This week, we take a look at SQLi vulnerabilities within TSA software, researchers being sued by forwarding breach data to media outlets, and a staggering 200+ victims of RansomHub's Ransomware-as-a-Service.
SQL Injection Vulnerability in TSA Security System
Link: Bleeping Computer
Researchers discovered a critical SQL injection vulnerability in the FlyCASS system, used by some airlines to manage the TSA's Known Crewmember (KCM) and Cockpit Access Security System (CASS). This flaw could allow attackers to bypass airport security checks and gain unauthorized access to aircraft cockpits. The vulnerability was reported to the Department of Homeland Security, leading to the disconnection of FlyCASS from the KCM/CASS system as a precaution. Despite the severity of the issue, the TSA downplayed its impact, stating that "other vetting processes would prevent unauthorized access". This comment was removed after security researchers showed additional information countering these claims.
Researcher Sued for Sharing Ransomware Data
Link: Bleeping Computer
A security researcher faces a lawsuit for allegedly sharing data that had been stolen during a ransomware attack with the media. The lawsuit underscores the legal and ethical challenges that can arise when researchers handle sensitive data obtained through illicit means, even when the intent is to expose vulnerabilities or inform the public. This case raises questions about the severity of the data initially claimed by the Mayor to be inconsequential.
FBI Report on RansomHub Ransomware
Link: Bleeping Computer
The FBI reports that the RansomHub ransomware group has breached 210 victims since February 2024. RansomHub has targeted a wide range of industries, leveraging the threat of exposing stolen data to extort ransom payments. The group's activity is underlined by the group's transition from exporting data to selling to the highest bidder should negotiations fall through.
