subheading isn’t a normal quote, but a message that Janicab malware attempted to decode in its newest use of YouTube dead-drop resolvers (DDRs). While hunting for less common Deathstalker intrusions that use ...
- Cybersecurity laws to be updated to boost UK protection from cyber attacks
November 30, 2022
The UK’s cybersecurity laws will be updated to require outsourced IT providers to meet security standards as part of efforts to better protect supply chains, the Government has announced. The Network and Information Systems (NIS) Regulations will be updated so third-party firms providing IT services to businesses will be compelled to have effective cybersecurity measures in ...
- Sweden launches Europe’s most advanced Hub for Automotive Cyber Security
November 25, 2022
Research Institute engages ethical hackers and the latest research in cyber technology to combat spiraling threats to connected vehicles State owned Research Institutes of Sweden, RISE, is launching Europe’s most advanced cyber security initiative dedicated to vehicle testing. RISE Cyber Test Lab for Automotive enable the automotive industry to test vehicles by using the latest ...
- Cyber vulnerability in networks used by spacecraft, aircraft and energy generation systems
November 15, 2022
A major vulnerability in a networking technology widely used in critical infrastructures such as spacecraft, aircraft, energy generation systems and industrial control systems was exposed by researchers at the University of Michigan and NASA. It goes after a network protocol and hardware system called time-triggered ethernet, or TTE, which greatly reduces costs in high-risk settings by ...
- Shocker: EV charging infrastructure is seriously insecure
November 15, 2022
If you’ve noticed car charging stations showing up in your area, congratulations! You’re part of a growing network of systems so poorly secured they could one day be used to destabilize entire electrical grids, and which contain enough security issues to be problematic today. That’s what scientists at Sandia National Laboratory in Albuquerque, New Mexico have ...
- Whoosh confirms data breach after hackers sell 7.2M user records
November 14, 2022
The Russian scooter-sharing service Whoosh has confirmed a data breach after hackers started to sell a database containing the details of 7.2 million customers on a hacking forum. Whoosh is Russia’s leading urban mobility service platform, operating in 40 cities with over 75,000 scooters. On Friday, a threat actor began selling the stolen data on a hacking ...
- DHL named most-spoofed brand in phishing
October 24, 2022
DHL is the most spoofed brand when it comes to phishing emails, according to Check Point. Crooks most frequently used the brand name in their attempts to steal personal and payment information from marks between July and September 2022, with the shipping giant accounting for 22 percent of all worldwide phishing attempts intercepted by the cybersecurity ...
- Japanese giants to offer security-as-a-service for connected cars
October 18, 2022
Japanese industrial giants NTT Communications Corporation and Denso Corporation have decided to start a business “to respond to the threat of increasingly sophisticated cyber-attacks against vehicles.” NTT Communications is a global IT services company that is a member of the NTT Group (which confusingly also operates NTT Data, another global IT services company). Denso is an ...
- Europol: 31 arrested for stealing cars by hacking keyless tech
October 18, 2022
With the support of Europol and Eurojust, the French authorities in cooperation with their Spanish and Latvian counterparts have dismantled a car theft ring which used a fraudulent software to steal vehicles without using the physical key fob. The criminals targeted vehicles with keyless entry and start systems, exploiting the technology to get into the car ...
- Hackers took down U.S. airport web sites, Department of Homeland Security confirms
October 10, 2022
Unknown hackers attacked and temporarily shut down the public-facing websites of at least several major U.S. airports on Monday, a Department of Homeland Security official confirmed to USA TODAY. The official from DHS’ Cybersecurity and Infrastructure Security Agency or CISA, declined to comment on who might have been behind what appeared to be a coordinated series ...