Latest news with #Diplomats
Khaleej Times
a day ago
- Politics
- Khaleej Times
US tightens visa interview waiver rules from September 2 in new update
The US Department of State has tightened the visa interview waiver rules in a new update on July 25. The visa interview waiver programme allows some applicants to submit a visa application by mail instead of being interviewed at the Embassy. This will be easily determined while you are registering to apply for your visa online — the website will ask tthe applicant some questions and then may or may not direct them to the visa appointment page, depending on their eligibility. The new programme update will overrule the one issued in February, which means that all those applying for a US non-immigration visa will have to keep these new regulations in mind. Stay up to date with the latest news. Follow KT on WhatsApp Channels. What's new? From September 2, all nonimmigrant visa applicants, including applicants under the age of 14 and over the age of 79, will generally require an in-person interview with a consular officer, the authority said. Earlier, applicants of broader categories were eligible for the interview waiver programme. Exemptions, who's still eligible? There are some exceptions to this update, which means that the people applying for visas in the categories listed below may be eligible for the visa interview waiver programme. They are: 1. Diplomats and Foreign Government Officials Applicants classifiable under the visa symbols A-1, A-2, C-3 (except attendants, servants, or personal employees of accredited officials), G-1, G-2, G-3, G-4, NATO-1 through NATO-6, or TECRO E-1, applicants for diplomatic- or official-type visas; and 2. Renewing a B-1, B-2 visa or a Border Crossing Card Applicants renewing a full validity B-1, B-2, B1/B2 visa or a Border Crossing Card/Foil (for Mexican nationals) within 12 months of the prior visa's expiration, and who were at least 18 years old at the time of the prior visa's issuance. To be eligible for a waiver based on this, applicants should apply in their country of nationality or residence; should have never been refused a visa (unless such refusal was overcome or waived); and have no apparent or potential ineligibility. Consular officers can also ask for an interview on a case-by-case basis for any reason.
WIRED
6 days ago
- Business
- WIRED
A Premium Luggage Service's Web Bugs Exposed the Travel Plans of Every User—Including Diplomats
Jul 24, 2025 12:00 PM Security flaws in Airportr, a premium door-to-door luggage service used by 10 airlines, let hackers access user data and even gain privileges that would have let them redirect or steal luggage. Photo-Illustration:An airline leaving all of its passengers' travel records vulnerable to hackers would make an attractive target for espionage. Less obvious, but perhaps even more useful for those spies, would be access to a premium travel service that spans 10 different airlines, left its own detailed flight information accessible to data thieves, and seems to be favored by international diplomats. That's what one team of cybersecurity researchers found in the form of Airportr, a UK-based luggage service that partners with airlines to let its largely UK- and Europe-based users pay to have their bags picked up, checked, and delivered to their destination. Researchers at the firm CyberX9 found that simple bugs in Airportr's website allowed them to access virtually all of those users' personal information, including travel plans, or even gain administrator privileges that would have allowed a hacker to redirect or steal luggage in transit. Among even the small sample of user data that the researchers reviewed and shared with WIRED, they found what appear to be the personal information and travel records of multiple government officials and diplomats from the UK, Switzerland, and the US. 'Anyone would have been able to gain or might have gained absolute super-admin access to all the operations and data of this company," says Himanshu Pathak, CyberX9's founder and CEO. 'The vulnerabilities resulted in complete confidential private information exposure of all airline customers in all countries who used the service of this company, including full control over all the bookings and baggage. Because once you are the super-admin of their most sensitive systems, you have have the ability to do anything.' Airportr's CEO Randel Darby confirmed CyberX9's findings in a written statement provided to WIRED but noted that Airportr had fixed the vulnerabilities a few days after the researchers made the company aware of the issues last April. 'The data was accessed solely by the ethical hackers for the purpose of recommending improvements to Airportr's security, and our prompt response and mitigation ensured no further risk,' Darby wrote in a statement. 'We take our responsibilities to protect customer data very seriously.' CyberX9's researchers, for their part, counter that the simplicity of the vulnerabilities they found mean that there's no guarantee other hackers didn't access Airportr's data first. They found that a relatively basic web vulnerability allowed them to change the password of any user to gain access to their account if they had just the user's email address—and they were also able to brute-force guess email addresses with no rate limitations on the site. As a result, they could access data including all customers' names, phone numbers, home addresses, detailed travel plans and history, airline tickets, boarding passes and flight details, passport images, and signatures. By gaining access to an administrator account, CyberX9's researchers say, a hacker could also have used the vulnerabilities it found to redirect luggage, steal luggage, or even cancel flights on airline websites by using Airportr's data to gain access to customer accounts on those sites. The researchers say they could also have used their access to send emails and text messages as Airportr, a potential phishing risk. Airportr tells WIRED that it has 92,000 users, and claims on its website that it's handled over 800,000 bags for customers. Within the data CyberX9 accessed in its testing, the researchers found and shared with WIRED examples of passengers traveling with diplomatic passports, for several of which the front-page images were also included in the data. These included four from the UK, two from the US, and three from Switzerland. One of the individuals, the researchers determined, was at the time of their travel a UK ambassador, and another was a US executive branch cybersecurity official. 'This is a premium service,' says Pathak. 'We consider that a good chunk of their users are government officials, and other people of a sensitive nature.' Airportr advertises that it's the 'official bag check in partner' of American Airlines, British Airways, Lufthansa, and Virgin Atlantic, along with half a dozen other major airlines, though it appears to only offer its services on flights to and from airports in the UK, Germany, Switzerland, and Austria. American Airlines, British Airways, and Virgin Atlantic didn't respond to WIRED's requests for comment, but a Lufthansa spokesperson responded in a statement. 'We are dedicated to investigating any indications of a third-party data breach thoroughly and promptly," the spokesperson writes. "We take these matters seriously and are committed to maintaining the integrity and security of our data.' CyberX9's researchers first became curious about Airportr last April, after a member of the team saw the service advertised to him for flights to Europe from the United Arab Emirates, where the company is based, and heard that other staff at the company had used it. 'They're handling such a sensitive task of delivering the baggage and collecting so much sensitive information, I thought we should see where they actually stand in terms of security,' says the research team's lead, who asked to remain anonymous due to privacy concerns. 'When I got some time to actually test it out, I found these vulnerabilities quite quickly.' The researchers found that they could monitor their browser's communications as they signed up for Airportr and created a new password, and then reuse an API key intercepted from those communications to instead change another user's password to anything they chose. The site also lacked a 'rate limiting' security measure that would prevent automated guesses of email addresses to rapidly change the password of every user's account. And the researchers were also able to find email addresses of Airportr administrators that allowed them to take over their accounts and gain their privileges over the company's data and operations. In his response statement, Darby, the Airportr CEO, writes that 'while data exposure could theoretically allow administrative access, the ability to act on such information without triggering alarms would be highly difficult.' He also emphasized that the data the researchers found to be vulnerable was Airportr's alone, not that of its airline partners. 'We do not have any ability to alter or influence airline operations or customers' flight details via our APIs, which are designed with read-only permissions and are tightly restricted to reduce risk to airline systems and customer data,' Darby writes. (CyberX9 points out that the administrative access it gained was not in fact, 'theoretical,' and Airportr didn't appear to be aware of the access until the researchers notified the company.) Darby adds that Airportr didn't tell airlines about the vulnerability at the time. 'Given the low-risk nature of the incident, as determined by our investigation, we did not at the time notify data subjects, airline partners, or supervisory authorities,' he writes. 'Subsequently, and given the potential visibility generated by the publication of the research and subsequent media coverage, we have decided to notify the Information Commissioner's Office (ICO) as a precautionary measure.' Airportr's airline partners shouldn't be entirely let off the hook, CyberX9's CEO Pathak says. He argues they, too, are responsible for ensuring the security of their customers' travel plans and other sensitive personal information when they recommend another service to them—a responsibility at which they 'failed miserably," he says. He argues, too, that Airportr's security flaws should serve as a warning about how third-party services, contractors and little-known partner services are often a hidden source of data leakage. 'The real risk isn't always the airline itself but the small add‑on services we overlook which often get promoted to us, as passengers, by the airlines and airports—services we assume are safe because we trust the airline's endorsement,' says Pathak. 'Your data is only as secure as the least‑protected partner that touches it.'
The Independent
17-07-2025
- Business
- The Independent
Photos of US State Department workers getting hugs and applause as they're fired
Carrying boxes past signs of thanks for their service, fired State Department workers were hugged and applauded as they left their headquarters for the last time. More than 1,300 State Department employees fired in July, some focusing on intelligence activities, U.S. energy interests abroad, strategic competition with China and visa fraud. The lay offs are in line with a dramatic reorganization plan from the Trump administration. This is a photo gallery curated by AP photo editors.
Arab News
11-07-2025
- Politics
- Arab News
Postponed Saudi-Franco conference on Palestinian statehood rescheduled
NEW YORK: A postponed Saudi-Franco conference to discuss Palestinian statehood has been rescheduled for July 28 to 29, it was announced on Friday. 'The two state solution ministerial conference will resume on the 28th and 29th July 2025, details will be shared shortly,' diplomats at the French UN mission confirmed to Arab News. Originally scheduled for June, it was postponed when Israel launched a military attack on Iran.
New York Times
08-07-2025
- Politics
- New York Times
State Dept. Is Investigating Messages Impersonating Rubio, Official Says
The State Department is investigating episodes in which one or more people used artificial intelligence to impersonate Secretary of State Marco Rubio in messages to top foreign diplomats and U.S. officials, according to an official at the agency. Mr. Rubio's office sent a cable, or an agency memo, last week to State Department employees about the efforts to impersonate him. When asked on Tuesday about the cable and the episodes, the department's press office issued a statement from a senior official that said the department was 'aware of this incident and is currently investigating the matter.' 'The department takes seriously its responsibility to safeguard its information, and continuously takes steps to improve the department's cybersecurity posture to prevent future incidents,' the statement said. The person or people impersonating Mr. Rubio sent text and voice messages, including over the encrypted chat app Signal, to at least five people outside the State Department. The recipients included a governor, a member of Congress and three foreign ministers, according to the cable, which was reported earlier by The Washington Post. The cable was dated July 3. Mr. Rubio's voice and mannerisms can be observed on many online sites. He is a ubiquitous presence on television, holds news conferences and appears in many photo opportunities in which he exchanges words with other diplomats. Before becoming secretary of state this year, he was a senator from Florida who spoke frequently at congressional hearings and other public appearances, including when he ran against Donald J. Trump for the Republican presidential nomination in 2016. Want all of The Times? Subscribe.
