Thursday, September 21, 2023

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • Calendar View
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Content
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Cloud Native Now
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Hot Topics
  • A Deep Dive into ARMOR Level 3: Automated Response
  • GUEST ESSAY: Caring criminals — why some ransomware gangs now avoid targeting hospitals
  • Cyber Week 2023 & The Israel National Cyber Directorate Presents - Mini Course: An Introduction to Software Vulnerability Research
  • The MGM Breach and the Role of IdP in Modern Cyber Attacks
  • Improving Patient Care, One Record at a Time
Data Security Incident Response SBN News Security Bloggers Network Threats & Breaches 

Home » Cybersecurity » Data Security » San Francisco International Airport reveals data breach on two websites

SBN

San Francisco International Airport reveals data breach on two websites

by Alina Bizga on April 13, 2020

The list of companies and industries targeted by cybercriminals has grown steadily since March, and the newest addition is none other than the San Francisco International Airport (SFO).

AWS Builder Community Hub

In a data breach notice sent to all airport commissions on April 7, airport officials announced that SFOConnect.com and SFOConstruction.com suffered a security incident in which bad actors injected a malicious code to steal users’ login credentials.

“Users possibly impacted by this attack include those accessing these websites from outside the airport network through Internet Explorer on a Windows-based personal device or a device not maintained by SFO,” said SFO’s Airport Information Technology and Telecommunications (ITT) director.

The first compromised website, SFOConstruction.com, addresses the airport’s construction project and provides a centralized way for third parties and contractors to bid on new or upcoming construction plans. SFOConnect.com, on the other hand, serves as an employee gateway providing recent airport security news and information on ground transportation units.

Following the investigation, SFO officials do not exclude the possibility of unauthorized access to the platform using employee credentials. As an immediate countermeasure after removing the malicious code, the two platforms were taken offline, and Airport ITT “reset all SFO related email and network passwords.”

The two websites are still accessible outside SFO’s network, but a full website maintenance memo is listed on SFOConstruction.com, with no ETA provided.

All users who have accessed the two platforms within SFO managed networks or their homes using IE browsers (Internet explorer) or a Windows-based devices are recommended to act quickly and change the password used to access those devices.

“At this time, it appears the attackers may have accessed the impacted users’ usernames and passwords used to log on to those personal devices.” As an additional preventive measure, employees should also change any login credentials for other online platforms that use the same password or screenname combination.


Recent Articles By Author
  • Rapper Who Bragged About Defrauding US CARES Act Program Could Face Up to 22 Years in Prison
  • BBB Warns of Health Insurance Open Enrollment Scams
  • Credit Card Details of 3 Million Dickey’s BBQ Customers Up for Sale on Dark Web Marketplace
More from Alina Bizga

*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Alina Bizga. Read the original post at: https://hotforsecurity.bitdefender.com/blog/san-francisco-international-airport-reveals-data-breach-on-two-websites-22968.html

April 13, 2020April 13, 2020 Alina Bizga compromised security, Data breach, Industry News, login credentials, San Francisco International Airport, Security Incident, SFO
  • ← False impressions: How fake attribution makes fools of us all
  • How to Use Nexus Repository and Helm for CI/CD →

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Fri 22

Cloud Security Turbocharged: A Wild Ride of Innovation, Threats and Staying Ahead

September 22 @ 11:00 am - 12:00 pm
Mon 25

Cloud Security

September 25 @ 1:00 pm - 2:00 pm
Thu 28

A Guide to Smart Dependency Management

September 28 @ 12:00 pm - 1:00 pm
Oct 03

Way Too Vulnerable: Uncovering the State of the Identity Attack Surface

October 3 @ 11:00 am - 12:00 pm
Oct 11

ASPM: Leveling the AppSec Playing Field

October 11 @ 1:00 pm - 2:00 pm
Oct 16

Shadow Access: Where IAM Meets Cloud Security

October 16 @ 3:00 pm - 4:00 pm
Oct 17

Securing Cloud-Native Applications Across the Software Development Life Cycle

October 17 @ 11:00 am - 12:00 pm
Oct 18

Live Workshop on ‘SCA 2.0’: Using Runtime Analysis to Find High-Risk SCA Vulnerabilities

October 18 @ 12:00 pm - 1:30 pm
Oct 19

Managing Security Posture and Entitlements in the Cloud

October 19 @ 1:00 pm - 2:00 pm
Oct 24

When Seconds Matter: Real-Time Cloud Security With AWS and Sysdig

October 24 @ 11:00 am - 12:00 pm

More Webinars

Subscribe to our Newsletters

TSTV Podcast

Most Read on the Boulevard

Group Allegedly Behind MGM, Caesars Attacks is Fairly New to Ransomware
LockBit Affiliates Use RMM Software in Ransomware Attacks
CrowdStrike Extends Scope of Managed Cybersecurity Services
Leveraging Wargaming Principles for Cyberdefense Exercises
Pillars of Cloud Security
How to secure payments from checkout to chargeback: Pairing Sift Payment Protection and Dispute Management
How Third-Party Breaches Impact Financial Institutions
Understanding the Cyber Kill Chain: A Comprehensive Guide to Cybersecurity
Cyber Week 2023 & The Israel National Cyber Directorate Presents – FraudCON In-Person
Automated Vulnerability Detection: Mitigate Fraud and Strengthen Your Cybersecurity Defense

Download Free eBook

The State of Cloud Native Security 2020

Industry Spotlight

Google: Chromebooks Will Get 10 Years of Software, Security Updates
Application Security Cybersecurity Data Security Endpoint Featured Industry Spotlight Malware Mobile Security Network Security News Security Boulevard (Original) Spotlight 

Google: Chromebooks Will Get 10 Years of Software, Security Updates

September 19, 2023 Jeffrey Burt | 2 days ago 0
Group Allegedly Behind MGM, Caesars Attacks is Fairly New to Ransomware
Cloud Security Cybersecurity Data Security Featured Identity & Access Industry Spotlight Malware Mobile Security Network Security News Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threats & Breaches 

Group Allegedly Behind MGM, Caesars Attacks is Fairly New to Ransomware

September 18, 2023 Jeffrey Burt | 3 days ago 0
DoD Turns to Stronger Alliances to Combat Cyberthreats
Cybersecurity Data Privacy Featured Industry Spotlight Malware Network Security News Security Awareness Security Boulevard (Original) Spotlight 

DoD Turns to Stronger Alliances to Combat Cyberthreats

September 14, 2023 Jeffrey Burt | Sep 14 0

Top Stories

GitLab Releases Urgent Security Updates for Critical Flaw
Application Security Cloud Security Cybersecurity Data Security DevOps Featured Identity & Access News Security Boulevard (Original) Spotlight Threat Intelligence Vulnerabilities 

GitLab Releases Urgent Security Updates for Critical Flaw

September 21, 2023 Jeffrey Burt | 6 hours ago 0
Barracuda Networks Issues Email Inbox Rules Manipulation Warning
Analytics & Intelligence Cybersecurity Data Security Featured Governance, Risk & Compliance Incident Response Malware Network Security News Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Barracuda Networks Issues Email Inbox Rules Manipulation Warning

September 20, 2023 Michael Vizard | Yesterday 0
Coalition Report Reveals Ransomware Resurgence
Analytics & Intelligence Cybersecurity Data Security Featured Governance, Risk & Compliance Incident Response Malware News Security Boulevard (Original) Spotlight Threat Intelligence 

Coalition Report Reveals Ransomware Resurgence

September 20, 2023 Michael Vizard | Yesterday 0

Security Humor

Randall Munroe’s XKCD ‘Haunted House’

Randall Munroe’s XKCD ‘Haunted House’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Cloud Native Now
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2023 Techstrong Group Inc. All rights reserved.