flight tickets | Breaking Cybersecurity News | The Hacker News

Almost half of the fight travelers around the world were found exposed to a critical security vulnerability discovered in online flight ticket booking system that allowed remote hackers to access and modify their travel details and even claim their frequent flyer miles. Israeli network security researcher Noam Rotem discovered the vulnerability when he booked a flight on the Israeli airline ELAL, successful exploitation of which just required victim's PNR (Passenger Name Record) number. The vulnerability resided in the widely used online flight booking system developed by Amadeus, which is currently being used by nearly 141 international airlines, including United Airlines, Lufthansa and Air Canada. After booking a flight with ELAL, the traveler receives a PNR number and a unique link that allows customers to check their booking status and related information associated with that PNR. Rotem found that merely by changing the value of the "RULE_SOURCE_1_ID" param...

What do you do to earn up to $150,000? Somebody just hacks into airlines and sells fake tickets. That's exactly what a 19-year-old teenager did and made approximately 1.1 Million Yuan (£110,000 or $150,000) by hacking into the official website of an airline and using the stolen booking information to defraud hundreds of passengers. The teenager, identified as Zhang from Heilongjiang, north-east China, hacked into a Chinese airline website and illegally downloaded 1.6 Million passengers bookings details, including: Flight details Names ID card numbers Email addresses Mobile phone numbers Zhang then used this information to successfully defraud hundreds of customers by convincing them that there was some issue with their booking flights, and they had to pay extra fees, according to People's Daily Online . Moreover, the hack caused the airline to lose almost 80,000 Yuan ( $12,365 USD ) as a result of customers requesting refunds. The incident too...

Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...