Update: Hawaiian Airlines cyberattack has marks of Scattered Spider, sources say
Multiple incident responders said a cyberattack on Hawaiian Airlines is likely the work of cybercriminal group Scattered Spider. The airline first reported the incident Thursday morning, assuring customers that although the attack took down some IT systems, it was still able to safely operate a full flight schedule and was “working toward an orderly restoration.” The Federal Aviation Administration told Reuters it was assisting the airline to ensure the safety of flights.
‘Suspended animation’: US government upheaval has frayed partnerships with critical infrastructure
The Trump administration’s chaotic overhaul of the federal government has seriously weakened the public-private partnerships that protect U.S. critical infrastructure from cyberattacks and physical disasters. Massive workforce cuts, widespread mission uncertainty and a persistent leadership void have interrupted federal agencies’ efforts to collaborate with the businesses and local utilities that run and protect healthcare facilities, water treatment plants, energy companies and telecommunications networks, according to interviews with 14 representatives of those four critical infrastructure sectors, four former senior government cybersecurity officials and multiple infrastructure security experts.
So you CAN turn an entire car into a video game controller
Cybersecurity nerds figured out a way to make those at-home racing simulators even more realistic by turning an actual car into a game controller. The UK’s Pen Test Partners (PTP) has an in-house car that’s used for various automotive security research. They thought that their 2016 Renault Clio, which they bought from a dealership down the road from PTP’s HQ, could be a “silly” way of showing aspiring security pros how to work with car data. Controller Area Network (CAN) data is sent between vehicles and other devices via electronic control units (ECUs) and is what’s used to signal different operations being engaged, like braking and accelerating.
Sinaloa cartel used phone data and surveillance cameras to find FBI informants, DOJ says
A hacker working for the Sinaloa drug cartel was able to obtain an FBI official’s phone records and use Mexico City’s surveillance cameras to help track and kill the agency’s informants in 2018, the U.S. Justice Department said in a report issued on Thursday. The incident was disclosed in a Justice Department Inspector General’s audit, opens new tab of the FBI’s efforts to mitigate the effects of “ubiquitous technical surveillance,” a term used to describe the global proliferation of cameras and the thriving trade in vast stores of communications, travel, and location data.
Canada Bans Chinese CCTV Vendor Hikvision Over National Security Concerns
Chinese video surveillance provider Hikvision will no longer be allowed to operate in Canada or sell its products to Canadian government agencies. Mélanie Joly, Canada’s Minister of Industry, said on June 28 that the federal government has ordered the Chinese CCTV vendor’s local subsidiary, Hikvision Canada Inc., to cease operations in the country and close its Canadian business. This decision follows a national security review under the Investment Canada Act, a federal law that governs foreign investments in Canadian businesses, conducted in collaboration with the country’s security and intelligence community.
Denmark moves to protect personal identity from deepfakes with new copyright law
Denmark plans to amend its copyright law to give individuals rights over their body, face, and voice, to combat AI-generated deepfakes. Believed to be the first law of its kind in Europe, the proposal has broad political support and will be submitted for consultation before summer, with a formal amendment expected in the autumn. “The Danish government is to clamp down on the creation and dissemination of AI-generated deepfakes by changing copyright law to ensure that everybody has the right to their own body, facial features and voice.” reported The Guardian. “The Danish government said on Thursday it would strengthen protection against digital imitations of people’s identities with what it believes to be the first law of its kind in Europe.”