Events

Airport Security – On a Different Angle Though …

Airport kiosks have achieved a wide distribution nowadays. They offer the convenience of having access to all sorts of travel related information, IP-telephony as well as to the Internet while on the road. Which is a good thing!

However, when I travelled back from BlackHat and DefCon 19 and checked in at the Mc Carran airport in Las Vegas, one of these machines caught my eye. It showed a website I know pretty well – Facebook! But it wasn’t the Login screen – as it should be – but the profile page of a member. Someone had forgotten to logout of his or her account. Anyone in this airport would now have full access to all data and – of course – be able to write status messages on the profile page of the account owner and all people in the friendlist – which could harm this person‘s reputation. Which is a bad thing!

But even worse: you never know if these machines have been compromised. Malware might spy on personal information, login credentials or other sensitive data. IT vs car comparisons do not always hit the nail on the head, but I’ll give it a try. Airport kiosks (as well as all other kiosk machines) are like rental cars. Some people use it in a reckless manner because it’s not their property – in terms of cars it means aggressive driving, in terms of computers it’s abandoning security awareness. And you don’t even know if a security solution is installed on the system.

It’s okay to use such systems in the way they’re actually meant: checking travel information or reading news, but never use them in way that means you’d need to disclose sensitive information. If you need to check your e-mails, Facebook and the like, use your own device. Airports usually offer hotspots you can use (in the case of Mc Carran it’s even free!). If you need more information on secure browsing while on the road, you might want to read the article “Summertime is wireless time“ here on Securelist.

Have a pleasant, safe and secure journey!

Airport Security – On a Different Angle Though …

Your email address will not be published. Required fields are marked *

 

Reports

APT trends report Q2 2021

This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc.

LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

WildPressure targets the macOS platform

We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.

Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Subscribe to our weekly e-mails

The hottest research right in your inbox