Security News

Private aviation services provider Solairus Aviation on Tuesday announced that some employee and customer data was compromised in a security incident at third-party vendor Avianis. In a data breach announcement on March 23, Solairus said aviation business management platform provider Avianis provided notification last December about an intrusion into Avianis' Microsoft Azure cloud platform, which hosts Solairus flight scheduling and tracking system.

SITA, a multinational company that specializes in air transport communications and IT, this week confirmed falling victim to a cyberattack that appears to have impacted multiple airlines around the world. SITA said on Thursday that the attack, which it described as "Highly sophisticated," affected certain passenger data stored on servers of SITA Passenger Service System Inc., which operates passenger processing systems for airlines.

Aviation boffins have found that next-gen collision aircraft avoidance systems appear to be just as vulnerable to signal spoofing attacks as older kit. In a paper distributed via ArXiv, computer scientists at the UK's University of Oxford and Switzerland's Federal Office for Defence Procurement analyzed the Airborne Collision Avoidance System X, due to be deployed on commercial aircraft in the next few years, and found that it can be manipulated by a miscreant to produce fake collision alerts that prompt pilots to take evasive action.

Garmin services appear to be in the process of being restored after the company was reportedly hit with ransomware, though its aviation services remain offline at the time of writing. Although Garmin Connect and other consumer-facing apps were gradually coming back to life, according to the company's status page, at the time of writing The Register was only able to access some of its aviation services.

The World Economic Forum believes that the success - and safety - of the aviation industry is largely down "To the successful balance between regulatory and risk priorities." But times, prompted by the Fourth Industrial Revolution and digital transformation, are changing; and WEF notes, "As technology is changing, so are the priorities of aviation stakeholders and more work is required to ensure optimal resilience." And this is without the additional complications of new technologies such as unmanned aerial vehicles. The work involved interviews, surveys and workshops with industry participants, trade associations, regulators, air navigation service providers, airlines, airports and OEM manufacturers as well as ICT and insurance businesses working with and supporting the industry.

Faulty F-15s, at-risk airbases and much more DEF CON For the first time, Vegas's annual DEF CON hacking conference has an "aviation hacking village", and the US military is scouting around there...

DNS config snafu bares Jenkins instance contents to world+dog GE Aviation managed to expose a pile of its private keys on a misconfigured Jenkins instance that was exposed to the public internet,...

A DNS misconfiguration resulted in an open Jenkins server being available to all.

The Montreal-based United Nations aviation agency concealed for months a hack of its computers and allowed malware to spread throughout the airline industry, Canada's public broadcaster reported...

Aviation, as part of the transportation sector, falls within the critical infrastructure. While it may not have the same security issues as ICS/SCADA-based manufacturing and utilities, it has...