CyberSecurityBoard
Sponsor Register Login

TSA Issues Security Directive to Airports and Carriers After No-Fly List Leak

The Transportation Security Administration (TSA) has issued a security directive to all U.S. airports and air carriers, warning them of the need for more stringent cybersecurity protections following the leak of the federal No-fly list. A Swiss national recently published a blog post explaining that a copy of the No-fly list from 2019 was left exposed on an unsecured server, alongside other sensitive data from CommuteAir, a regional airline under United Airlines. The TSA has reached out to all domestic airlines to alert them of the potential for further breaches. The security directive reinforces existing requirements on handling sensitive security information and personally identifiable information. The agency has ordered the carriers to review their systems and take immediate action to ensure files are protected. The TSA is working with other federal agencies to investigate the issue. CommuteAir notified the government of the breach on January 18 and noted that none of the agency's systems were affected. Researchers found a November dark web post from the Endurance ransomware group that claimed a database of employee information had been stolen from the company. In their letter to victims of both data breaches, the company said it is working with Mandiant to modernize their systems and investigate the incidents. Rep. Dan Bishop and Committee on Homeland Security Chairman Mark Green sent a letter to TSA Administrator David Pekoske demanding answers about how the hacker was able to access versions of the Federal Terrorist Screening Dataset, as well as a version of the No-fly list. The White House has organized meetings with aviation industry leaders in recent months as it seeks to bolster cybersecurity protections in key sectors. Another congressman has called for federal agencies to investigate cybersecurity vulnerabilities in all systems underpinning air travel. A recent report found that there were 62 ransomware attacks on global aviation stakeholders in 2020 alone, and the value of ransom demands broke records in 2021. The European Air Traffic Management Computer Emergency Response Team found the number of reported cyberattacks among airline industry organizations grew 530% from 2019 to 2020.

This Cyber News was published on therecord.media. Publication date: Mon, 30 Jan 2023 22:01:03 +0000


Cyber News related to TSA Issues Security Directive to Airports and Carriers After No-Fly List Leak

U.S. No Fly List Breach: Government Investigating - A U.S. No Fly list with over 1.5 million records of banned flyers and upwards of 250,000 selectees has been shared publicly on a hacking forum. BleepingComputer has confirmed the list is the same TSA No Fly list that was discovered recently on an ...
2 years ago Bleepingcomputer.com
TSA Issues Security Directive to Airports and Carriers After No-Fly List Leak - The Transportation Security Administration (TSA) has issued a security directive to all U.S. airports and air carriers, warning them of the need for more stringent cybersecurity protections following the leak of the federal No-fly list. A Swiss ...
2 years ago Therecord.media
TSA U.S. No Fly List Leaked on Hacking Forum - It was recently discovered that a U.S. No Fly list, containing over 1.5 million records of banned flyers and 250,000 selectees has been found published on a hacking forum. According to BleepingComputer, its the same TSA No Fly list that was found on ...
2 years ago Heimdalsecurity.com
Congressman Coming for Answers After No-Fly List Hack - U.S. Congressman Bennie Thompson is demanding answers from airlines and the federal government after a "massive hack" of the no-fly list. The congressman sent a letter to the airlines and the Department of Homeland Security asking for an explanation ...
2 years ago Therecord.media
25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
3 months ago Cybersecuritynews.com
How Cisco and Wipro are Improving the Airport Experience - The airport experience can be hectic, overwhelming, and stressful. Travelers are navigating long security lines, struggling to arrive at their gate on time, and enduring inevitable flight delays that can make for an unrelaxing start to vacation. As ...
1 year ago Feedpress.me
US No-Fly List Found on the Internet - Internet security is an ever-growing concern, especially in the current climate where hackers and other malicious actors often have access to vast amounts of data. The latest example of this was recently discovered by security researchers, who found ...
2 years ago Hackread.com
What we know about the cyberattack that hit major European airports - A significant cyberattack recently targeted major European airports, disrupting operations and raising concerns about aviation cybersecurity. This incident highlights the increasing threat landscape facing critical infrastructure sectors, ...
2 weeks ago Cnbc.com
FCC reminds mobile phone carriers they must do more to prevent SIM swaps - The Federal Communications Commission is warning mobile phone service providers to ensure they are shielding customers from cybercriminals who use fraudulent SIM swaps to take over unwitting victims' mobile phone accounts. The warning comes on the ...
1 year ago Therecord.media LAPSUS$
Cyber Security Managed Services 101 - Benefits of an MSP. Maximizing efficiency. Cyber threats and cyberattacks like ransomware targeting SMBs continue to increase in part because malicious actors realize these organizations don't have the means or manpower for security teams. Even ...
2 years ago Trendmicro.com
How to Keep Cyberattacks From Taking Off - COMMENTARY. Over the last three years, the global aviation industry has been left reeling by a post-pandemic sucker punch that hit the sector with over $185 billion in losses. Once a bastion of American prosperity, airlines were forced into survival ...
1 year ago Darkreading.com
Top 30 Best Penetration Testing Tools - 2025 - The tool supports various protocols and offers advanced filtering and analysis capabilities, making it ideal for diagnosing network issues, investigating security incidents, and understanding complex network interactions during penetration testing. ...
6 months ago Cybersecuritynews.com
Fly Catcher: Detect aircraft spoofing by monitoring for malicious signals - Fly Catcher is an open-source device that can detect aircraft spoofing by monitoring for malicious ADS-B signals in the 1090MHz frequency. Angelina Tsuboi, the developer of Fly Catcher, is an enthusiastic pilot, cybersecurity researcher, and ...
1 year ago Helpnetsecurity.com
CVE-2025-38248 - In the Linux kernel, the following vulnerability has been resolved: ...
3 months ago
Malaysia PM says country rejected $10 million ransom demand after airport outages | The Record from Recorded Future News - Malaysia’s National Cyber Security Agency (NACSA) and Malaysia Airports released a joint statement Tuesday confirming that a cyberattack started causing disruptions on March 23. Computer outages at Malaysia’s Kuala Lumpur International Airport ...
6 months ago Therecord.media
Cybersecurity jobs available right now: October 2, 2024 - Help Net Security - As an Applied Cybersecurity Engineer (Center for Securing the Homeland), you will apply interdisciplinary competencies in secure systems architecture and design, security operations, threat actor behavior, risk assessment, and network security to ...
1 year ago Helpnetsecurity.com
DHS Awards UAA to Launch New ADAC-ARCTIC Center of Excellence - S&T will provide ADAC-ARCTIC $46 million over a 10-year cooperative agreement to establish this Research Center portfolio for Homeland Security in the Arctic. Vital insights from academic-led innovative research will help the Department of Homeland ...
1 year ago Americansecuritytoday.com
CVE-2024-42103 - In the Linux kernel, the following vulnerability has been resolved: ...
9 months ago
Embracing Security as Code - Everything is smooth until it isn't because we traditionally tend to handle the security stuff at the end of the development lifecycle, which adds cost and time to fix those discovered security issues and causes delays. Over the years, software ...
1 year ago Feeds.dzone.com
Major Mexican airport confirms experts are working to address cyberattack - One of the highest-traffic airports in Mexico said it is responding to a cyberattack. The Querétaro Intercontinental Airport - about three hours from Mexico City - confirmed reports that it had been attacked by hackers, posting a notice on social ...
1 year ago Therecord.media LockBit
FCC orders telecom carriers to report PII data breaches within 30 days - Starting March 13th, telecommunications companies must report data breaches impacting customers' personally identifiable information within 30 days, as required by FCC's updated data breach reporting requirements. FCC's final rule follows several ...
1 year ago Bleepingcomputer.com
BT Misses Deadline For Huawei Equipment Removal - Carrier fails to completely meet UK government's year-end deadline, for removal of Huawei equipment from core network. The UK government's year-end deadline for BT to remove Huawei telecoms equipment from its core network has been missed. The ...
1 year ago Silicon.co.uk
FCC Warns Carriers to Protect Customers Against SIM Swaps - A month after issuing new rules to push back against SIM-swap and similar schemes, the Federal Communications Commission is warning mobile phone service providers of their obligations to protect consumers against the growing threat. SIM swapping - ...
1 year ago Securityboulevard.com LAPSUS$
CISA Issues Emergency Directive Requiring Federal Agencies to Mitigate Ivanti Connect Secure and Policy Secure Vulnerabilities - WASHINGTON - Today, the Cybersecurity and Infrastructure Security Agency issued Emergency Directive 24-01 in response to observed widespread and active exploitation of vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure appliances by ...
1 year ago Cisa.gov CVE-2023-46805 CVE-2024-21887

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)