Select Page
Ransomware Attack Takes Down Bristol Airport’s Flight Display Screens

Ransomware Attack Takes Down Bristol Airport’s Flight Display Screens

Bristol Airport has blamed a ransomware attack for causing a blackout of flight information screens for two days over the weekend.

The airport said that the attack started Friday morning, taking out several computers over the airport network, including its in-house display screens which provide details about the arrival and departure information of flights.

The attack forced the airport officials to take down its systems and use whiteboards and paper posters to announce check-in and arrival information for flights going through the airport and luggage pickup points for all Friday, Saturday, and the subsequent night.

“We are currently experiencing technical problems with our flight information screens,” a post on the Bristol Airport’s official Twitter feed read on Friday.

“Flights are unaffected and details of check-in desks, boarding gates, and arrival/departure times will be made over the public address system. Additional staff are on hand to assist passengers.”

The airport also urged passengers to arrive early and “allow extra time for check-in and boarding processes,” though this two days technical meltdown caused delays in baggage handling, with customers needed to wait longer than one hour for their bags.

However, no flight delays were reportedly caused due to the cyber attack.

images from Hacker News

Watch Out! This New Web Exploit Can Crash and Restart Your iPhone

Watch Out! This New Web Exploit Can Crash and Restart Your iPhone

It’s 2018, and just a few lines of code can crash and restart any iPhone or iPad and can cause a Mac computer to freeze.

Sabri Haddouche, a security researcher at encrypted instant messaging app Wire, revealed a proof-of-concept (PoC) web page containing an exploit that uses only a few lines of specially crafted CSS & HTML code.

Beyond just a simple crash, the web page, if visited, causes a full device kernel panic and an entire system reboot.

The Haddouche’s PoC exploits a weakness in Apple’s web rendering engine WebKit, which is used by all apps and web browsers running on the Apple’s operating system.

Since the Webkit issue failed to properly load multiple elements such as “div” tags inside a backdrop filter property in CSS, Haddouche created a web page that uses up all of the device’s resources, causing shut down and restart of the device due to kernel panic.

You can also watch the video demonstration published by the researcher, which shows the iPhone crash attack in action.

images from Hacker News

Linus Torvalds Apologises For His Rude Behaviour—Takes Time Off

Linus Torvalds Apologises For His Rude Behaviour—Takes Time Off

What just happened would definitely gonna surprise you.

Linus Torvalds—father of the Linux open-source operating system—finally admitted his behaviour towards other developers in the Linux community was hurting people and Linux.

In a surprising move this weekend, Torvalds apologised for insulting and abusing other developers for almost three decades and took a break from the open-source software to work on his behaviour.

In an email to the Linux Kernel Mailing List (LKML) on Sunday, Torvalds said that he was confronted by people of the Linux community this week about his lifetime of not understanding emotions, and apologised for his personal behaviour that has hurt people and possibly has driven some of them away from working in kernel development altogether.

Torvalds wrote, “I need to change some of my behaviour, and I want to apologise to the people that my personal behaviour hurt and possibly drove away from kernel development entirely.”

images from Hacker News

Powerful Android and iOS Spyware Found Deployed in 45 Countries

Powerful Android and iOS Spyware Found Deployed in 45 Countries

One of the world’s most dangerous Android and iPhone spyware program has been found deployed against targets across 45 countries around the world over the last two years, a new report from Citizen Lab revealed.

The infamous spyware, dubbed Pegasus, is developed by NSO Group—an Israeli company which is mostly known for selling high-tech surveillance tools capable of remotely cracking into iPhones and Android devices to intelligence agencies around the world.

Pegasus is NSO Group’s most powerful creation that has been designed to hack iPhone, Android, and other mobile devices remotely, allowing an attacker to access an incredible amount of data on a target victim, including text messages, calendar entries, emails, WhatsApp messages, user’s location, microphone, and camera—all without the victim’s knowledge.

Pegasus has previously been used to target human rights activists and journalists, from Mexico to the United Arab Emirates.

Just last month, The Hacker News reported that this nasty spyware was used against one of the staffers of Amnesty International—one of the most prominent non-profit human rights organisations in the world—earlier this year, alongside another human rights defender.

images from Hacker News

Western Digital’s My Cloud NAS Devices Turn Out to Be Easily Hacked

Western Digital’s My Cloud NAS Devices Turn Out to Be Easily Hacked

Security researchers have discovered an authentication bypass vulnerability in Western Digital’s My Cloud NAS devices that potentially allows an unauthenticated attacker to gain admin-level control to the affected devices.

Western Digital’s My Cloud (WD My Cloud) is one of the most popular network-attached storage (NAS) devices which is being used by businesses and individuals to host their files, as well as backup and sync them with various cloud and web-based services.

The WD My Cloud devices let users not only share files in a home network but its private cloud feature also allows them to access their data from anywhere around the world at any time.

However, security researchers at Securify have discovered an authentication bypass vulnerability on the WD My Cloud NAS boxes that could allow unauthenticated attackers with network access to the device to escalate their privileges to admin-level without needing to provide a password.

This would eventually allow attackers to run commands that would typically require administrative privileges and gain complete control of the affected NAS device, including their ability to view, copy, delete and overwrite any files that are stored on the device.

images from Hacker News