TSA Issues Security Directive to Airports and Carriers After No-Fly List Leak

The Transportation Security Administration (TSA) has issued a security directive to all U.S. airports and air carriers, warning them of the need for more stringent cybersecurity protections following the leak of the federal No-fly list. A Swiss national recently published a blog post explaining that a copy of the No-fly list from 2019 was left exposed on an unsecured server, alongside other sensitive data from CommuteAir, a regional airline under United Airlines. The TSA has reached out to all domestic airlines to alert them of the potential for further breaches. The security directive reinforces existing requirements on handling sensitive security information and personally identifiable information. The agency has ordered the carriers to review their systems and take immediate action to ensure files are protected. The TSA is working with other federal agencies to investigate the issue. CommuteAir notified the government of the breach on January 18 and noted that none of the agency's systems were affected. Researchers found a November dark web post from the Endurance ransomware group that claimed a database of employee information had been stolen from the company. In their letter to victims of both data breaches, the company said it is working with Mandiant to modernize their systems and investigate the incidents. Rep. Dan Bishop and Committee on Homeland Security Chairman Mark Green sent a letter to TSA Administrator David Pekoske demanding answers about how the hacker was able to access versions of the Federal Terrorist Screening Dataset, as well as a version of the No-fly list. The White House has organized meetings with aviation industry leaders in recent months as it seeks to bolster cybersecurity protections in key sectors. Another congressman has called for federal agencies to investigate cybersecurity vulnerabilities in all systems underpinning air travel. A recent report found that there were 62 ransomware attacks on global aviation stakeholders in 2020 alone, and the value of ransom demands broke records in 2021. The European Air Traffic Management Computer Emergency Response Team found the number of reported cyberattacks among airline industry organizations grew 530% from 2019 to 2020.

This Cyber News was published on therecord.media. Publication date: Mon, 30 Jan 2023 22:01:03 +0000


Cyber News related to TSA Issues Security Directive to Airports and Carriers After No-Fly List Leak

U.S. No Fly List Breach: Government Investigating - A U.S. No Fly list with over 1.5 million records of banned flyers and upwards of 250,000 selectees has been shared publicly on a hacking forum. BleepingComputer has confirmed the list is the same TSA No Fly list that was discovered recently on an ...
1 year ago Bleepingcomputer.com
TSA Issues Security Directive to Airports and Carriers After No-Fly List Leak - The Transportation Security Administration (TSA) has issued a security directive to all U.S. airports and air carriers, warning them of the need for more stringent cybersecurity protections following the leak of the federal No-fly list. A Swiss ...
1 year ago Therecord.media
TSA U.S. No Fly List Leaked on Hacking Forum - It was recently discovered that a U.S. No Fly list, containing over 1.5 million records of banned flyers and 250,000 selectees has been found published on a hacking forum. According to BleepingComputer, its the same TSA No Fly list that was found on ...
1 year ago Heimdalsecurity.com
Congressman Coming for Answers After No-Fly List Hack - U.S. Congressman Bennie Thompson is demanding answers from airlines and the federal government after a "massive hack" of the no-fly list. The congressman sent a letter to the airlines and the Department of Homeland Security asking for an explanation ...
1 year ago Therecord.media
How Cisco and Wipro are Improving the Airport Experience - The airport experience can be hectic, overwhelming, and stressful. Travelers are navigating long security lines, struggling to arrive at their gate on time, and enduring inevitable flight delays that can make for an unrelaxing start to vacation. As ...
1 year ago Feedpress.me
US No-Fly List Found on the Internet - Internet security is an ever-growing concern, especially in the current climate where hackers and other malicious actors often have access to vast amounts of data. The latest example of this was recently discovered by security researchers, who found ...
1 year ago Hackread.com
Cyber Security Managed Services 101 - Benefits of an MSP. Maximizing efficiency. Cyber threats and cyberattacks like ransomware targeting SMBs continue to increase in part because malicious actors realize these organizations don't have the means or manpower for security teams. Even ...
1 year ago Trendmicro.com
FCC reminds mobile phone carriers they must do more to prevent SIM swaps - The Federal Communications Commission is warning mobile phone service providers to ensure they are shielding customers from cybercriminals who use fraudulent SIM swaps to take over unwitting victims' mobile phone accounts. The warning comes on the ...
1 year ago Therecord.media
How to Keep Cyberattacks From Taking Off - COMMENTARY. Over the last three years, the global aviation industry has been left reeling by a post-pandemic sucker punch that hit the sector with over $185 billion in losses. Once a bastion of American prosperity, airlines were forced into survival ...
1 year ago Darkreading.com
Cybersecurity jobs available right now: October 2, 2024 - Help Net Security - As an Applied Cybersecurity Engineer (Center for Securing the Homeland), you will apply interdisciplinary competencies in secure systems architecture and design, security operations, threat actor behavior, risk assessment, and network security to ...
2 months ago Helpnetsecurity.com
Fly Catcher: Detect aircraft spoofing by monitoring for malicious signals - Fly Catcher is an open-source device that can detect aircraft spoofing by monitoring for malicious ADS-B signals in the 1090MHz frequency. Angelina Tsuboi, the developer of Fly Catcher, is an enthusiastic pilot, cybersecurity researcher, and ...
11 months ago Helpnetsecurity.com
Embracing Security as Code - Everything is smooth until it isn't because we traditionally tend to handle the security stuff at the end of the development lifecycle, which adds cost and time to fix those discovered security issues and causes delays. Over the years, software ...
11 months ago Feeds.dzone.com
DHS Awards UAA to Launch New ADAC-ARCTIC Center of Excellence - S&T will provide ADAC-ARCTIC $46 million over a 10-year cooperative agreement to establish this Research Center portfolio for Homeland Security in the Arctic. Vital insights from academic-led innovative research will help the Department of Homeland ...
11 months ago Americansecuritytoday.com
Microsoft Security Copilot improves speed and efficiency for security and IT teams - First announced in March 2023, Microsoft Security Copilot-Microsoft's first generative AI security product-has sparked major interest. With the rapid innovations of Security Copilot, we have taken this solution beyond security operations use cases ...
1 year ago Microsoft.com
6 Best Cloud Security Companies & Vendors in 2024 - Cloud security companies specialize in protecting cloud-based assets, data, and applications against cyberattacks. To help you choose, we've analyzed a range of cybersecurity companies offering cloud security products and threat protection services. ...
10 months ago Esecurityplanet.com
Major Mexican airport confirms experts are working to address cyberattack - One of the highest-traffic airports in Mexico said it is responding to a cyberattack. The Querétaro Intercontinental Airport - about three hours from Mexico City - confirmed reports that it had been attacked by hackers, posting a notice on social ...
1 year ago Therecord.media
FCC orders telecom carriers to report PII data breaches within 30 days - Starting March 13th, telecommunications companies must report data breaches impacting customers' personally identifiable information within 30 days, as required by FCC's updated data breach reporting requirements. FCC's final rule follows several ...
10 months ago Bleepingcomputer.com
BT Misses Deadline For Huawei Equipment Removal - Carrier fails to completely meet UK government's year-end deadline, for removal of Huawei equipment from core network. The UK government's year-end deadline for BT to remove Huawei telecoms equipment from its core network has been missed. The ...
11 months ago Silicon.co.uk
IaaS vs PaaS vs SaaS Security: Which Is Most Secure? - Security concerns include data protection, network security, identity and access management, and physical security. While IaaS gives complete control and accountability, PaaS strikes a compromise between control and simplicity, and SaaS provides a ...
1 year ago Esecurityplanet.com
FCC Warns Carriers to Protect Customers Against SIM Swaps - A month after issuing new rules to push back against SIM-swap and similar schemes, the Federal Communications Commission is warning mobile phone service providers of their obligations to protect consumers against the growing threat. SIM swapping - ...
1 year ago Securityboulevard.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
IaaS Security: Top 8 Issues & Prevention Best Practices - Understanding the risks, advantages, and best practices connected with IaaS security is becoming increasingly important as enterprises shift their infrastructure to the cloud. By exploring the top eight issues and preventative measures, as well as ...
1 year ago Esecurityplanet.com
Five business use cases for evaluating Azure Virtual WAN security solutions - To help organizations who are evaluating security solutions to protect their Virtual WAN deployments, this article considers five business use cases and explains how Check Point enhances and complements Azure security with its best-of-breed, ...
7 months ago Blog.checkpoint.com
10 Best Security Service Edge Solutions - Security Service Edge is an idea in cybersecurity that shows how network security has changed over time. With a focus on customized solutions, Security Service Edge Solutions leverages its expertise in multiple programming languages, frameworks, and ...
10 months ago Cybersecuritynews.com
CISA Issues Emergency Directive Requiring Federal Agencies to Mitigate Ivanti Connect Secure and Policy Secure Vulnerabilities - WASHINGTON - Today, the Cybersecurity and Infrastructure Security Agency issued Emergency Directive 24-01 in response to observed widespread and active exploitation of vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure appliances by ...
11 months ago Cisa.gov

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)