TSA U.S. No Fly List Leaked on Hacking Forum

It was recently discovered that a U.S. No Fly list, containing over 1.5 million records of banned flyers and 250,000 selectees has been found published on a hacking forum. According to BleepingComputer, its the same TSA No Fly list that was found on an unsecured CommuteAir server. Per Daily Dot journalist Mikael Thalen, the list was made publicly available by Swiss hacker maia arson crimew, formerly known as Tillie Kottmann. The hacker apparently got in the possession of the list through a misconfigured AWS server belonging to Ohio-based airline CommuteAir. Steps were taken immediately to patch the leak, but the list surfaced regardless. BleepingComputer, with support from Thalen, confronted the list posted on the blog with another one found on the CommuteAir server. Two CSV files were analysed, NOFLY and SELECTEE, with the latter likely listing names of passengers who undergo a Secondary Security Screening Selection upon their arrival at U.S. airports. The NOFLY spread contained over 1.5 million records, including duplicates and spelling variations of some names, indicating that the number of names exposed is lower than the number of recorded entries in the spreadsheet. The SELECTEE spread is comprised of 251,169 records. The lists from the year 2019 include first names, last names, dates of birth, and even potential aliases of the surveilled persons. The No Fly List is also known as the Terrorist Screening Database, and is relied upon by multiple federal agencies to manage and share consolidated info for counterterrorism purposes. Given the crucial role they play in assisting with duties related to national security and law enforcement, even though they are not Classified, such databases are hidden and considered to be sensitive in nature. The government may Nominate terrorists or plausible suspects who represent a threat to national security for inclusion on the secret watchlist. One such entry discovered by Daily Dot is the Russian arms dealer Viktor Bout, together with his 16 potential aliases. When inquired by BleepingComputer to give more detail on the incident, a TSA spokesperson declared that the organization has started an investigation to get to the bottom of the problem. A security directive was issued to airports and air carriers on the 27th of January. The security directive reinforces existing requirements on handling sensitive security information and personally identifiable information. We will continue to work with partners to ensure that they implement security requirements to safeguard systems and networks from cyberattacks. Another source close to the matter informed BleepingComputer that no TSA information systems were compromised as part of the breach. CommuteAir was notified by a member of the security research community who identified a misconfigured development server. The researcher accessed files uploaded to the server in July 2022 that included outdated 2019 versions of the federal no-fly and selectee lists that contained certain individuals names and dates of birth. The lists were used for testing our software-based compliance process for implementing federally-mandated security requirements. Through the server, the researcher accessed a database containing personal identifiable information of CommuteAir employees. CommuteAir immediately took the affected server offline and started an investigation to determine the extent of data access. To date, our investigation indicates that no customer data was exposed. CommuteAir has reported the data exposure to the Cybersecurity and Infrastructure Security Agency, and also notified its employees. U.S. Congressman Dan Bishop, alongside Dr. Mark Green, the Homeland Security Committee chairman, posted a series of

This Cyber News was published on heimdalsecurity.com. Publication date: Tue, 31 Jan 2023 15:59:03 +0000


Cyber News related to TSA U.S. No Fly List Leaked on Hacking Forum

U.S. No Fly List Breach: Government Investigating - A U.S. No Fly list with over 1.5 million records of banned flyers and upwards of 250,000 selectees has been shared publicly on a hacking forum. BleepingComputer has confirmed the list is the same TSA No Fly list that was discovered recently on an ...
1 year ago Bleepingcomputer.com
TSA U.S. No Fly List Leaked on Hacking Forum - It was recently discovered that a U.S. No Fly list, containing over 1.5 million records of banned flyers and 250,000 selectees has been found published on a hacking forum. According to BleepingComputer, its the same TSA No Fly list that was found on ...
1 year ago Heimdalsecurity.com
TSA Issues Security Directive to Airports and Carriers After No-Fly List Leak - The Transportation Security Administration (TSA) has issued a security directive to all U.S. airports and air carriers, warning them of the need for more stringent cybersecurity protections following the leak of the federal No-fly list. A Swiss ...
1 year ago Therecord.media
Encouraging Ethical Hacking Skills in Students - This article delves into the significance of encouraging ethical hacking skills in students and the numerous benefits it offers to individuals and society as a whole. Possessing ethical hacking skills can provide students with a competitive advantage ...
1 year ago Securityzap.com
Congressman Coming for Answers After No-Fly List Hack - U.S. Congressman Bennie Thompson is demanding answers from airlines and the federal government after a "massive hack" of the no-fly list. The congressman sent a letter to the airlines and the Department of Homeland Security asking for an explanation ...
1 year ago Therecord.media
US No-Fly List Found on the Internet - Internet security is an ever-growing concern, especially in the current climate where hackers and other malicious actors often have access to vast amounts of data. The latest example of this was recently discovered by security researchers, who found ...
1 year ago Hackread.com
Alleged ShinyHunters Hacker Pleads Not Guilty After US Extradition - The ShinyHunters group is known for some of the largest data breaches in 2021-2022, in which the personal data of hundreds of millions of users was leaked on the now-seized Raidforums. In July 2022, HackRead.com reported on Sebastian Raoult, an ...
1 year ago Hackread.com
70 million account credentials were leaked in a massive password dump - A security researcher has unearthed what appears to be one of the biggest password dumps ever. Over 70 million unique credentials have been leaked on the dark web. ADVERTISEMENT. The news came to light when Troy Hunt, the owner of the popular breach ...
11 months ago Ghacks.net
AT&T says leaked data of 70 million people is not from its systems - AT&T says a massive trove of data impacting 71 million people did not originate from its systems after a hacker leaked it on a cybercrime forum and claimed it was stolen in a 2021 breach of the company. While BleepingComputer has not been able to ...
9 months ago Bleepingcomputer.com
U.S. No Fly List Data Breach Leaked on Hacker Forum - The U.S. No Fly List, a database of individuals who are barred from boarding commercial airlines due to security concerns, has been leaked on a hacker forum. The breach includes the full names and dates of birth of 1,817,233 individuals on the list ...
1 year ago Hackread.com
Hacker leaks millions of new 23andMe genetic data profiles - A hacker has leaked an additional 4.1 million stolen 23andMe genetic data profiles for people in Great Britain and Germany on a hacking forum. Earlier this month, a threat actor leaked the stolen data of 1 million Ashkenazi Jews who used 23andMe ...
1 year ago Bleepingcomputer.com
Hacker Conversations: Chris Evans, Hacker and CISO - Chris Evans is CISO and chief hacking officer at HackerOne. SecurityWeek's Hacker Conversations series seeks to understand the mind and motivations of hackers by talking to hackers. Evans challenges the common perception of both hackers and their ...
5 months ago Securityweek.com
Credentials are Still King: Leaked Credentials, Data Breaches and Dark Web Markets - Infostealers infect computers, steal all of the credentials saved in the browser along with active session cookies and other data, then export it back to command and control infrastructure before, in some cases, self-terminating. This article will ...
11 months ago Bleepingcomputer.com
Okta says data leaked on hacking forum not from its systems - Okta denies that its company data was leaked after a threat actor shared files allegedly stolen during an October 2023 cyberattack on a hacker forum. Okta is a San Fransisco-based cloud identity and access management solutions provider whose Single ...
9 months ago Bleepingcomputer.com
FBI seize BreachForums hacking forum used to leak stolen data - The FBI has seized the notorious BreachForums hacking forum used to leak and sell stolen corporate data to other cybercriminals. The seizure occurred on Wednesday morning, soon after the site was used last week to leak data stolen from a Europol law ...
7 months ago Bleepingcomputer.com
Dutch hacker jailed for extortion, selling stolen data on RaidForums - A former Dutch cybersecurity professional was sentenced to four years in prison after being found guilty of hacking and blackmailing more than a dozen companies in the Netherlands and worldwide. The suspect, a 21-year-old man from Zandvoort named ...
1 year ago Bleepingcomputer.com
"Do Not Push To Production" And Other Insecure Code, Demonstrated By An Ethical Hacker - Viewers got to see some interesting vulnerabilities and coding practices that made her demo app pretty open to exploits. A friend of mine published a book about it over 25 years ago, called The Happy Hacker. If you're hacking without permission, no ...
1 year ago Securityboulevard.com
Update your white hat hacking skills with $70 off this training bundle - Ethical hacking is a useful skill set not just for cybersecurity experts, but for every IT worker. The Ultimate 2020 White Hat Hacker Certification Bundle provides 10 detailed courses to get you up to speed on using hacking skills for positive ends. ...
11 months ago Bleepingcomputer.com
Syrian Threat Group Peddles Destructive SilverRAT - The group behind a sophisticated remote access Trojan, SilverRAT, has links to both Turkey and Syria and plans to release an updated version of the tool to allow control over compromised Windows systems and Android devices. According to a threat ...
11 months ago Darkreading.com
Ten Years Later, New Clues in the Target Breach - On Dec. 18, 2013, KrebsOnSecurity broke the news that U.S. retail giant Target was battling a wide-ranging computer intrusion that compromised more than 40 million customer payment cards over the previous month. Ten years later, KrebsOnSecurity has ...
1 year ago Krebsonsecurity.com
Fly Catcher: Detect aircraft spoofing by monitoring for malicious signals - Fly Catcher is an open-source device that can detect aircraft spoofing by monitoring for malicious ADS-B signals in the 1090MHz frequency. Angelina Tsuboi, the developer of Fly Catcher, is an enthusiastic pilot, cybersecurity researcher, and ...
11 months ago Helpnetsecurity.com
No Fly List Leaked on Unsecured Server: Data Breach Highlights Need for Improved Cybersecurity - A recent data breach has highlighted just how important it is for organizations to have robust cybersecurity measures in place. On December 30th, a French-language news outlet reported that the traveler watch list for France, or the “no-fly” ...
1 year ago Securityaffairs.com
Chinese hacking documents offer glimpse into state surveillance - Chinese police are investigating an unauthorized and highly unusual online dump of documents from a private security contractor linked to the nation's top policing agency and other parts of its government - a trove that catalogs apparent hacking ...
10 months ago Apnews.com
China's Dogged Campaign to Portray Itself as Victim of US Hacking - For more than two years, China's government has been attempting to portray the US as indulging in the same kind of cyber espionage and intrusion activities as the latter has accused of carrying out over the past several years. A recent examination of ...
10 months ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)