In this issue
Focus on Terrorism: Mozambican Militants.
Focus on Practice: Hacking Vulnerabilities for Passengers.
*New Posts AVSEC Hiring Zone
|
|
Afghanistan
September 14 – Opium disguised as raisins seized at Kabul Airport. Source.
Argentina
September 16 – A man was arrested for a bomb threat on an Aerolineas Argentinas plane. Source.
Bangladesh
September 19 – US dissatisfied over Dhaka International Airport security. Source.
Brazil
September 15 – ANAC publishes new PNAVSEC incorporating ICAO recommendations. Source.
September 16 – GOL agrees to pay SEC millions to settle bribery charges. Source.
Canada
September 14 – Nunavik man charged, accused of making plane bomb threat. Source.
September 18 – Man arrested after plane forced to make emergency landing in Happy Valley-Goose Bay. Source.
Cyprus
September 19 – Suspected passport fraud arrest after Europol tip off. Source.
Dominican Republic
September 16 – Airport association assures security camera make criminal actions ‘extremely difficult’. Source.
Germany
September 14 – Passenger harassed flight attendant with penis picture. Source.
Ghana
September 14 – Airport security officer interdicted for embarrassing the National Security Minister. Source.
Global
September 15 – Star alliance wants half its airline members to use biometrics by 2025. Source.
September 20 – AI in airport: not everything that shines is gold. Source.
India
September 16 – Gold seized at Kochi International Airport. Source.
September 17 – SpiceJet employee held with gold at Amritsar International Airport. Source.
September 19 – High-profile fake visa racket busted by IGI Airport police. Source.
Iraq
September 13 – Changing the security provider for Baghdad International Airport angers airlines. Source.
Kuwait
September 15 – Lyrica powder and drugs caught at the airport. Source.
Malta
September 14 – Forged travel documents lands man in prison. Source.
New Zealand
September 16 - Accidental security breach has sparked an evacuation at Dunedin International Airport. Source.
Nigeria
September 13 – Can an airline refuse to board a drunk passenger? Source.
September 18 – NDLEA arrests ex-convict with cocaine at Lagos International Airport. Source.
Pakistan
September 16 – Gang arrested for sending Afghans abroad on fake Pakistani passports. Source.
September 19 – Passenger deported for punching window on Dubai-bound flight. Source.
Saudi Arabia
September 16 – Saudi Arabia to deploy AI security screening system at Airports. Source.
Syria
September 17 – Israel attacks Damascus airport, five soldiers killed. Source.
Taiwan
September 13 – Taiwan should be allowed to participate in ICAO. Source.
Thailand
September 18 – Tourist arrested at airport without Covid test. Source.
United Kingdom
September 17 – Drunk passenger removed from Ryanair flight at Manchester International Airport. Source.
United States
September 13 – Behind the scenes of checked bag security at Omaha Airport. Source.
September 13 – Woman sentenced to four months in orison after argument causes flight to divert to Phoenix. Source.
September 13 – Meth-soaked rug smuggled via Atlanta airport leads to prison. Source.
September 13 – TSA announces new members of the Aviation Security Advisory Committee. Source.
September 13 – Mseven individuals charged for smuggling cocaine through Luis Munoz Marin International Airport. Source.
September 14 - Deaf man goes viral after TSA pat down. Source.
September 14 – TSA catches woman with loaded gun at Raonoke-Blacksburg Regional Airport checkpoint. Source.
September 14 – Look like dynamite? Lab test pending on device in Newark Airport scare. Source.
September 14 – Coordination, action, and awareness needed to thwart transportation insider threat. Source.
September 14 – House passes legislation to use drone technology to inspect critical infrastructure. Source.
September 14 – Four international airports added to TSA PreCheck program. Source.
September 15 – TSA catches second loaded gun in two days at ROA airport. Source.
September 15 – Man fondled children at Denver Internaitonal Airport. Source.
September 15 – New state of the art scanner technology now at Manchester-Boston Regional Airport. Source.
September 15 – How America’s airports defend against cyberthreats. Source.
September 16 – Deputies detain two after bogus bomb threat at FLL. Source.
September 16 – The checkpoint of the future. Source.
September 16 – David Pekoske confirmed for the second term as TSA administrator. Source.
September 16 – TSA provides clarifications to the industry on draft solicitation for FAST Re-compete. Source.
September 17 – Is the TSA security theater or essential to national security. Source.
September 17 – TSA Tackling staff shortages. Source.
September 17 – Woman kicked off plane after defending men who reported bomb threat at FLL. Source.
September 18 – The security line at Sea-Tac Airport reaches 2.5 hours long. Source.
September 19 – American Airlines confirms customer, employee data breach after phishing scam. Source.
September 19 - Man caught with loaded gun at Norfolk International Airport. Source.
September 19 – AAAE and TSA offer airport virtual training course in effort to mitigate the insider threat. Source.
September 19 – Georgia man stopped with loaded gun at Westchester County Airport. Source.
September 20 – Airport police seeking to hire at Los Angeles International Airport. Source.
|
|
Key:
CM-Cargo and Mail, CS-Cyber Security, DS-Document Security, IM-Inflight Measures, IS-Illicit Smuggling, LP-Landside Protection, OC-Other Crime, PM-Preventive Measures, UA-Unmanned Aircraft, UP-Unruly Passengers, SG-Sabotage on Ground
|
|
Mozambican Militants Launch New Offensive |
|
On September 2, Portugal’s Prime Minister, António Costa, completed a two-day official visit to Mozambique, where the main focus of his meetings with his Mozambican counterpart, Filipe Nyusi, was economics. During the visit, Costa also offered Portugal’s support to Mozambique’s counter-terrorism struggle against Islamic State (IS)- militants plaguing the country’s north. Nevertheless, Costa highlighted that Mozambique’s disarmament, demobilization, and rehabilitation of the repentant or surrendered jihadists had been making significant progress.
The optimism underlying the bilateral meetings was seemingly countered by the recent success of the militants, who began launching a new offensive in August. Whereas previous offensives since 2018 have generally seen the jihadists push north, this one has seen them, in contrast, move further south to Ancuabe, Chiure and Mecufi districts. Typical of previous jihadist offensives, the fighting is causing numerous civilians to be displaced, including nearly one-million during this offensive.
IS also has taken note of the Mozambican jihadists success as well as the simultaneous attacks by their fellow Congolese jihadists, who until this year were all part of IS’s “Central Africa Province.” It was only this year that IS decided to detach the Mozambican jihadists from the rest of the province, while establishing a separate “Mozambique Province.” The Mozambican jihad has nevertheless been designated as a distinct terrorist organization by the U.S State Department since August 2021.
Most recently, on August 19, IS released videos from both the Congo and Mozambique, with the jihadists in each country calling for attacking Christians. Indeed, one of the main similarities—and certainly challenges—for IS fighters in both Congo and Mozambique is that they must recruit Muslims in predominantly Christian nations. Therefore, they need to frame their narratives in terms of embattled Muslims seeking to implement sharia law in the face of “infidel” laws surrounding them. At the same time, they must recruit hyper-locally within Muslim villages based on narratives opposing the un-Islamic governments under which they live and promoting the broader narratives of establishing an Islamic state and eventually the establishment of a global caliphate.
One of the key factors determining whether Mozambique can turn the tide of the recent jihadist offensive is the contribution of Rwandan troops to the country’s counter-terrorism effort. There is no sign Rwanda is relenting in its mission in Mozambique, which is fortunate for the Mozambicans. On August 16, for example, Paul Kagame, who is not only the President but also the Rwanda Defence Forces (RDF) Commander-in-Chief, promoted Major General Eugene Nkubito to lead the RDFs battle against the Mozambican jihadists.
On the economic front, what Mozambique needs is to restart the Total Gas facility that was crucial to the country’s GDP. It was shut down in April 2021 during the last major offensive by the Mozambican jihadists, which prompted international attention to be directed towards ensuring Mozambican security and the ensuing Rwanda-led intervention. If, as the Mozambican government expects, the facility can reopen in 2023, the jihadists will need to be held at bay while the economy has a chance to recover its pre-war trajectory.
From The Jamestown Foundation
|
|
Passengers Exposed to Hacking via Vulnerabilities in Airplane Wi-Fi Devices |
|
Researchers have discovered two potentially serious vulnerabilities in wireless LAN devices that they say are often used in airplanes.
Researchers Thomas Knudsen and Samy Younsi of Necrum Security Labs identified the vulnerabilities in the Flexlan FX3000 and FX2000 series wireless LAN devices made by Contec, a Japan-based company that specializes in embedded computing, industrial automation, and IoT communication technology.
One of the security holes, CVE-2022-36158, is related to a hidden webpage that can be used to execute Linux commands on the device with root privileges. The device’s web-based management interface does not provide a link to this hidden page.
Flexlan wireless LAN device vulnerabilities could allow airplane hacking “From here we had access to all the system files but also be able to open the telnet port and have full access on the device,” the researchers explained in a blog post.
The second vulnerability, CVE-2022-36159, is related to a backdoor account and the use of a weak hardcoded password. The researchers found a root user account with a default hardcoded password that is likely designed for maintenance purposes. The password is stored as a hash, but it was quickly cracked by the experts. An attacker can use this account to gain control of the device.
Contec says its Flexlan wireless LAN devices are ideal for use in distribution systems, factories, offices and with embedded devices. However, the researchers say they are often used in airplanes for Wi-Fi access points that passengers can use to connect to the internet and in-flight services.
Aircraft manufacturers and in-flight entertainment system vendors have always maintained that hacker attacks on passenger-accessible systems do not pose a risk to flight controls and safety due to isolation of the systems.
However, malicious actors could still find these types of vulnerabilities useful, as shown by researchers in the past. Younsi told SecurityWeek that the flaws they have found could be exploited by a passenger, as the vulnerable interface is accessible. The attacker could, for example, collect the data of other passengers or deliver malware to their devices.
“We can imagine a scenario where a malicious actor can spoof the HTTPS traffic by uploading his own certificate in the router to see all requests in clear text,” the researcher explained. “Another scenario would be to redirect the traffic to a malicious APK or iOS application to infect the mobile phone of each passenger.” In its own advisory, the vendor said “there are possibilities of data plagiarism, falsification, and system destruction with malicious programs if this vulnerability was exploited by malicious attackers.”
Contec explained that the vulnerabilities are related to a private webpage that developers can use to execute system commands, and this page is not linked to from settings pages available to users.
Firmware versions 1.16.00 for FX3000 series and 1.39.00 for FX2000 series devices address the vulnerabilities. The US Cybersecurity and Infrastructure Security Agency (CISA) did recently publish an advisory describing vulnerabilities in a Contec medical device, but it has not released an advisory for the Flexlan issues. Japan’s JPCERT/CC did release an advisory this month.
The affected devices are not used only in airplanes. Nihon Kohden, a Japanese manufacturer of medical electronic equipment, issued a statement recently to inform customers about these vulnerabilities, saying that it’s investigating the impact on its products and systems.
From SecurityWeek.com
|
|
|
|
Global Elite Group wins the ASTORS award for the fifth year in a row!
|
|
|
IF YOU SEE SOMETHING, SAY SOMETHINGTM
|
|
Please note that our Privacy Policy has changed. Our new Privacy Policy can be found here.
Should you wish to opt out of these emails, please click the "Safeunsubscribe" link at the bottom of this newsletter.
|
|
Disclaimer:
Reproduction, copying or redistribution for commercial purposes is strictly prohibited without the express written permission of Global Elite Group. This newsletter contains links to third-party websites. The linked sites are not under the control of Global Elite Group, and Global Elite Group is not responsible for the contents, advertising, products, or any other materials or links contained in those linked sites. Global Elite Group provides these links only as a convenience, and inclusion of a link does not imply endorsement of the linked site by Global Elite Group, its Business Partners or its affiliates. Information, documents, and links included in this newsletter are provided "as is" without any warranty. While Global Elite Group uses reasonable efforts to include accurate information, it does not make any representation as to its accuracy
|
|
|
|
|
|
|
