Latest news with #CISA


Time of India
4 days ago
- Time of India
Hackers can use just a radio to cause train accidents in US, CISA explains how
Representative Image The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a key train system in the US. The warning specifically concerns the End-of-Train and Head-of-Train protocol, which the agency claims could be hacked using only a radio. This vulnerability stems from the system's lack of encryption and authentication protocols. The flaw involves the communication between a Flashing Rear End Device (FRED), or End-of-Train (EOT) device, attached to the back of a train, and a corresponding Head-of-Train (HOT) device in the locomotive. Installed in the 1980s to replace caboose cars, these devices can transmit data via radio signals, where commands can also be sent to the FRED to apply brakes at the rear of the train. The current system is dependent on data packets with a simple BCH checksum for error detection. However, CISA is now warning that a person using a software-defined radio could potentially send fake data packets, which would allow them to interfere with train operations. What CISA said about this train system vulnerability In its advisory, CISA wrote: 'Successful exploitation of this vulnerability could allow an attacker to send their own brake control commands to the end-of-train device, causing a sudden stoppage of the train, which may lead to a disruption of operations, or induce brake failure,' the CISA wrote in its advisory.' What researchers said about this train system's vulnerability CISA credited researchers Neil Smith and Eric Reuter for reporting this vulnerability. Moreover, in a post shared on the social media platform X (earlier Twitter) that he had first alerted the agency's predecessor, ICS-CERT, back in 2012 and no action was taken at the time. In his X post, Smith wrote: 'So how bad is this? You could remotely take control over a Train's brake controller from a very long distance away, using hardware that costs sub $500. You could induce brake failure leading to derailments or you could shutdown the entire national railway system.' However, Smith noted that efforts to address a cybersecurity flaw stalled due to a disagreement between ICS-CERT and the Association of American Railroads (AAR) between 2012 and 2016, as the latter considered the risk too theoretical without real-world proof. When Smith raised the issue again in 2024, AAR still downplayed its importance, though it later announced plans to upgrade the outdated system in 2026. AI Masterclass for Students. Upskill Young Ones Today!– Join Now


Time of India
4 days ago
- Politics
- Time of India
Signalgate scandal: US President Donald Trump's former national security adviser Mike Waltz says app was ‘recommended' by…
US President Donald Trump's former national security adviser, Mike Waltz , has claimed that the encrypted messaging app , Signal, which played a central role in the recent "Signalgate" scandal, was "recommended" to him. Waltz, who was removed from his post in May, said that he was using the commercially available app for discussing a sensitive military operation after it was recommended by the Biden administration . The incident in question involved him mistakenly adding The Atlantic editor, Jeffrey Goldberg, to a Signal group chat (that included Defence Secretary Pete Hegseth, Vice President JD Vance, as well as other government officials) that was used to discuss a US military operation in Yemen. Testifying at a recent Senate hearing for his nomination as US ambassador to the United Nations, Waltz was questioned about a potential national security breach that was caused by the 'mistake'. What Mike Waltz said about using Signal app for discussing military operations Responding to US Senator Chris Coons' question about whether he had been investigated for using the app to discuss sensitive information, Waltz said, 'The use of Signal, as an encrypted app, is not only authorised, it was recommended in the Biden era CISA guidance.' In this reply, Waltz was talking about a set of guidelines which was released by the Cybersecurity and Infrastructure Security Agency (CISA) in November 2024 to address cyber espionage activities linked to the People's Republic of China. CISA is the federal body tasked with safeguarding cybersecurity and infrastructure across the US government and states. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like Esta nueva alarma con cámara es casi regalada en Providencia (ver precio) Verisure Alarmas Undo According to a report by The Independent, this advisory was intended to be general guidance. The CISA policy introduced during the Biden administration, which was aimed specifically at government employees, also discouraged using personal devices for work-related tasks, the report notes. At the same time, the Department of Defence also had a stricter policy which explicitly prohibited Signal and other encrypted commercial messaging apps. The policy stated that they were 'not authorised to access, transmit, process non-public DoD information,' the report adds. However, Waltz and other Trump officials have maintained that no classified information was shared in their group chat and that Signal was authorised to some extent. While defending his use of the app. Waltz reiterated this point to Senator Coons. AI Masterclass for Students. Upskill Young Ones Today!– Join Now

Washington Post
4 days ago
- Politics
- Washington Post
China's cyber sector amplifies Beijing's hacking of U.S. targets
Undeterred by recent indictments alleging widespread cyberespionage against American agencies, journalists and infrastructure targets, Chinese hackers are hitting a wider range of targets and battling harder to stay inside once detected, seven current and former U.S. officials said in interviews. Hacks from suspected Chinese government actors detected by security firm CrowdStrike more than doubled from 2023 to more than 330 last year and continued to climb as the new administration took over, the company said. Bursts of espionage are typical with each new president, the officials said, and major staff cuts at the Cybersecurity and Infrastructure Security Agency have disrupted some response coordination.


Forbes
4 days ago
- Forbes
Google Confirms Chrome Attacks—You Must Restart Your Browser
Chrome is under attack—again. Here we go again. Google has just confirmed that Chrome is under attack from another zero-day vulnerability that affects Windows PCs. Again, this has been discovered by Google's own Threat Analysis Group, triggering an emergency update. Google warns it is 'aware that an exploit for CVE-2025-6558 exists in the wild.' This specific vulnerability exploits the browser's graphics rendering engine, which is likely being exploited by sophisticated threat actors given the nature of the discovery. Google says the stable channel 'has been updated to 138.0.7204.157/.158 for Windows, Mac and 138.0.7204.157 for Linux. This, it says, 'will roll out over the coming days/weeks.' But that's boilerplate. In reality, you can expect this over the next small number of days, and you should restart your browser as soon as it downloads. Such is the shortness of gap between this zero-day and the last, that the U.S. government's cyber defence agency's update mandate is still ongoing. CISA has warned federal employees to update or stop using Chrome by July 23. You can now expect another CISA mandate to be issued in the next few days. As ever, Google says 'access to bug details and links may be kept restricted until a majority of users are updated with a fix.' The latest Chrome update addresses other vulnerabilities as well as the zero-day, including two externally reported high-severity bugs. All told, this is definitely an update you should apply as soon as you can. Chrome remains the de facto default browser on Windows, and so is one of the most prized attack surfaces available. Google takes credit for its quickness in developing and rolling out updates as new flaws are discovered. But attackers will know the clock is now ticking, making this the time of utmost risk for users. Remember, when you restart Chrome your private (Incognito) windows will not reopen. So, make sure you save anything you need before applying the update.


The Independent
4 days ago
- Politics
- The Independent
Mike Waltz defends his use of Signal app during Senate hearing
National security adviser Mike Waltz faced questioning regarding his use of the encrypted app Signal for sensitive military discussions, a matter dubbed the 'Signalgate' scandal. During a Senate hearing, Waltz was questioned about adding The Atlantic editor Jeffrey Goldberg to a Signal group chat discussing a military operation in Yemen. Waltz defended his actions by asserting that the use of Signal was authorized under Biden -era Cybersecurity and Infrastructure Security Agency (CISA) guidance. Conversely, Department of Defense policy explicitly prohibited the use of commercial encrypted messaging applications, including Signal, for transmitting non-public DoD information. Signal group chat.