Security News
A recently identified threat actor that remained unnoticed for roughly two years appears focused on the targeting of airlines that are using the BSPLink financial settlement software made by the International Air Transport Association, cybersecurity firm Malwarebytes reported on Wednesday. Over time, the group evolved its toolset from PowerShell Empire to the Koadic and Octopus RATs, and used LuminosityLink, RMS, Quasar, njRat and Remcos RATs in between.
The actor received the name LazyScripter and has been active since 2018, using phishing to target individuals seeking immigration to Canada for a job, airlines, and the International Air Transport Association. The researchers from Malwarebytes also found other examples where the attacker dropped other remote access trojans that are common to multiple hacking groups: LuminosityLink, RMS, Quasar, njRat, and Remcos.
A North Carolina man was sentenced to 95 months in federal prison for his involvement in multiple cyber and swatting attacks. Responsible for making threats of shootings and bombings to numerous schools located in the United States and United Kingdom, Vaughn was sentenced to 95 months in prison for child pornography and 60 months for each of the other charges.
More than half of global airlines do not have DMARC policies in place, opening their customers up to email fraud attacks, a new report found. "Overall, major global carriers are failing to implement adequate email protection - leaving themselves open to phishing, impersonation attacks and other unauthorized use of corporate domains. This is despite email remaining the number one threat vector for cybercriminals," according to Adenike Cosgrove with Proofpoint in a Tuesday report.
A law firm that is already chasing British Airways now claims it is suing Easyjet for up to £18bn, intending to take a modest £5.4bn cut for itself, after nine million people's data was stolen from the airline's servers. The no-win-no-fee firm, PGMBM, claimed in a statement today to have filed a case in London's High Court against the British airline.
A law firm that is already chasing British Airways now claims it is suing Easyjet for up to £18bn, intending to take a modest £5.4bn cut for itself, after nine million people's data was stolen from the airline's servers. The no-win-no-fee firm, PGMBM, claimed in a statement today to have filed a case in London's High Court against the British airline.
British low-cost airline EasyJet today admitted that the company has fallen victim to a cyber-attack, which it labeled "Highly sophisticated," exposing email addresses and travel details of around 9 million of its customers. In an official statement released today, EasyJet confirmed that of the 9 million affected users, a small subset of customers, i.e., 2,208 customers, have also had their credit card details stolen, though no passport details were accessed.
British low-cost airline EasyJet today admitted that the company has fallen victim to a cyber-attack, which it labeled "Highly sophisticated," exposing email addresses and travel details of around 9 million of its customers. In an official statement released today, EasyJet confirmed that of the 9 million affected users, a small subset of customers, i.e., 2,208 customers, have also had their credit card details stolen, though no passport details were accessed.
The U.K. Information Commissioner's Office has fined Cathay Pacific Airways £500,000 over a data breach that exposed the personal information of 9.4 million customers, including 111,000 British citizens, during a four-year period. A Cathay Pacific spokesman tells Information Security Media Group that the airlines cooperated with the ICO during the investigation and that it has taken steps over the last two years to improve its corporate security.
A small Alaskan airline has suffered a curiously specific "Cyber attack" that mostly affected its De Havilland Dash 8 airliners. RavnAir Group declared on 21 December that it had "Experienced a malicious cyber attack on our company's IT network" the day before, causing it to cancel all of its flights operated with Dash 8s on its RavnAir Alaska airline.