The editors at Solutions Review take a look at the best free VPN that are actually free. Not for 30 days. Not under limitations. Full features, fully free. Forever.

When youre on the hunt for a free VPN, youll find a lot of free VPNs. Free for 30 days. Free for x amount of megabytes. Free but really slow. Free but can be frustrating. Free should mean a fully featured, full-speed VPN with the opportunity to upgrade to a premium account should you want to. No strings attached.

These are the best free VPN out there that are actually free.

Founded in 2019, Atlas VPN is a highly secure freemium VPN service with a goal to make safe and open internet accessible for everyone. In 2021, Atlas VPN became part of Nord Security a leader in providing digital security and privacy solutions. While relatively new to the VPN scene, they are already trusted by more than 6 million users across the world. Our main driving force is to make digital privacy and security accessible to all consumers, irrespective of their budget or tech-savviness. Anyone is welcome to try Atlas VPN for free or sign up for premium services with more additional features.

hide.me is a Malaysia-based VPN platform formed in 2011, with the goal to provide internet security and freedom for every internet user. Their foundation was built on three goals: free plans, so every internet user can enjoy online security, speedy connections, so users wont be deterred to connect to a VPN, and easy to use, so anyone can use it, and not just the tech savvy bunch. With over 1800 VPN servers in 70+ locations, native applications for Android, Windows, iOS, macOS and Android TV, and a lifetime free subscription hide.me delivers on their founding promise to over 20M users.

Hotspot Shield is is a public VPN service operated by AnchorFree, Inc., out of California. The company works with a freemium model and provides free software with general features and a paid version with certain enhanced features, such as virtual server locations, improved speeds, unlimited bandwidth, and 24/7 live support. The app is available for Microsoft Windows, Mac OS X, Android and iOS operating systems. Hotspot Shield supports 3,200 servers in 80+ countries, including 35+ cities around the world, while boasting military-grade encryption that blocks 57 million malware and phishing sites a day.

PrivadoVPN is a Switzerland-based platform, launched in 2019. PrivadoVPNs simple-to-use apps for Android, Windows, macOS, iOS, Fire TV Stick, and AndroidTV. You can also access their super fast servers manually in Linux. When you connect to the PrivadoVPN network, you are protected by 256-bit AES encryption. All of your incoming and outgoing data is sent through an encrypted tunnel so that third parties wont be able to intercept your private information. Theres even the option to securely access region-blocked content by changing to any of their global servers effectively masking your IP address and physical location.

Proton VPN is a Swiss-based virtual private network provider founded in 2014 by a team of scientists who met at CERN (the European Center for Nuclear Research) and created Proton Mail, the worlds largest encrypted email service. Its service is available for Windows, macOS, Android, and iOS; and also has a command-line tool for Linux and can be implemented using the IPSEC protocol. Proton VPN can also be installed on a Wireless Router. Proton VPN utilizes OpenVPN and the IKEv2 protocol with AES-256 encryption. Proton VPN has over 1,700 servers, sited in 64 different nations.

Founded in 2016, Windscribe is a commercial VPN service provider with applications for Windows, macOS, Linux, Android, and iOS with support for routers and other platforms via custom configurations. Windscribe is based in Canada. Windscribe uses industry-standard VPN protocols to encrypt and route a users connection to one of their servers. Windscribe uses the OpenVPN, Internet Key Exchange v2/IPsec, and WireGuard protocols in its applications and manual configurations. Windscribe servers support P2P file sharing and is promoted as a no-log VPN service from their privacy policy.

Mike Costello is the Content Editor for Cybersecurity at Solutions Review. His work covers Endpoint Security, Identity Management, and SIEM. He is a professionally trained writer and storyteller with a solid foundation in working in a multitude of platforms including print, web, and video. Adaptable, he is consistent in finding the right voice on various topics and delivering stories that grab your attention. You can reach him at mcostello at solutionsreview dot com.

View post:
The 6 Best Free VPN (That Are Actually Free) - Solutions Review

2022 AUG 19 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- A patent application by the inventor Hatch, Thomas S. (Lehi, UT, US), filed on April 18, 2022, was made available online on August 4, 2022, according to news reporting originating from Washington, D.C., by NewsRx correspondents.

This patent application has not been assigned to a company or institution.

The following quote was obtained by the news editors from the background information supplied by the inventors: Recent years have seen rapid development in software products and electronic devices. For example, software products can affect functionality related to communication of data to and from electronic devices as well as operation of operating systems and/or individual applications installed on the electronic devices. As software and hardware become more complex, it becomes increasingly difficult to effectively secure information contained on electronic devices as well as information transmitted to and from electronic devices (e.g., over the Internet). Indeed, in an attempt to gather information, many individuals use viruses, spyware, malware, and other threatening tools to gather sensitive and/or valuable information.

While many tools exist for avoiding potential threats in cybersecurity of electronic devices, conventional cybersecurity systems often fail to adequately address potential security issues. For example, conventional cybersecurity systems typically utilize dedicated diagnostic tools for identifying whether a personal computer is compliant with a known security standard. Conventional diagnostic tools, however, are limited to providing a report of settings or configurations on a device that are out of compliance with a known set of standards. The report is then generally provided to an information technology (IT) administrator who manually addresses issues identified by the report or, alternatively, utilizes a separate software tool to facilitate remediation of various issues identified by the diagnostic tool.

In addition to failing to enable effective diagnosis and remediation of potential security issues, conventional cybersecurity systems can be inflexible and computationally prohibitive. For example, conventional cybersecurity systems are often limited to scanning a device for compliance with a specific security standard (e.g., Center for Internet Security (CIS) standards, Standard Technical Implementation Guide (STIG) standards, Payment Card Industry (PCI) standards, and Health Insurance Portability and Accountability Act (HIPAA)). As a result, conventional systems may provide an effective tool for identifying potential security threats for a select group of devices or programs uniquely tailored to a particular security standard. However, conventional cybersecurity systems may fail to effectively identify potential security threats for other devices or programs not specifically tailored to the security standard. Furthermore, while a device may simply run different security checks based on multiple security standards, running comprehensive checks based on multiple standards can be expensive and can utilize significant computing resources.

These along with additional problems and issues exist with regard to conventional cybersecurity systems.

In addition to the background information obtained for this patent application, NewsRx journalists also obtained the inventors summary information for this patent application: Embodiments of the present disclosure provide benefits and/or solve one or more of the foregoing and other problems in the art with systems, methods and computer-readable media that enforce security policies on a client device (or other computing device). In particular, in one or more embodiments, the disclosed systems enforce security policies by performing operations that enable an agent on the client device to both scan and fix security issues. For example, the disclosed systems can enforce a security policy by performing an idempotent operation in which a check and a fix of a security policy are the same operation (e.g., a check operation is the fix operation). In this way, the systems described herein can effectively identify and remediate configuration settings of a client device out of compliance with security standards using a single software agent.

In addition, in one or more embodiments the disclosed systems provide a policy-driven approach to enforcing security policies applicable to a wider range of client devices and applications. Indeed, by providing a policy-driven approach to enforcing security policies, the disclosed systems can enable a client device to comply with multiple security standards while performing a fewer number of operations than conventional systems, thereby improving performance of the client device without sacrificing substantial processing resources. In addition, by enforcing security policies using a policy-driven approach, the disclosed systems provide more effective security across a wider range of client devices and applications for which different security standards may be better suited to address potential security issues.

Additional features and advantages of one or more embodiments of the present disclosure are outlined in the description which follows, and in part will be obvious from the description, or may be learned by the practice of such example embodiments.

The claims supplied by the inventors are:

1. An apparatus comprising: at least one memory; instructions in the apparatus; and processor circuitry to execute the instructions to: enforce a first security policy of a first security standard; audit for a first compliance level with the first security standard; audit for a second compliance level with a second security standard; determine an overlap between the first security standard and the second security standard, the overlap associated with a second security policy; enforce the second security standard; and determine an update of the first compliance level based on the overlap.

2. The apparatus of claim 1, wherein the processor circuitry is to execute the instructions to enforce at least one of the first security policy or the second security policy with an idempotent operation in which a check and a fix of the security policy are the same operation.

3. The apparatus of claim 1, wherein the processor circuitry is to execute the instructions to: determine whether an exemption applies to at least one of the first or second security policies and in response to a determination that the exemption applies to the at least one of the first or second security policies, bypass enforcement of the at least one of the first or second security policies.

4. The apparatus of claim 1, wherein the processor circuitry is to execute the instructions to generate a compliance report indicating a measure of compliance with at least one of the first security standard or the second security standard.

5. The apparatus of claim 1, wherein the processor circuitry is to execute the instructions to generate mapping information associating a plurality of security policies to a plurality of security standards.

6. The apparatus of claim 5, wherein the mapping information includes information indicating the overlap between the first security standard and the second security standard.

7. The apparatus of claim 1, wherein compliance with a security standard includes configuration settings of an application or operating system on a client device.

8. The apparatus of claim 1, wherein the processor circuitry is to determine the update of the first compliance level based on the overlap before performing an additional audit of the first compliance level.

9. A non-transitory computer readable storage medium comprising instructions which, when executed, cause processor circuitry to at least: enforce a first security policy of a first security standard; audit for a first compliance level with the first security standard; audit for a second compliance level with a second security standard; determine an overlap between the first security standard and the second security standard, the overlap associated with a second security policy; enforce the second security standard; and determine an update of the first compliance level based on the overlap.

10. The non-transitory computer readable storage medium of claim 9, wherein the instructions, when executed, cause the processor circuitry to enforce at least one of the first security policy or the second security policy with an idempotent operation in which a check and a fix of the security policy are the same operation.

11. The non-transitory computer readable storage medium of claim 9, wherein the instructions, when executed, cause the processor circuitry to: determine whether an exemption applies to at least one of the first or second security policies; and in response to a determination that the exemption applies to the at least one of the first or second security policies, bypass enforcement of the at least one of the first or second security policies.

12. The non-transitory computer readable storage medium of claim 9, wherein the instructions, when executed, cause the processor circuitry to generate a compliance report indicating a measure of compliance with at least one of the first security standard or the second security standard.

13. The non-transitory computer readable storage medium of claim 9, wherein the instructions, when executed, cause the processor circuitry to generate mapping information associating a plurality of security policies to a plurality of security standards.

14. The non-transitory computer readable storage medium of claim 13, wherein the mapping information includes information indicating the overlap between the first security standard and the second security standard.

15. The non-transitory computer readable storage medium of claim 9, wherein compliance with a security standard includes configuration settings of an application or operating system on a client device.

16. The non-transitory computer readable storage medium of claim 9, wherein the instructions, when executed, cause the processor circuitry to determine the update of the first compliance level based on the overlap before performing an additional audit of the first compliance level.

17. A method comprising: enforcing, by executing an instruction with a processor, a first security policy of a first security standard; auditing, by executing an instruction with the processor, for a first compliance level with the first security standard; auditing, by executing an instruction with the processor, for a second compliance level with a second security standard; determining, by executing an instruction with the processor, an overlap between the first security standard and the second security standard, the overlap associated with a second security policy; enforcing, by executing an instruction with the processor, the second security standard; and determining, by executing an instruction with the processor, an update of the first compliance level based on the overlap.

18. The method of claim 17, further including enforcing at least one of the first security policy or the second security policy with an idempotent operation in which a check and a fix of the security policy are the same operation.

19. The method of claim 17, further including: determining whether an exemption applies to at least one of the first or second security policies; and in response to determining that the exemption applies to the at least one of the first or second security policies, bypassing enforcement of the at least one of the first or second security policies.

20. The method of claim 17, further including generating a compliance report indicating a measure of compliance with at least one of the first security standard or the second security standard.

21. The method of claim 17, further including generating mapping information associating a plurality of security policies to a plurality of security standards.

22. The method of claim 21, wherein the mapping information includes information indicating the overlap between the first security standard and the second security standard.

23. The method of claim 17, wherein compliance with a security standard includes configuration settings of an application or operating system on a client device.

24. The method of claim 17, further including determining the update of the first compliance level based on the overlap before performing an additional audit of the first compliance level.

URL and more information on this patent application, see: Hatch, Thomas S. Scanning And Remediating Configuration Settings Of A Device Using A Policy-Driven Approach. Filed April 18, 2022 and posted August 4, 2022. Patent URL: https://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220220247793%22.PGNR.&OS=DN/20220247793&RS=DN/20220247793

(Our reports deliver fact-based news of research and discoveries from around the world.)

Read the original post:
Scanning And Remediating Configuration Settings Of A Device Using A Policy-Driven Approach in Patent Application Approval Process (USPTO 20220247793):...

Dateline Moscow, Kyiv, and Minsk: Insecurity in the communications zone.

Ukraine at D+169: Partisans, both kinetic and cyber. (CyberWire) Ukraine appears determined to convince Russia (and its Belarusian fellow-traveler) that the rear areas, including Crimea and Belarusian border regions themselves aren't safe places any longer. A website aims to train and empower anti-Russian cyber partisans.

Russia-Ukraine war: List of key events, day 170 (Al Jazeera) As the Russia-Ukraine war enters its 170th day, we take a look at the main developments.

UN nuclear watchdog warns of grave hour amid fresh shelling of Ukraines Zaporizhzhia plant (the Guardian) Agency chief calls for immediate end to military activity around plant, saying further deeply worrying incidents could lead to disaster

Russia-Ukraine war: 'Explosions heard at Belarus airbase' near Ukrainian border (The Telegraph) Unexplained explosions were heard in the early hours on Thursday at a military airbase in Belarus near the Ukrainian border, that Russia has been using as one of the launchpads for the invasion.

Belarus says 'technical incident' behind blasts at military base (Reuters) Belarus said on Thursday that blasts heard overnight at one of its military bases 30 km (19 miles) from Ukraine were caused by a "technical incident."

Ukraine says Marines resist Russian push in Kherson region (Newsweek) The Ukrainian Navy took out 16 Russian soldiers in the Donetsk region, according to the force.

Satellite pictures show devastation at Russian air base in Crimea (Reuters) Satellite pictures released on Thursday showed devastation at a Russian air base in Crimea, hit in an attack that suggested Kyiv may have obtained new long-range strike capability with potential to change the course of the war.

Damage at Air Base in Crimea Worse Than Russia Claimed, Satellite Images Show (New York Times) Russian authorities had previously portrayed the blast as minor, but the satellite images show three major craters and at least eight destroyed warplanes. Local officials listed dozens of damaged buildings and declared a state of emergency.

Russian warplanes destroyed in Crimea airbase attack, satellite images show (the Guardian) Multiple aircraft at Saky base in Crimea blown up, with the new evidence suggesting possibility of targeted attack

Ukraines Strike in Crimea Could Be a Turning Point in the War (The Bulwark) Determined soldiers and steady flows of supplies point to continued Ukrainian success.

Great Expectations? The Next Phase of the Russo-Ukrainian War (War on the Rocks) Michael Kofman joined Ryan for yet another conversation about the unfolding tragedy of the Russo-Ukrainian War.

Vladimir Putins military cupboard is bare (The Telegraph) The Kremlin will want to respond to Ukraines attack in Crimea. It may no longer have the ability to do so

Putin is running out of excuses as Ukraine expands the war to Crimea (Atlantic Council) Ukraine appears to have struck deep inside Russian-occupied Crimea for the first time on August 9 with an audacious attack on a heavily defended military base. The explosions at western Crimeas Saki airbase rattled nerves in Moscow and sparked panic throughout the Russian-occupied Ukrainian peninsula, with traffic jams reported on routes leading to the Crimean Bridge as Russian holidaymakers scrambled to cut short their vacations.

Putin Has Opened a Pandoras Box of International Adventurism (Wilson Center) In Ukraine, Vladimir Putin has failed on many levels. He is paying an enormous cost, but he has been successful enough to usher in a barrage of unintended consequences for the worlds economy and some of the worlds most opportunistic players.

Latvia designates Russia a "state sponsor of terrorism" over Ukraine war (Reuters) Latvia's parliament on Thursday designated Russia as a "state sponsor of terrorism" over the war in Ukraine and called on Western allies to impose more comprehensive sanctions on Moscow in order to bring an end to the conflict.

The Other Ukrainian Army (The Atlantic) Imperiled by Russian invaders, private citizens are stepping forward to do what Ukraines government cannot.

Crimea bridge jammed with traffic as Russians flee after air base blasts (Newsweek) The Saki air base near Novofedorivka village was hit in a strike that reportedly killed one person and damaged or destroyed nine Russian planes.

Ukraine mocks crying Russian in Crimea with explosions video (Newsweek) The video includes footage of Russian tourists watching explosions at the Saky air base, after which on-screen text reads: "Time to head home. Crimea is Ukraine."

Russian journalist who protested Putin's war live on TV placed under house arrest (The Telegraph) Marina Ovsyannikova could face 10 years in prison if convicted of demonstration near the Kremlin

Ukraine cyber chief pays surprise visit to 'Black Hat' hacker meeting in Las Vegas (Reuters) Ukraine's top cyber official addressed a room full of security experts at a hackers' convention following a two-day trip from the capital, Kyiv, to a golden casino in Las Vegas.

Black Hat 2022 Cyberdefense in a global threats era (WeLiveSecurity) ESET's expert Tony Anscombe take on this first day of Black Hat 2022, with a special highlights on the cyberwar in Ukraine and the role of cyberdefense.

How one Ukrainian ethical hacker is training 'cyber warriors' in the fight against Russia (The Record by Recorded Future) In the Ukrainian hacker community, Mykyta Knysh is a household name. The 31-year-old former employee of Ukraines Security Service (SBU) founded cybersecurity consulting company HackControl in 2017 and launched a YouTube channel about internet security and digital literacy. It has about 8,000 subscribers.

How Russian sanctions may be helping US cybersecurity (SearchSecurity) Government officials say Russian sanctions following the invasion of Ukraine are slowing down cyber attacks on the U.S.

Past And Future In Ukraine And Belarus (RadioFreeEurope/RadioLiberty) A crucial time in the war in Ukraine, and two years since a disputed election led to protests and crackdown in Belarus. Nigel Gould-Davies, senior fellow for Russia and Eurasia at the International Institute for Strategic Studies, joins host Steve Gutterman to discuss.

How Does Russias War against Ukraine Affect Civilians Living Near Front Lines? (Wilson Center) Since February, Russia has been attacking Ukrainian cities from different directions with different weapons. Tens of thousands of people have died because of this attack. How is the invasion affecting people in these areas, and what challenges do they face in everyday life? Here are a few insights into the living conditions of Ukrainian citizens in war zones, from a reporter who regularly travels to regions neighboring the Russian army.

Generation UA: Young Ukrainians are driving the resistance to Russias war (Atlantic Council) Generation UA: From politics and the military to civil society and journalism, the post-independence generation of young Ukrainians is driving the country's remarkable fight back against Russia's invasion.

Western nations pledge more military support for Ukraine (AP NEWS) Western countries agreed Thursday to continue long-term funding to help Ukraines military keep fighting nearly 5 months after Russia invaded its neighbor, saying 1.5 billion euros ($1.5 billion) has been pledged so far and more is coming.

Turkey Is the Biggest Swing Player in the Russia-Ukraine War (Foreign Policy) Ankara has used its unique position for a strategic advantage.

When will Sweden and Finland join NATO? Tracking the ratification process across the Alliance. (Atlantic Council) With this tracker, the Atlantic Council team is keeping tabs on the countries that have ratified the amended NATO treatyand handicapping the political prospects for ratification in the rest.

Expert on the ground: What the NATO ratification process looks like from Finland (Atlantic Council) Helsinki is watching closely as political momentum builds for Finland and Sweden's NATO accession, with military preparation already under way.

Will the Ukraine War Return Poland to Europes Democratic Fold? (Foreign Policy) Europe and Poland need each other more than ever.

Europe's Exhaustion (Wilson Center) The first bomb that fell on Kyiv on February 24 buried the united Europe project that had been born out of the ruins of World War II. This explosion raises fundamental, perhaps even existential, questions, to which Europe is only now starting to wake up.

German soldier sent army secrets to Russian spies out of sympathy (The Telegraph) Former reservist on trial accused of feeding Moscows military intelligence service with sensitive industrial and army details

The US-Led Drive to Isolate Russia and China Is Falling Short (Bloomberg) While the US and its allies have sanctioned Russia for its invasion of Ukraine, half of the countries in the Group of Twenty have not signed up.

China on the Offensive (Foreign Affairs) How the Ukraine war has changed Beijings strategy.

Chinas New Vassal (Foreign Affairs) The war in Ukraine turned Moscow into Beijings junior partner.

How Putins Ukraine War Has Only Made Russia More Reliant on China (Defense One) Despite Putins imperial dreams, in the last six months China has increasingly dictated the direction of the partnership and squeezed more concessions from the Russians.

Russia Cant Fight a War and Still Arm the World (Foreign Affairs) How the countrys shrinking weapons exports could change the Middle East.

Why Is Armenia So Close to Russia and Iran? (Foreign Policy) The small Caucasus country challenges the idea that the world is splitting into democratic and autocratic camps.

Thousands sign Ukraine petition to remove Amnesty chief Agnes Callamard (Newsweek) Ukrainian civil society leaders are demanding action after an Amnesty International report that "spit in the face of Ukrainian people."

Germanys Frantic Push to Reduce Gas Consumption (Foreign Policy) As Russia weaponizes its gas exports, Germany is left scrambling to meet its needsand reduction targets.

Internal documents: BSI warning about Kaspersky was strongly politically motivated - How smart Technology changing lives (Tech Smart) After Russia's military attack on Ukraine, the BSI abruptly blocked communication with Kaspersky and coordinated with the Ministry of the Interior. Internal documents from the Federal Office for Information Security (BSI) show how difficult it was for the cyber security authority to deal with the start of Russia's war

The EUs Next Ban Could Be on Russian Tourists (World Politics Review) A debate is raging across Europe over whether all Russians should be banned from entering the EU.

#StopRansomware: Zeppelin Ransomware (CISA) Actions to take today to mitigate cyber threats from ransomware: Prioritize remediating known exploited vulnerabilities. Train users to recognize and report phishing attempts. Enable and enforce multifactor authentication.

APT-C-35: New Windows Framework Revealed (Morphisec) Morphisec Labs exclusively details new updates to the Windows framework of the advanced persistent threat actors APT-C-35, a.k.a the DoNot Team.

How a Venezuelan disinformation campaign swayed voters in Colombia (CSO Online) A Black Hat presentation explains how Russia-aligned Venezuela influenced the presidential election in Columbia to its political benefit.

Facebook parent company pushes back on two cyber-espionage groups (Washington Examiner) These outfits create fake personas and impersonate famous people or attractive women.

DHS undersecretary: Log4j problem is not over, may take a decade or longer (The Record by Recorded Future) The controversy and concern around Log4j is far from over, according to the chair of Homeland Security's Cyber Safety Review Board.

Loki Is Part Cyberdeck, Part Sinclair Spectrum, And Pretty Tricky (Hackaday) Youve got to watch out for Loki hes a trickster, after all, and he might make you think this semi-cyberdeck mash-up machine is named after him, when the backstory on this buil

Xiaomi phones with MediaTek chips vulnerable to forged payments (BleepingComputer) Security analysts have found weaknesses in the implementation of the trusted execution environment (TEE) in MediaTek-powered Xiaomi smartphones, which could enable third-party unprivileged apps to disable the payment system or forge payments.

LNKs Awakening: Cybercriminals Moving from Macros to Shortcut Files to Access Business PCs (HP) HP Inc. (NYSE: HPQ) today issued its quarterly Threat Insights Report revealing that a wave of cybercriminals spreading malware families including QakBot, IceID, Emotet, and RedLine Stealer are shifting to shortcut (LNK) files to deliver malware. Shortcuts are replacing Office macros which are starting to be blocked by default in Office as a way for attackers to get a foothold within networks by tricking users into infecting their PCs with malware. This access can be used to steal valuable company data, or sold on to ransomware groups, leading to large-scale breaches that could stall business operations and result in significant remediation costs.

OT Security Firm Warns of Safety Risks Posed by Alerton Building System Vulnerabilities (SecurityWeek) Potentially serious vulnerabilities have been found in a building management system made by Alerton, a brand of industrial giant Honeywell.

Windows-based HMIs are too slow for monitoring process sensors or plant equipment anomalies (Control Global) Microsoft Windows has been widely adopted as a Human-Machine Interface (HMI) for Operational Technology (OT) networks which includes control systems, process sensors, and equipment monitoring. Why? Because it was there and available, not because it was optimized for the task. Windows has proven to be a great operating system for business systems and information exchange between Information Technology (IT) and OT organizations. But as an HMI to provide detailed engineering data, not so much.

AT&T Customer Data Found on the Dark Web (Hold Security) Data that likely belongs to AT&T Internet, TV, and landline customers was identified in the hands of the Romanian cyber criminals.

It Might Be Our Data, But Its Not Our Breach (KrebsOnSecurity) A cybersecurity firm says it has intercepted a large, unique stolen data set containing the names, addresses, email addresses, phone numbers, Social Security Numbers and dates of birth on nearly 23 million Americans. The firm's analysis of the data suggests

Cisco Confirms Data Breach, Hacked Files Leaked (Dark Reading) Ransomware gang gained access to the company's VPN in May by convincing an employee to accept a multifactor authentication (MFA) push notification.

NHS IT supplier held to ransom by hackers (BBC News) Its IT provider says it may take three or four weeks to fully recover from the cyber-attack.

Cyber-attack targets IT firm used by Northern Ireland's health service (BBC News) Health officials shut down system access to services provided by IT company Advanced as a precaution.

NHS ransomware attack: what happened and how bad is it? (the Guardian) Cyber-attacks on health bodies appear to be on the rise again after a hiatus early in the pandemic

NHS working with U.K. cyber authorities to assess ransomware attack on IT vendor (The Record by Recorded Future) The U.K.s National Health Service said it is working with the countrys National Cyber Security Centre to investigate a recent ransomware attack on a major IT vendor.

Swan Bitcoin Discloses Data Leak Due to Phishing Attack on Newsletter Provider (Decrypt) Crypto trading app Swan Bitcoin is among dozens of crypto businesses affected by a data breach suffered by email marketing firm Klaviyo.

Report: Ransomware gangs, fraudsters laundered $540 million through RenBridge platform (The Record by Recorded Future) Hackers and cryptocurrency thieves are turning to so-called cross-chain platforms to launder money and avoid attempts by law enforcement to trace and freeze their illicit proceeds.

Facebooks In-app Browser on iOS Tracks Anything You Do on Any Website (Threatpost) Researcher shows how Instagram and Facebooks use of an in-app browser within both its iOS apps can track interactions with external websites.

Emotet Phishing UpdateAnd a Reminder to Turn On Dark Cubed Auto-Blocking (Dark Cubed) In one of our first Threat Spotlight entries back in early February , we introduced Emotet malware and why its so dangerous to the Dark Cubed user community, one comprising mostly small businesses. Now, weve uncovered evidence that Emotets threat to our user community - and the broader small bu

iOS Privacy: Instagram and Facebook can track anything you do on any website in their in-app browser (Felix Krause) The iOS Instagram and Facebook app render all third party links and ads within their app using a custom in-app browser. This causes various risks for the user, with the host app being able to track every single interaction with external websites, from all form inputs like passwords and addresses, to every single tap.

CISA Adds Two Known Exploited Vulnerabilities to Catalog (CISA) CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.

August Patch Tuesday 2022: Updates and Analysis (CrowdStrike) The CrowdStrike Falcon Spotlight team analyzes this months vulnerabilities, highlights the most severe CVEs and recommends how to prioritize patching.

Hackers are still using these old security flaws in Microsoft Office. Make sure you've patched them (ZDNet) 'Malware authors still achieve their aims by relying on aging vulnerabilities,' warn security researchers.

Cisco Releases Security Update for Multiple Products (CISA) Cisco has released a security update to address a vulnerability affecting Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software. This vulnerability could allow a remote attacker to obtain sensitive information. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

Siemens Simcenter STAR-CCM+ (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Simcenter STAR-CCM+ Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Simcenter STAR-CCM+ contains an information disclosure vulnerability when using the Power-on-Demand public license server.

Siemens Teamcenter (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Siemens Equipment: Teamcenter Vulnerabilities: Command Injection, Infinite Loop 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to command injection and denial-of-service condition.

Schneider Electric EcoStruxure, EcoStruxure Process Expert, SCADAPack RemoteConnect for x70 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure, EcoStruxure Process Expert, SCADAPack RemoteConnect for x70 Vulnerabilities: Heap-based Buffer Overflow, Wrap or Wraparound, Classic Buffer Overflow, Out-of-bounds Write 2.

Emerson ROC800, ROC800L and DL8000 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: High attack complexity Vendor: Emerson Equipment: ROC800, ROC800L and DL8000 Vulnerability: Insufficient Verification of Data Authenticity CISA is aware of a public report, known as OT:ICEFALL that details vulnerabilities found in multiple operational technology (OT) vendors.

Siemens SICAM A8000 Web Server Module (CISA) 1. EXECUTIVE SUMMARY CVSS v3 4.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SICAM A8000 CP-8000, CP-8021, CP-8022 Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthenticated access to the web interface of the affected web server.

Siemens SICAM TOOLBOX II (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SICAM TOOLBOX II Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability results in full access to the database.

Siemens SCALANCE (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE Vulnerabilities: Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection), Allocation of Resources Without Limits or Throttling, Basic Cross Site Scripting 2.

Siemens SIMATIC S7-400 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC S7-400 Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to create a denial-of-service condition.

Siemens Industrial Products Intel CPUs (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIMATIC, SINUMERIK Vulnerabilities: Missing Encryption of Sensitive Data 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-222-05 Siemens Industrial Products Intel CPU that was published August 10, 2021, to the ICS webpage on http://www.cisa.gov/uscert.

Siemens Industrial Products LLDP (Update B) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Industrial Products Vulnerabilities: Classic Buffer Overflow, Uncontrolled Resource Consumption 2.

Siemens Linux-based Products (Update G) (CISA) 1. EXECUTIVE SUMMARYCVSS v3 7.4ATTENTION: Exploitable remotelyVendor: SiemensEquipment: Linux based productsVulnerability: Use of Insufficiently Random Values2. UPDATE INFORMATIONThis updated advisory is a follow-up to the advisory update titled ICSA-21-131-03 Siemens Linux-based Products (Update F) that was published November 11, 2021, to the ICS webpage at http://www.cisa.gov/uscert.

Siemens Datalogics File Parsing Vulnerability (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Teamcenter Visualization and JT2Go Vulnerability: Heap-based buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could crash a system or potentially lead to arbitrary code execution if a user opens a malicious PDF file.

Siemens S7-400 CPUs (Update A) (CISA) This updated advisory is a follow-up to the advisory update titled ICSA-18-317-02 Siemens S7-400 CPUs (Update A) that was published May 14, 2019, on the ICS webpage on cisa.gov/ics. This advisory contains mitigations for an Improper Input Validation vulnerability in versions of SIMATIC S7-400 products.

Siemens SIMATIC Software Products (Update B) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIMATIC Software Products Vulnerability: Incorrect Permission Assignment for Critical Resource 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-194-06 Siemens SIMATIC Software Products (Update A) that was published July 13, 2021, to the ICS webpage on cisa.gov/ics

Siemens SIMATIC S7-1200 and S7-1500 CPU Families (Update B) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC S7-1200 and S7-1500 CPU families Vulnerabilities: Use of a Broken or Risky Cryptographic Algorithm, Missing Support for Integrity Check 2.

Baxter Sigma Spectrum Infusion Pumps (Update B) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Baxter Equipment: Sigma Spectrum Infusion Pumps Vulnerabilities: Use of Hard-coded Password, Cleartext Transmission of Sensitive Data, Incorrect Permission Assignment for Critical Resource, Operation on a Resource After Expiration or Release 2.

Siemens Industrial Products with OPC UA (Update H) (CISA) 1. EXECUTIVE SUMMARY CVSS v37.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC, SINEC-NMS, SINEMA, SINEMURIK Industrial Control Products with OPC UA Vulnerability: Uncaught Exception 2.

Siemens PROFINET Stack Integrated on Interniche Stack (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: PROFINET Stack Integrated on Interniche Stack Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a denial-of-service condition.

Siemens TIA Portal (Update C) (CISA) 1. EXECUTIVE SUMMARYCVSS v3 7.8ATTENTION: Low skill level to exploitVendor: SiemensEquipment: TIA PortalVulnerability: Path Traversal2. UPDATE INFORMATIONThis updated advisory is a follow-up to the advisory update titled ICSA-20-014-05 Siemens TIA Portal (Update B) that was published January 12, 2021, to the ICS webpage at http://www.cisa.gov/uscert/ics.

Siemens Teamcenter (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Teamcenter Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to remote code execution with elevated permissions.

Siemens Industrial Devices using libcurl (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Industrial devices using libcurl Vulnerabilities: Use After Free 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash and allow an attacker to interfere with the affected products in various ways.

Siemens SIMATIC WinCC and PCS (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC WinCC and PCS Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Externally-Accessible File or Directory 2.

Siemens Teamcenter (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Teamcenter Vulnerabilities: Stack-based Buffer Overflow, Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of these vulnerabilities may lead the binary to crash or allow an attacker to view files on the application server filesystem.

Siemens Industrial Products (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: OPC Foundation Local Discovery Server of several industrial products Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition on the service or the device.

Siemens OpenSSL Vulnerabilities in Industrial Products (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely/high attack complexity Vendor: Siemens Equipment: Siemens Industrial Products Vulnerability: NULL Pointer Dereference 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an unauthenticated attacker to cause a denial-of-service condition if a maliciously crafted renegotiation message is sent.

Siemens RUGGEDCOM ROS (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM ROS Vulnerability: Improper Control of Generation of Code 2. RISK EVALUATION Successful exploitation of this vulnerability could cause malicious behavior through legitimate user accounts accessing certain web resources on affected devices.

Simcenter Femap and Parasolid (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION:Low attack complexity Vendor: Siemens Equipment: Simcenter Femap and Parasolid Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform remote code execution in the context of the current process of the application through an out-of-bounds read.

Siemens SRCS VPN Feature in SIMATIC CP Devices (CISA) 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC CP Devices Vulnerabilities: Heap-based Buffer Overflow, Command Injection, Code Injection 2.

Access to hacked corporate networks still strong but sales fall (BleepingComputer) Statistics collected by cyber-intelligence firm KELA during this year's second quarter show that marketplaces selling initial access to corporate networks have taken a blow.

Ransomware Victims and Network Access Sales in Q2 2022 (KELA) Ransomware groups continue to evolve and threaten organizations and companies around the world. While some gangs reduced their activity in Q2 2022 or shut down, new actors like Black Basta emerged and continued extorting money from businesses. Similarly to the ransomware attackers, there are actors mimicking their methods, such as stealing data and managing data leak sites, but not using actual encrypting software in their attacks.

Link:
Zeppelin ransomware. The DoNot Team. $10 million reward for Conti tips. Cyber partisans. CISA issues 28 ICS advisories. - The CyberWire

Cybercrime, both real, and the threat of it, may have taken a back seat to the financial impacts of COVID since 2020 and the rising costs of jet fuel, but it remains a clear and present danger that cannot be ignored. In this article we look at recent examples of serious cyber-attacks on the aviation industry and consider what these can tell us about current trends in cybercrime, as well as what steps those involved in the industry need to take now to combat the threat in the future.

For those who may have missed it, Eurocontrol published a report in July 2021 with the headline grabbing title "Airlines under attack: Faced with a rising tide of cybercrime, is our industry resilient enough to cope?". The report explained that the aviation industry can ill afford the additional costs caused by a rising tide of cyber-attacks and outlines the increasing exposure of the European aviation industry to rising levels of risk, as criminals, hackers, and state sponsored cyber-attackers all look to exploit vulnerabilities, cause chaos and fill their pockets at the expense of the aviation sector and innocent passengers.

The report was not simply scaremongering, designed to get airlines and other stakeholders in the aviation industry to increase their cyber threat detection and mitigation and prevention measures, but was based on hard Eurocontrol data from the agency's EATM-CERT (European Air Traffic Management Computer Emergency Response Team) service. This data showed that cyber-attacks are up in all threat categories, with a 530% year-on-year rise from 2019 to 2020 in reported incidents across the aviation industry, and with airlines targeted in 61% of all 2020 aviation cyber-attacks.

Scary stuff indeed, but the report goes on to highlight the following:

Drilling into a little of the detail from these three findings, the report highlighted the following datapoints:

The report concludes that while European aviation has become more cyber-secure, cybercrime and cyber warfare are the latest and newest battleground for the aviation industry, and airlines in particular, and that the stakeholders in the aviation industry cannot afford to lower their defences in the wake of the unprecedented damage caused to the industry by the Covid-19 pandemic.

To put in context the hard data referred to in the recent Eurocontrol report referred to above, it is worth looking at some of the biggest and most recent cyber-attacks, the significant impacts they had on their targets and the steps that certain industry stakeholders are taking to protect themselves in response:

Date

Airline/Organisation

Details of the event

25 May 2022

SpiceJet

Following a massive ransomware attack on SpiceJet, hundreds of passengers were stranded at airports across India, particularly those airports where restrictions on night operations were in place. SpiceJet has not revealed which systems were targeted or what it did to overcome the attacks, but it is clear that whatever SpiceJet did was effective as services were resumed within hours of the attack beginning, rather than in days as was the case with the ransomware attack on Colonial Pipeline in 2021.

April 2022

SunWing Airlines Inc.

Canadian low-cost airline Sunwing Airlines faced four days of extensive flight delays after the third-party software system it used for check-in and boarding was breached by hackers. The attack forced Sunwing to resort to manually checking in passengers in an effort to minimise disruption to its schedule and caused the Canadian authorities to suspend operations temporarily to ensure that the breach was remedied before flights could resume.

March 2022

Russian CAA

In what appears to have been a retaliatory strike in response to Russia's invasion of Ukraine, an unidentified group (presumed to be the Anonymous Hacking Group) carried out an extremely effective attack on the Russian Federal Air Transport Agency. As part of the attack, all aircraft registration data and emails, totalling approximately a massive 65 terabytes of data, were deleted from the Agency's servers. The attack was so successful that until back-up copies of the electronic data could be found the Agency was forced to resort to using pen and paper and to sending information in hard copy through the post.

March 2021

SITA

SITA, an airline technology and communication provider that operates passenger processing systems for airlines, was the victim of a cyber-attack involving passenger data. SITA serves 90% of the world's airlines and disclosed that among the airlines affected were various major airlines including Air India, Finnair, Japan Airlines, Jeju Air, Lufthansa, Malaysia Airlines, Singapore Airlines and Cathay Pacific.

Singapore Airlines reported that 580,000 of its frequent flyer members were compromised in the attack and Air India estimated that personal data relating to 4.5 million of its passengers was stolen.

2020

VT San Antonio Aerospace

Demonstrating the importance of maintaining security throughout the entirety of the supply chain, VT San Antonio Aerospace fell victim to a sophisticated attack by the Maze Ransomware Group when the criminal group gained access to and encrypted the San Antonio network. The system in question was reportedly recovered within three days but by that time a vast amount of data (1 terabyte) had already been stolen.

January 2020

easyJet

easyJet was the victim of a cyber-attack in which hackers obtained the credit-card information of 2,208 customers. The carrier did not notify passengers of the attack until 4 months after the incident, in May 2020 and as a result they are now facing a class-action suit from 10,000 passengers, seeking around 18 billion in damages.

February 2019

Ben Gurion Airport

In an example of the immense pressures that aviation industry stakeholders can come under when defending themselves from cyber-attacks, a spokesperson for Ben Gurion Airport revealed that they were blocking three million attempts per day by bots to breach their systems.

To deal with these attacks Ben Gurion Airport has established a Security Operation Centre to coordinate defences; it is believed that the Airport is one of the first in the world to do so.

December 2019

Albany International Airport

A criminal gang succeeded in gaining access to Albany International Airport's database, which was then encrypted and ransomed back to the airport by the gang for a five-figure sum that was paid in Bitcoin. Fortunately, the attack did not affect operations at the airport and it is understood that the ransom was reimbursed by the Airport's insurer, thus demonstrating the necessity of having robust procedures and comprehensive insurance in place to deal with attacks like these.

August 2019

Air New Zealand

Personal data of over 120,000 customers was compromised following a successful phishing attack on two members of staff. The attackers used the information gained through phishing to access Air New Zealand's frequent flyer programme, from where they were then able to obtain extensive personal data relating to passengers on the programme. Fortunately, no passport or credit-card information were stolen on this occasion.

August 2018

British Airways

British Airways' system was infected with a malicious code, resulting in the theft of personal data relating to 429,612 customers and members of staff from its servers. The information extracted included names, addresses and credit-card information relating to 244,000 customers.

A subsequent investigation by the Information Commissioner's Office (the "ICO") found that the airline lacked adequate security measures to protect the personal data under its control. As a result, British Airways received a record-breaking fine of 20 million for its failure to protect its customers.

August 2018

Air Canada

Air Canada's mobile application software was hacked, resulting in the potential leak of highly sensitive personal data relating to its customers' passport information.

2018

Cathay Pacific

A cyber-attack led to 9.4 million accounts being breached and the theft from within the compromised accounts of extensive personal data regarding the airline's customers. An investigation by the ICO revealed that Cathay Pacific's system lacked any password protection for backup files and that the OS was out of date. After the attack, Cathay Pacific introduced multi-factor authentication to prevent future attacks. As a result of this failure the ICO issued Cathay Pacific with a fine for 500,000.

September 2017

Delta Airlines

Delta and Sears Department Store were both involved in an extensive data breach in April 2018 when an online support service used by both organisations suffered from an extensive malware attack.

The attack lasted from September to October 2017, but Delta and Sears only became aware of the attack in the following year. As a result of the attack the credit-card information belonging to approximately 100,000 customers was lost.

September 2018

Bristol Airport

In a dramatic ransomware attack, the electronic flight information at the airport was disabled and the screens showing all flight information were taken offline in order to contain the threat. Bristol Airport did not pay the ransom to the perpetrators of the attack and instead used whiteboards that were updated manually to keep passengers informed of flight details until the attack was thwarted.

November 2015

Sweden air traffic control

Sections of Sweden's air traffic control capabilities were blocked for five days following a successful attack by "Fancy Bear", otherwise known as APT28, a Russian cyber espionage organisation that is believed by some industry analysts to be associated with GRU, the Russian military intelligence agency. Sweden initially blamed a solar flare for the outage, but has since confirmed that the event, which caused huge disruption to air traffic travelling to, from and across Sweden, was a result of a malicious attack.

As can be seen from these examples, many of the largest cyber incidents in the past 7 years have related to the theft of highly sensitive personal data relating to passengers, including credit card details, passport information and passenger name record ("PNR") data. At present this type of attack, along with the theft of valuable intellectual property from manufacturers, are perhaps the more pressing threats facing the industry. However, as we explore in more detail below, the increasing dependence of the aviation industry on complex and inter-related information technology systems means that there are now more opportunities for cyber-attacks to target aircraft and airports directly than there have been ever before.

Complex information technology solutions are found all across the industry supply chain, from integration into new aircraft, including WiFi connections and on-board infotainment systems for passengers, to software used in airports and by airlines to manage, among other things, security checks and booking information respectively. These solutions are particularly vulnerable to attack in circumstances where organisations have attempted to integrate them with dated legacy IT systems that were not designed to deal with the sophistication of cyber-attacks seen today. More and more aviation stakeholders are also now beginning to include greater levels of automation within their systems, and this creates an entirely new area of potential vulnerability. Overall, the growth in the use of complex IT solutions by the aviation industry, fuelled by a rapid return to global travel following the Covid-19 pandemic travel restrictions and lockdowns, serves to increase the size of "attack surfaces" (meaning the sum of the different points where unauthorised users can seek to obtain or enter data) available to would-be cyber criminals.

The pandemic itself gave rise to a plethora of new opportunities for attacks, with criminals seeking to exploit the confusing international situation to the fullest extent possible and to make the most of the vulnerabilities in new systems that airlines around the world were rushing to implement to deal with the situation. In particular the pandemic saw an explosion in false websites purporting to sell Covid-19 testing kits and certificates, and widespread use of sophisticated phishing attacks by attackers posing as airlines offering refunds for cancelled flights. Some airlines also experienced waves of thousands of fraudulent chargeback requests by attackers and found that their websites came under sustained attack from entities seeking to steal unredeemed vouchers and points from loyalty programmes.

This growth in opportunities for attack has led some in the industry to speculate that would-be cyber criminals may turn their attention towards the systems used to operate, navigate and communicate with aircraft while they are in flight. In particular, the increasing adoption of WiFi technology onboard aircraft during flight and the growing practice of airports allowing passengers and employees alike to use "Bring Your Own Device" systems while in the airport, both serve to dramatically increase the size of the "attack surface" available to cyber criminals looking to directly target aircraft and airport systems. At their most dramatic, such attacks could include Distributed Denial of Service ("DDoS") attacks (where attackers overwhelm servers with internet traffic in order to prevent other users from using connected services) on security screening or air traffic control systems, preventing airports from using them, or attempts to use passenger interfaces to access avionics and navigation systems onboard aircraft in mid-flight. Although there is no known example of such an attack succeeding to date, if such an attack were to succeed it could have potentially catastrophic consequences.

A major potential "attack surface" open to would-be cyber criminals is the Automatic Dependent Surveillance-Broadcast (also known as ADS-B) system, which is used by aircraft to automatically transmit and receive positional and identification data (and which is also used to supplement the information used by popular online flight tracking services like Flightradar24). The ADS-B system plays a vital role in facilitating ATC operations and the safe operation of aircraft and its security is therefore of paramount importance. However, much of the data transmitted using ADS-B is done so in an unencrypted format and is therefore particularly vulnerable to eavesdropping, interception and, potentially, to jamming and alteration by third parties. To combat this threat industry experts have proposed measures including encryption of ADS-B data and random blurring of aircraft data in such a way that only those that need it (i.e., ATC and aircraft operators) can obtain sufficient information from the data while third parties cannot.

As the Department for Transport ("DfT") has recognised in its Aviation Cyber Security Strategy, responsibility for combatting cybercrime in the aviation industry effectively lies with three groups: governments, regulators and participants in the aviation industry themselves, at all stages in the supply chain. Given the uniquely international and symbiotic nature of the aviation industry it is obvious that any attempt to combat cybercrime cannot succeed unless each of these three groups work together to formulate a cohesive plan. In this section we explore in more detail some of the more important steps that governments, regulators and industry stakeholders are taking together to deal with the issue.

The International Civil Aviation Organisation ("ICAO"), the specialised agency of the UN responsible for aviation, published its Aviation Cybersecurity Strategy in October 2019 (the "Strategy Report"). In its Strategy Report, ICAO acknowledged the continuous and evolving threat of cyber-attacks with "malicious intents, disruptions of business continuity and the theft of information" while recognising the reliance of the aviation sector on the "availability of information and communications technology systems as well as on the integrity and confidentiality of data."

Some of the key proposals in the Strategy Report included:

Prior to the Strategy Report, in August 2017 ICAO formed the Secretariat Study Group on Cybersecurity (the "SSGC") in order to implement a resolution of ICAO to take certain steps to counter cyber threats to industry stakeholders. The SSGC comprises four sub- and working-groups, namely: a legal research group, a working group for airlines and aerodromes, a working group for air navigation systems, and a working group for cybersecurity for flight safety. These groupings demonstrate the different levels that need to be considered in order to formulate a unified and cohesive approach to cybersecurity in the industry. Among other things the SSGC is responsible for reviewing the Annexes to the Chicago Convention 1944, consolidating existing Standards and Recommended Practices ("SARPs") and reviewing proposals for amendments to ICAO provisions. At present the SSGC is revising the ICAO Cybersecurity Action Plan, which was put into place some time ago in 2014.

Due to its borderless nature, it is important that individual states work together to legislate and regulate for cybersecurity in a connected way. Cybersecurity and data protection in the EU are legislated for at Union level, with each Member State responsible for implementing relevant legislation and appointing national enforcement bodies to apply it. Following Brexit, responsibility for overseeing cybersecurity and data protection in the aviation industry in the UK is vested in four bodies: the National Cyber Security Centre, which is the UK's technical authority for cybersecurity, the UK Civil Aviation Authority (the "UKCAA") and the DfT who both enforce relevant legislation and provide support to the industry, and the ICO, which focuses on data protection and enforcement of the General Data Protection Regulation ("GDPR").

The UKCAA and the DfT are both competent authorities responsible for the enforcement of the Network and Information Systems Regulations 2018 (the "NIS Regulations"). The NIS Regulations implement the EU's NIS Directive 2016/1148 as retained after the end of the Brexit implementation period in December 2020 and which allow the UK to maintain a minimum level of harmonisation with the EU.

The EU's NIS Directive 2016/1148, as implemented by the NIS Regulations, has three main purposes:

In addition to the NIS Regulations, two other important pieces of legislation that apply to aviation organisations, and which the UKCAA is able to enforce, are the EASA Basic Regulation (which applies by virtue of the fact that it was in place in the UK prior to Brexit) and the EASA Standards and Recommended Practices ("SARPS") taken from the annexes to the Chicago Convention 1944, and the various UK Air Navigation Orders.

In an effort to meet UK, European and International aviation standards for cybersecurity, the UKCAA has also developed the UKCAA Cyber Security Oversight Team (the "UKCAA Oversight Team") to manage cybersecurity risk and support the industry's efforts to improve safety and security. It has also published CAP 1753, the cybersecurity oversight process for aviation, which sets out the UKCAA's expectations along with examples of good practice for complying with the EASA Basic Regulation, the NIS Regulations and the ICAO SARPs.

The International Air Transport Association ("IATA") is the largest trade body representing airlines in the world. It is therefore a powerful voice for advocating for the aviation industry's interests. Similar to ICAO, IATA also emphasises the importance of a common approach to cybersecurity because it would improve the flow of information and cooperation within the network.

To assist the industry, IATA has said that it is developing an industry-wide Aviation Cyber Security Strategy to coordinate and ensure the necessary level of holistic protection in the industry. As part of this it has established the Cyber Management Working Group (the "CMWG"), which is intended to provide guidance to industry members and analyse industry needs as they develop. IATA has also founded a more informal group known as the Aircraft Systems Cyber Security Steering Group, whose role is to provide a space for the industry to share information in relation to flight safety systems. Highlighting the importance of co-operation within the industry, IATA has also worked with the International Coordinating Council of Aerospace Industries Associations (of which most national aviation associations are members), which have worked together to create an international group to allow airlines to share concerns with original equipment manufacturers ("OEMs") and design approval holders (i.e., organisations responsible for aircraft design types).

At a more immediate level, when it comes to airlines improving their cybersecurity, Manon Gaudet, the Assistant Director of Aviation Cybersecurity at IATA, recommends bringing in an expert because "there are lots of different attacks and lots of different ways an attack could impact an airline. You have to work through all the different scenarios especially those that could have an impact on safety." This reflects a wider concern across the industry that at present most aviation organisations do not have access to sufficient numbers of properly trained and experienced cybersecurity professionals.

The aviation industry has been quick to adopt developments in cyber technology to allow them to deliver improved efficiencies and better passenger experiences for their customers. For the most part this has been achieved safely, but that safety cannot be taken for granted.

With each new opportunity for improving the customer experience or increasing the efficiency of aircraft operations comes the opportunity for cyber criminals to exploit that new or upgraded technology for personal, or sometimes political, gain. The frequency of cyber-attacks is clearly rising, as is the level of sophistication of the attackers, and without a cohesive and unified approach to the problem it seems chillingly inevitable that at some point a cyber-attack, that cannot be contained relatively quickly, with devastating and possibly fatal consequences on the industry, will succeed.

Link:
Aviation is facing a rising wave of cyber-attacks in the wake of COVID - Stephenson Harwood

When it was banned in 1988 in several countries, The Satanic Verses by Salman Rushdie faced government censorship. Today, cancel culture is empowered in every hand that holds a cell phone. Also, today, the entire text of Satanic Verses is available on various websites, openly accessible for anyone to read.

Be it obscenity, religious blasphemy, offensive portrayals of personalities, businesses or organisations, or national security, finding a reason for banning of books has never been difficult. Even the Bible has been censored in various instances.

Rushdie himself questioned the relevance of bans on books in an age when they could be easily downloaded anywhere. Also, with a host of platforms enabling self-publishing, beside blogs, personal websites or even social media for that matter, attempts to muffle any voice seem rather ironical. Despite this, a simple internet search reveals a list of over 40 books banned nationwide in India alone. Withdrawals and sanitisation of books is another matter altogether.

Also Read| CyberOne: Xiaomi unveils humanoid robot capable of sensing human emotions

Take Wendy Donigers The Hindus: An Alternative History, all copies of which were recalled and destroyed in 2014. The Red Sari by Javier Moro, thought to be based on Sonia Gandhis life, was published five years late in 2015.

The Polyester Prince by Hamish McDonald did not even go to print as the publisher, HarperCollins, feared legal action from the Ambani family. The stories of banned writers Taslima Nasreen, Perumal Murugan and Tehmina Durrani in more recent times, and the likes of Saadat Hasan Manto and Ismat Chugtai are well known, if one recounts writers from the subcontinent alone.

So what makes a book more liable to be questioned? As Meru Gokhale, publisher, Penguin Press, Penguin Random House India, points out, While it is correct that content can now be posted online on any platform, a book from a mainstream publisher will have a permanence that a social media post likely does not, so books generally face a higher level of scrutiny.

Geetanjali Shrees book Ret Samadhi was published in 2018, but it was in 2022, after it won the International Booker, that someone found objectionable content in it, forcing cancellation of an event in Agra where she was to speak. Subsequently, a tweet in her support asked: What next for her?

After the shocking attack on Rushdie, Congress leader and author Shashi Tharoor tweeted: A sad day, worse if creative expression can no longer be free & open. Controversial writer Taslima Nasreens tweet said: If he is attacked, anyone who is critical of Islam can be attacked. I am worried.

It was fearing such attacks that Malayalam novelist S Hareesh had withdrawn his novel Meesha (Moustache) in 2018 after receiving threats to his life, saying he was too weak to take on the powerful. Author Perumal Murugan had reacted by saying that he didnt think protests and retaliations were a result of writers crossing their line, but targeting authors was politically motivated instead. Murugan had himself given up writing after being targeted for his Tamil novel Mathorubhagan.

On their part, publishers are playing it safe too. As Gokhale of Penguin India says, There is a balance we are always seeking to strike, we are mindful of the laws of a particular country, while at the same time respecting the rights of freedom of expression of our authors.

This signals a trend. As author and TMC MLA Manoranjan Byapari told FE in a recent interview: At one time, artists undertook an important job to wake up the people. Now they are all silent. It is a matter of grave concern. Clearly, while much has changed in the 34 years since Rushdie wrote The Satanic Verses, the attack on him shows that things remain the same when it comes to taking offence over written words.

See original here:
Intolerance vs free speech: Dichotomy of the internet age - The Financial Express