ICYMI: Aviation risk; netgear patch delay; legal threats; android malware variants; SSL weakness

This week's In Case You Missed It (ICYMI): Aviation risk warning; netgear patch delay; vulnerability disclosure -legal threats; android SMS malware variants; SSL weakness exploited for phishing.

aircraft cockpit
aircraft cockpit

European aviation body warns of cyber-attack risk against aircraft

The chief of Europe's top airline safety agencies warned that cyber-criminals could hack into critical systems on an airplane from the ground. Patrick Ky, director of the European Aviation Safety Agency, told European aviation journalists  that over the past two years, there has been an increasing number of cyber-security incidents reported in the aviation industry.

Netgear patch delay left thousands of routers under attack

A Netgear router vulnerability remained unpatched for months after it was discovered by security researchers, leaving thousands of the devices under active attack.  Netgear routers have been found to be under active attack despite the exploited vulnerability being disclosed months ago, though a fix has finally been released.  At the end of September, Joe Giron discovered problems with his internet connection. On further inspection, Giron realised that his Netgear router's DNS server address had been changed. Giron had been the victim of an attack

Security expert cancels talk on back of legal threat

Important security research into hackable surveillance cameras has been quashed by a legal threat. Gianni Gnesa, a consultant at the Swiss cyber-security company, Ptrace Security was due to give a lecture on Thursday at Singapore's Hack in the Box conference. And he would have too, if his research didn't reveal that some of IP surveillance cameras have considerable vulnerabilities in them.

Variants now spawning off new Android SMS malware

Mobile network security and threat detection company AdaptiveMobile says it has been tracking the emergence of a new strain of Android malware. The appropriately named AndroidOS.SmsThief targets SMS message users on Android and has been evolving and developing variants since it was first identified as a threat in late August.

Fraudsters exploit weak SSL certificate security to set up hundreds of phishing sites

In just one month, fraudsters were able to get the official SSL security ‘padlock' seal of approval for hundreds of fake websites impersonating banks and other companies, partly because the checks on them were minimal or non-existent. During August sites purporting to be the official domains of PayPal, Halifax Bank and others managed to get SSL security clearance from the likes of CloudFlare, Symantec and GoDaddy says internet services provider Netcraft.

Sign up to our newsletters