Conversation

Notices

1. Embed this notice
   Kevin Beaumont (gossithedog@cyberplace.social)'s status on Saturday, 20-Sep-2025 18:22:12 JST Kevin Beaumont

   ARINC SelfServ devices are down in airports worldwide, they do self service check in. They’re connected to navAviNet aka ARINC Ground Network, managed by Collins Aerospace, who are owned by RTX.

   An attacker got onto to the shared network.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Saturday, 20-Sep-2025 18:27:04 JST Kevin Beaumont

     in reply to

     RTX is Raytheon btw, a large cybersecurity provider. Looking into it.. but so far, looks like e-crime.

   • Embed this notice
     Becky Pinkard (beckypinkard@infosec.exchange)'s status on Saturday, 20-Sep-2025 18:46:53 JST Becky Pinkard

     in reply to

     @GossiTheDog Seeing any crossover to the ATC issues in Texas yesterday?

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Saturday, 20-Sep-2025 18:47:59 JST Kevin Beaumont

     in reply to

     The systems impacted are in ARINC Multi-User System Environment (MUSE™) aka Rockwell Collins’ ARINC vMUSE™. This is like the corporate centipede of acquisitions!

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Saturday, 20-Sep-2025 19:03:41 JST Kevin Beaumont

     in reply to

     Shodan dork if you wanna rubberneck:

     org:"ARINC INCORPORATED"

     6x AnyConnect VPN boxes offline

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Saturday, 20-Sep-2025 19:08:51 JST Kevin Beaumont

     in reply to

     BBC good reporting on the ground impact

     In theory it should be minimal but in practice airlines have automated many jobs so we’ll see.

     https://www.bbc.co.uk/news/articles/c3drpgv33pxo

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Viraptor (viraptor@cyberplace.social)'s status on Saturday, 20-Sep-2025 20:25:37 JST Viraptor

     in reply to

     @GossiTheDog
     How is any of that connected to the standard internet... why!?! 😭

   • Embed this notice
     The Penguin of Evil (etchedpixels@mastodon.social)'s status on Saturday, 20-Sep-2025 20:35:05 JST The Penguin of Evil

     in reply to

     @GossiTheDog RTX is big military so it's alarming they don't have good enough security in the current environment. It's not like the list of people who would like to fuck them over is exactly short

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Saturday, 20-Sep-2025 20:48:07 JST Kevin Beaumont

     in reply to

     The media are reporting this is impacting 3 airports, but it's actually more - the 3 airports are main transport hubs so building up backlogs (eg Heathrow is at 50% delayed flights now) but there's others, they're just smaller.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Saturday, 20-Sep-2025 20:50:05 JST Kevin Beaumont

     in reply to

     The most surprising element so far is ARINC didn't tell Heathrow it was cyber related for almost 15 hours.

   • Embed this notice
     Nick Drage (sonofsuntzu@mastodon.social)'s status on Saturday, 20-Sep-2025 21:40:18 JST Nick Drage

     in reply to

     @GossiTheDog the airports affects are just the three though? Any idea how that overlaps with where RTX are? As a company they give the impression of being a lot less isolated than that....

   • Embed this notice
     Nick Drage (sonofsuntzu@mastodon.social)'s status on Saturday, 20-Sep-2025 21:47:41 JST Nick Drage

     @GossiTheDog sorry, to be clear, the 3 airports "directly" affected. I'm assuming RTX/Collins have infrastructure at more than those three airports, so I'm wondering why only Heathrow, Berlin, and Brussels are being listed. Are reports just being copy and pasted, or is the issue ( if not the impact ) limited to those three locations?

   • Embed this notice
     Nick Drage (sonofsuntzu@mastodon.social)'s status on Saturday, 20-Sep-2025 21:54:15 JST Nick Drage

     @GossiTheDog from what I've read ( which is about two news articles ) Dublin is a separate issue. Although if whatever this is has caused the evacuation there then this has just got a lot more "interesting" ...

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Sunday, 21-Sep-2025 01:21:06 JST Kevin Beaumont

     in reply to

     If any journalists want a list of top impacted airports to check: https://infosec.exchange/@nieldk/115237394885804514

     BBC have Dublin and Cork added.

   • Embed this notice
     Just_Patch_It (just_patch_it@cyberplace.social)'s status on Sunday, 21-Sep-2025 02:22:34 JST Just_Patch_It

     • Viraptor

     @GossiTheDog @viraptor what was the attack vector for access?

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Sunday, 21-Sep-2025 02:43:40 JST Kevin Beaumont

     in reply to

     ARINC collect passenger biometric data on vMUSE, which is the system which has been impacted (the user identity database in particular, hence why airline staff can't log in either).

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Sunday, 21-Sep-2025 02:47:49 JST Kevin Beaumont

     in reply to

     Here’s where it began this time yesterday, before the whole thing tumbled off a cliff.

   • Embed this notice
     crouchingbadger (crouchingbadger@cyberplace.social)'s status on Sunday, 21-Sep-2025 03:01:32 JST crouchingbadger

     in reply to

     @GossiTheDog how's Netweaver doing?

   • Embed this notice
     Pieter Maene (pmaene@infosec.exchange)'s status on Sunday, 21-Sep-2025 03:21:03 JST Pieter Maene

     in reply to

     @GossiTheDog Brussels Airport is affected too and planning to cancel half of all flights tomorrow (news article in Dutch: https://vrtnws.be/p.kQjqZ5WEW).

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Sunday, 21-Sep-2025 03:31:08 JST Kevin Beaumont

     in reply to

     honey i've opened the door to 1998

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Sunday, 21-Sep-2025 06:32:16 JST Kevin Beaumont

     in reply to

     ARINC hope to have vMUSE back online shortly, they’re restoring their Windows environment from backup. Somebody got Domain Admin and totalled it.

   • Embed this notice
     SkaveRat 🐀 :verified: (skaverat@skaverat.net)'s status on Sunday, 21-Sep-2025 07:49:33 JST SkaveRat 🐀 :verified:

     in reply to

     @GossiTheDog even the browser knows

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Sunday, 21-Sep-2025 21:36:42 JST Kevin Beaumont

     in reply to

     ARNIC are flying engineers out to airports to try to fix terminals.

     Brussels airport, EBBR, have issued this NOTAM: “AD LTD DUE TO AN IT SYSTEM DISRUPTION. AIRLINES ARE TO CANCEL 50
     PERCENT OF THEIR DEPARTING PASSENGER FLIGHTS IN THIS TIMEFRAME”

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Monday, 22-Sep-2025 01:13:22 JST Kevin Beaumont

     in reply to

     The ARNIC incident continues https://www.bbc.co.uk/news/articles/cwy88857llno

     Also for anybody interested, ARNIC is where the cyber incident is.

     ARNIC were basically the OG airport network provider, from 1929. ARNIC were sold to Carlyle Group (private equity) in 2007, who sold them to Rockwell Collins in 2013, who sold to United Technologies in 2018, who merged to form Collins Aerospace. Their network looks a mess of US corporate shenanigans… webmail doesn’t even require https yet 😅

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Monday, 22-Sep-2025 01:27:37 JST Kevin Beaumont

     in reply to

     Worth noting that airplanes are incredibly safe and resilient after extensive regulation and open and transparent investigations of every air incident…

     when you land on the ground, however, air travel is caught in the cybersecurity bullshit every other industry is caught up in.

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Khleedril (khleedril@cyberplace.social)'s status on Monday, 22-Sep-2025 02:34:16 JST Khleedril

     in reply to

     @GossiTheDog We can all safely agree that the US is the enemy of the world right now, and for the foreseeable future.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Monday, 22-Sep-2025 16:17:11 JST Kevin Beaumont

     in reply to

     The incident continues https://www.bbc.co.uk/news/articles/cqjeej85452o

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Monday, 22-Sep-2025 16:45:59 JST Kevin Beaumont

     in reply to

     The ARINC incident is likely to continue through the week. They haven’t yet got the threat out of the network.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Monday, 22-Sep-2025 16:56:20 JST Kevin Beaumont

     in reply to

     EU says ransomware. https://www.reuters.com/business/aerospace-defense/eu-agency-says-third-party-ransomware-behind-airport-disruptions-2025-09-22/

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Monday, 22-Sep-2025 16:57:49 JST Kevin Beaumont

     in reply to

     After AFINC restored domain controllers from backup, the threat actor got back in and started trashing more stuff. 🫡

     The whole thing is a mess, they probably want to pause, take a breathe, and think about flushing out attacker before rebuilding things.

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Adrian Morales (adrianmorales@ieji.de)'s status on Monday, 22-Sep-2025 17:09:57 JST Adrian Morales

     in reply to

     @GossiTheDog Airports are running on Windows 95 systems, so even my cat could hack them. He's quite smart. 😼 🖥

     Frankly, I just don't understand how millions of people can just put their trust and lives in the hands of something that has less computing power than a smartwatch. 🤷

   • Embed this notice
     abadidea (0xabad1dea@infosec.exchange)'s status on Monday, 22-Sep-2025 17:43:07 JST abadidea

     in reply to

     @GossiTheDog I guess you’re lucky if you’re sharing a flight with the engineers, because they won’t cancel those ones

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Sarah Gooding (sarahgooding@fosstodon.org)'s status on Monday, 22-Sep-2025 19:45:57 JST Sarah Gooding

     in reply to

     @GossiTheDog Feeling the effects of the ransomware attack today at the Berlin airport. Agents shuffling papers with no computer access, handwritten boarding passes. It's super painful.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Monday, 22-Sep-2025 19:51:47 JST Kevin Beaumont

     in reply to

     https://www.bbc.co.uk/news/articles/cqjeej85452o

   • Embed this notice
     fuzzyfuzzyfungus (fuzzyfuzzyfungus@cyberplace.social)'s status on Monday, 22-Sep-2025 22:42:48 JST fuzzyfuzzyfungus

     in reply to

     @GossiTheDog I'm just focusing on the positive: if webmail is unencrypted it's slightly less likely that AD CS is present and running with full support for all the ECSes. Hopefully?

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 23-Sep-2025 16:22:50 JST Kevin Beaumont

     in reply to

     The airport thing is still rumbling on, terminals haven’t been restored by ARINC, it’s just disappeared from headlines as the media got bored.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 23-Sep-2025 16:41:20 JST Kevin Beaumont

     in reply to

     Berlin are doing pen and paper 📝 old skool still works

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 23-Sep-2025 16:41:21 JST Kevin Beaumont

     in reply to

     Berlin Airport ran at 70% delays yesterday

     https://www.dailyfinland.fi/europe/45344/Long-delays-at-Berlin-airport-as-authority-confirms-ransomware-attack

     I’ve confirmed today that Heathrow, Berlin and Dublin all still have no Muse terminals restored. I haven’t checked other airports. It’s even more complicated because Muse both processes and stores biometrics of passengers.

     "Before we reconnect our system, we must be 100% sure that there are no malware programmes left," the BER spokesman said.

   • Embed this notice
     Alex (alex02@cyberplace.social)'s status on Tuesday, 23-Sep-2025 16:59:43 JST Alex

     in reply to

     @GossiTheDog wait... you aren't british?

   • Embed this notice
     Dr. Christopher Kunz (christopherkunz@chaos.social)'s status on Tuesday, 23-Sep-2025 18:54:01 JST Dr. Christopher Kunz

     in reply to

     • Dissent Doe :cupofcoffee:

     @GossiTheDog This media isn't bored but there's just not enough for updated reports. Last I heard was that ENISA claimed ransomware, ShinyHunters got strangely quiet on the record when questioned by @PogoWasRight so maybe there's something interesting there. For me there's just not enough substance right now to report anything.

   • Embed this notice
     Wendy Nather (wendynather@infosec.exchange)'s status on Tuesday, 23-Sep-2025 18:55:07 JST Wendy Nather

     in reply to

     @GossiTheDog London City Airport is fine this morning

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 23-Sep-2025 21:33:21 JST Kevin Beaumont

     in reply to

     The Muse systems at impacted airports will likely be down the rest of the week. Airlines are being advised to continue contingency measures.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 23-Sep-2025 22:02:21 JST Kevin Beaumont

     in reply to

     Heathrow is at 80% flight delays, Brussels 79%, Dublin 74%, Berlin 84% - all are vMuse. London City isn't on vMuse, they're at 33% as a point of comparison.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 24-Sep-2025 01:59:06 JST Kevin Beaumont

     in reply to

     The Europe airlines ransomware situation is a variant of Hardbit ransomware, which doesn’t have a portal and is incredibly basic.

     They’ve had to restart recovery again as the devices keep getting reinfected. I’ve never seen an incident like it. Somebody like the NCSC needs to go in and help them with IR.

   • Embed this notice
     Aristotelis Tzafalias (aristot73@infosec.exchange)'s status on Wednesday, 24-Sep-2025 02:24:40 JST Aristotelis Tzafalias

     in reply to

     @GossiTheDog are they UK based?

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 24-Sep-2025 04:52:15 JST Kevin Beaumont

     in reply to

     Look at Dublin airport, reporters starting to realise it never actually got fixed 😅

     https://www.thejournal.ie/dublin-airport-issues-timeline-fix-6824817-Sep2025/

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 24-Sep-2025 17:25:13 JST Kevin Beaumont

     in reply to

     Delays at airports continue today. ARINC/Collins have unable to tell impacted airports when services will resume. https://www.vienna.at/after-cyberattack-continued-disruptions-at-berlin-airport/9691694

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 24-Sep-2025 18:46:31 JST Kevin Beaumont

     in reply to

     Flight delays today:

     Heathrow 78%
     Brussels 79%
     Dublin 68%
     Berlin 86%

     All are vMuse. London City isn't on vMuse, they're at 35% as a point of comparison.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 24-Sep-2025 18:49:12 JST Kevin Beaumont

     in reply to

     Heathrow PR statement: "Collins Aerospace has confirmed an IT issue with the systems that it supplies to a number of airlines across Europe. We are supporting affected airlines with their contingencies and have deployed additional colleagues in terminals to assist passengers."

   • Embed this notice
     The Shodan Dork (theshodandork@infosec.exchange)'s status on Wednesday, 24-Sep-2025 19:12:43 JST The Shodan Dork

     in reply to

     @GossiTheDog Not sure if my Bluesky commet worked. Was it Harbit or Blackbit? Given the reporting of LokiLocker (Blackbit variant) in the comments here: https://www.borncity.com/blog/2025/09/23/nachlese-sicherheitsvorfall-bei-collins-aerospace-der-flughaefen-lahm-legte/

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 24-Sep-2025 20:06:33 JST Kevin Beaumont

     in reply to

     40 year old man arrested in connection to airport cybersecurity incident https://www.bbc.co.uk/news/articles/c62ldxyj431o

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 24-Sep-2025 20:43:36 JST Kevin Beaumont

     in reply to

     This is complete bollocks.

   • Embed this notice
     fuzzyfuzzyfungus (fuzzyfuzzyfungus@cyberplace.social)'s status on Wednesday, 24-Sep-2025 20:51:43 JST fuzzyfuzzyfungus

     in reply to

     @GossiTheDog I'm surprised that they bailed him, given that the penalties for cybering Collins Aerospace hard enough to disrupt major airports across a fair bit of western Europe seem like they would be enough to make you a flight risk.

     Though, under those specific circumstances, I suppose everyone is less of a flight risk than usual.

   • Embed this notice
     Sleeper_cell_spy (sleepercellspy@cyberplace.social)'s status on Wednesday, 24-Sep-2025 21:12:38 JST Sleeper_cell_spy

     in reply to

     @GossiTheDog do you think it’s linked to the NATO contract they were awarded on the 16th?

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 24-Sep-2025 22:00:28 JST Kevin Beaumont

     in reply to

     NPR and PBS have somehow managed to run a completely bollocks article linking the EU airport thing to AI - the article itself written by an AI cybersecurity vendor. https://www.wgcu.org/science-tech/2025-09-23/detection-expert-says-hackers-likely-used-ai-to-penetrate-airport-system

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     vict0ni (vict0ni@infosec.exchange)'s status on Wednesday, 24-Sep-2025 22:29:17 JST vict0ni

     in reply to

     @GossiTheDog I don't think this is the correct reason they're wrong. The fact that the AV detection is/should be easy maybe indicates the use of AI, maybe the content it produced is based on old techniques. We know AI is not THAT advanced to produce brand new AV evasion techniques that easily.

     Still, jumping to such a conclusion is bollocks indeed, I agree

   • Embed this notice
     jorntw (jorntw@infosec.exchange)'s status on Wednesday, 24-Sep-2025 23:23:32 JST jorntw

     in reply to

     @GossiTheDog definitely smells like bs. But how would one know what the real payload was? Has there been a statement?

   • Embed this notice
     TonyNando (tonynando@cyberplace.social)'s status on Wednesday, 24-Sep-2025 23:23:48 JST TonyNando

     in reply to

     @GossiTheDog There are indications of a possible second actor, with some chatter around LokiLocker being involved, although attribution remains unclear.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 24-Sep-2025 23:43:28 JST Kevin Beaumont

     in reply to

     RTX, the owner of Collins aka ARINC, finally filed an 8K with the SEC for a ransomware incident. https://www.sec.gov/Archives/edgar/data/101829/000010182925000036/rtx-20250919.htm?7194ef805fa2d04b0f7e8c9521f97343

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 25-Sep-2025 03:05:49 JST Kevin Beaumont

     in reply to

     If your board is concerned about the EU ransomware thing - there is no need to be concerned. It is not a wider issue.

     It wouldn't surprise me if the person arrested turns out to be an employee trying to do incident response or some such (I'm not saying they're guilty, at all).

     It's an extremely unusual incident and essentially involves lax cybersecurity and confused response.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 25-Sep-2025 03:52:23 JST Kevin Beaumont

     in reply to

     • Maxime Thiebaut

     ARINC/Collins have been unable to restore the systems in Brussels airport so they are ripping out and replacing everything.

     https://www.lesoir.be/700923/article/2025-09-24/cyberattaque-brussels-airport-un-nouveau-systeme-deploye-ce-lundi-avec-lespoir

     HT @0xThiebaut

     Infoseepage repeated this.
   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 25-Sep-2025 20:21:08 JST Kevin Beaumont

     in reply to

     Flight delays today:

     Heathrow 90%
     Brussels 89%
     Dublin 84%
     Berlin 86%

     All are vMuse. London City isn't on vMuse, they're at 33% as a point of comparison.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 25-Sep-2025 20:26:40 JST Kevin Beaumont

     in reply to

     In terms of recovery:

     - Heathrow going nowhere, manual workarounds to issue bag tags and boarding passes, airlines have been told to maintain continency measures until w/c October 6th

     - Brussels Airport are manual workarounds to issue bag tags and boarding passes, and are ripping out all their vMuse terminals and Muse IT infrastructure and replacing them

     - Dublin making progress to starting restoration

     - Berlin manual workarounds to issue bag tags and boarding passes

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 25-Sep-2025 20:29:43 JST Kevin Beaumont

     in reply to

     A bit more on Berlin: https://www.heise.de/en/news/Cyberattack-on-airports-Problems-continue-at-BER-and-one-arrest-10669689.html

     https://www.travelandtourworld.com/news/article/berlin-brandenburg-airport-in-full-crisis-mode-as-cyberattack-forces-drastic-measures-leaving-travelers-exposed-to-delays-and-confusion/

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 25-Sep-2025 20:33:37 JST Kevin Beaumont

     in reply to

     And yes, the 40 year old arrested yesterday lives in West Sussex - which is where Collins Aerospace has its avionics staff based.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Friday, 26-Sep-2025 00:45:07 JST Kevin Beaumont

     in reply to

     Aer Lingus have got their check in terminals working again at Dublin Airport

     https://ittn.ie/travel-news/aer-lingus-electronic-check-in-and-bag-drop-facilities-fully-operational-again-following-airport-cyber-attack/

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Friday, 26-Sep-2025 18:39:21 JST Kevin Beaumont

     in reply to

     Flight delays today:

     Heathrow 95%
     Brussels 94%
     Dublin 76%
     Berlin 80%

     All are vMuse. London City isn't on vMuse, they're at 33% as a point of comparison.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Saturday, 27-Sep-2025 00:09:15 JST Kevin Beaumont

     in reply to

     If you're traveling via Heathrow, Brussels, Dublin or Berlin airport this weekend - flights are running fine but average 90% delays still.

     Check in online (rather than at the airport). If you need to baggage drop add about ~30 mins to your usual schedule.

     Expectation is this will last for about another week or two due to the ongoing issues at ARINC/Collins/RTX.

   • Embed this notice
     Cris (crisl_at@mastodon.social)'s status on Saturday, 27-Sep-2025 16:58:53 JST Cris

     in reply to

     @GossiTheDog Had no issues flying in to Brussels but did have a slight delay. Let’s see how the travel back will be. And of course I will be in Berlin next week.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 30-Sep-2025 00:37:39 JST Kevin Beaumont

     in reply to

     Brussels Airport has today begun rolling out replacement terminals and servers for it's ARINC/Collins/RTX ransomware compromised infrastructure. https://www.traveldailynews.com/aviation/brussels-airport-accelerates-new-check-in-and-boarding-system-after-cyberattack/

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 30-Sep-2025 00:39:01 JST Kevin Beaumont

     in reply to

     Berlin Airport says it is still in the middle of the "crisis", with 20 Collins staff on site trying to restore systems.
     https://www.yahoo.com/news/articles/berlins-airport-still-suffering-delays-114722643.html

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 30-Sep-2025 00:42:35 JST Kevin Beaumont

     in reply to

     Flight delays today:

     Heathrow 81%
     Brussels 81%
     Dublin 73%
     Berlin 77%

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 30-Sep-2025 00:51:51 JST Kevin Beaumont

     in reply to

     I'm probably going to stop tracking this one for now, basically the impacted airports are mostly okay to travel through, check in online basically.

     Airports did a really good at being resilient, by falling back to paper and/or using online check in.

     Collins, less so.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 30-Sep-2025 01:25:22 JST Kevin Beaumont

     in reply to

     One hopefully final thought for now - interesting security setup to take and store biometrics. I'm be sure to rotate my face and fingerprints.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Monday, 06-Oct-2025 06:03:20 JST Kevin Beaumont

     in reply to

     The Europe airport cyber incident is still rolling on.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 23-Oct-2025 16:36:13 JST Kevin Beaumont

     in reply to

     Okay, there’s an incredible update to the RTX/Collins/ARINC airport ransomware situation

     Everest are claiming the incident, saying they exfiltrated a very large amount of data, including passenger data.

     They’re really salty and claim it wasn’t ransomware.. what they aren’t aware of (this isn’t in the story) is an in parallel, somebody also tried to deploy ransomware.

     Overall the problem is: shite security.

     https://www.cyberdaily.au/security/12814-exclusive-passenger-and-employee-data-allegedly-compromised-in-collins-aerospace-hack

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Friday, 24-Oct-2025 17:49:14 JST Kevin Beaumont

     in reply to

     Another update on the RTX/Collins/ARINC story https://www.linkedin.com/posts/alon-gal-utb_looks-like-everest-group-targeted-collins-activity-7387117440020844545-5l0X

     Alon Gal has confirmed that, yes, the FTP credentials Everest used for their (separate) incident were in a historic infostealer.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Friday, 24-Oct-2025 17:57:10 JST Kevin Beaumont

     in reply to

     I’ve confirmed with one of the airlines they weren’t told about this, and it impacts their passenger data so this will probably get spicy.

     ARINC’s network border looks like it was transported from three decades ago, they gotta invest in it.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Sunday, 26-Oct-2025 22:29:27 JST Kevin Beaumont

     in reply to

     • Metacurity

     Dublin Airport have confirmed the RTX/Collins/ARINC incident included passenger data for their airport. HT @metacurity

     It actually includes lots more airports.

     https://www.irishtimes.com/ireland/2025/10/24/millions-of-passengers-could-be-affected-by-cyber-breach-at-dublin-airport-supplier/

     Paul Cantrell repeated this.
   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Sunday, 26-Oct-2025 22:36:53 JST Kevin Beaumont

     in reply to

     If you read these reports and think ‘bruh there’s no way ARINC were running Windows terminals with no antimalware in airports taking passenger fingerprints and uploading them over the internet with plain text FTP’, I’ve got a GIF for you

   • Embed this notice
     fuzzyfuzzyfungus (fuzzyfuzzyfungus@cyberplace.social)'s status on Sunday, 26-Oct-2025 22:44:05 JST fuzzyfuzzyfungus

     in reply to

     @GossiTheDog I can totally imagine someone doing that at a technical level; but how did they get away with that setup in european airports?

     Is there some esoteric reading of the text where fingerprints aren't a data privacy issue; or are we doing don't ask/don't tell compliance now?

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 29-Oct-2025 03:32:48 JST Kevin Beaumont

     in reply to

     a) nobody is buying that for $1m
     b) at least set to view counter to 1337