• Comparitech Stack Report
  • Posts
  • U.S. commuter trains had a vulnerability for 13 years—anyone could activate rear-car brakes remotely

U.S. commuter trains had a vulnerability for 13 years—anyone could activate rear-car brakes remotely

Author

Taylor Hawes
July 15, 2025

🔎 Cyber Watch

U.S. commuter trains had a vulnerability for 13 years—anyone could activate rear-car brakes remotely

Tom’s Hardware reveals that train operators ignored a long-known design flaw allowing unauthorized remote activation of rear-car brakes on U.S. commuter trains. The vulnerability stemmed from an unprotected wireless system connected to the braking mechanisms, first flagged in 2012. Only now have operators begun deploying firmware updates and stronger authentication to seal the gap.

Takeaway: Critical infrastructure often relies on legacy systems that go unpatched for years. Regular design reviews and proactive firmware audits are critical to closing such systemic blind spots.

🎙️ Tech Briefing On‑Air

Efficient Third-Party Vendor Risk Ratings

CISO Series’ Defense in Depth podcast episode explores how to quickly assess third-party cybersecurity risk. Guest Steve Knight (ex-Hyundai CISO) and co-hosts recommend a tiered approach:

  • Initial filter – categorize vendors by data sensitivity (e.g., janitorial vs payroll service)

  • Simple checklist – use basic criteria to eliminate low-risk vendors

  • Deeper audit – reserve SOC 2 reviews and detailed vetting for high-risk vendors only.

Tip: Tailor your vetting based on vendor role and data access—this saves time and maintains security.

🤝 Partner Intel

Paessler

Paessler GmbH, founded in 2001 by Dirk Paessler in Germany, originated from the need for simpler and more efficient network monitoring tools. The company's flagship product, PRTG was first released in May 2003. Over two decades, Paessler has grown to serve over 500,000 customers worldwide, providing powerful oversight across IT and OT environments. Paessler’s mission is to provide full visibility into IT infrastructures through intuitive dashboards, automated discovery, flexible alerts, and historical reporting. With roots in simplicity and a commitment to innovation in monitoring technologies, Paessler continues to expand globally with a diverse partner network and support for over 25 years of development experience.

🤖 AI Runtime

AI-driven spear-phishing floods in as phishing sites go pixel-perfect

Hackers use generative AI and platforms like v0.dev to build phishing sites mimicking Microsoft 365 and Okta. Hosted on trusted services with proper SSL, these sites look legitimate and bypass typical security checks.

📊 By the Numbers

156%

Identity-driven threats surged 156% between 2023 and 2025, now making up 59% of all confirmed threat cases in Q1 2025. Source.

🗳️ Your Tuesday Take

Cast your vote on our weekly poll.

What’s your team prioritizing for the second half of 2025?

Login or Subscribe to participate in polls.

📩 We’ll share the results in the next issue.

🔗 Stay Connected

Until Thursday’s edition - Let’s keep that zero-day count at zero!