Risky Bulletin: Radio Equipment Vulnerability Can Bring Trains to Sudden Stops

Podcast Information:

• Title: Risky Bulletin
• Host/Author: risky.biz
• Description: Regular cybersecurity news updates from the Risky Business team...
• Episode: Risky Bulletin: Radio equipment vulnerability can bring trains to sudden stops
• Release Date: July 14, 2025

Introduction

In the July 14, 2025 episode of Risky Bulletin, host Claire Aird delivers a comprehensive update on pressing cybersecurity issues affecting various sectors. This edition covers vulnerabilities in railway systems, significant cybersecurity incidents, governmental decisions impacting tech infrastructure, and recent developments in cybercrime and defense mechanisms.

Railway System Vulnerability

Key Issue:
A critical vulnerability in radio equipment has been identified that can cause North American trains to halt unexpectedly.

Details:

• Impact: The emergency brakes on North American trains can be triggered remotely without authorization.
• Affected Component: The vulnerability resides in the End of Train (EOT) devices, which are mounted on the last car of a train. These devices allow engineers to remotely test brake pressure and activate emergency brakes.
• Technical Flaw: The communication protocol used by EOTs lacks authentication, making it susceptible to unauthorized signals that can be generated using software-defined radios.

Discovery and Response:

• Researcher: Security expert Neil Smith discovered this vulnerability in 2012.
• Advocacy: Since his discovery, Smith has been actively urging for a resolution.
• Industry Response: The Association of American Railroads has announced plans to replace the compromised equipment. Smith estimates the replacement cost to be between $7 billion and $10 billion.

Quote:
Neil Smith emphasized the gravity of the issue, stating, "The replacement may cost between $7 and $10 billion" (02:30).

Huawei's Contract with Spain

Key Issue:
Despite international concerns, Spain has awarded Huawei a contract to manage its phone wiretapping infrastructure.

Details:

• Contract Awarded To: Huawei, a Chinese telecommunications giant.
• Controversy: The decision persists despite objections from the US and EU, who are wary of potential espionage and national security threats associated with Huawei's ties to the Chinese government.
• European Context: Many European nations have excluded Huawei from their 5G infrastructure projects due to similar security concerns.

Quote:
Claire Aird highlights the controversy: "Spain awarded the contract to Huawei despite US and EU concerns about the Chinese government's control over the company" (04:15).

Algorithm Manipulation Investigation in France

Key Issue:
The French government is investigating the social media platform X for allegedly altering its algorithms to disseminate hateful and racist content.

Details:

• Allegations: X is accused of manipulating its algorithms to influence democratic discourse in France by spreading divisive content.
• Nature of Interference: Authorities consider this manipulation as a form of foreign interference aimed at skewing public debates.

Quote:
Claire Aird reports, "The social media platform has been accused of changing its algorithm to spread hateful and racist content designed to skew democratic debate in France" (06:00).

Cryptocurrency Community Under Threat

Prevented Supply Chain Attack

Overview:
Security researchers have successfully thwarted a supply chain attack targeting the cryptocurrency sector.

Details:

• Attack Vector: A backdoor was embedded in thousands of smart contracts, potentially allowing hackers to steal over $10 million in assets.
• Response: Researchers collaborated with crypto companies to relocate funds last week, preventing the exploitation of the vulnerability.
• Attribution: The team suspects North Korean hackers are responsible for the backdoor.

Quote:
Claire Aird explains, "A team of security researchers have foiled a supply chain attack against the cryptocurrency community" (07:20).

Moonpay BEC Scam

Overview:
Moonpay cryptocurrency exchange fell victim to a Business Email Compromise (BEC) scam.

Details:

• Scam Mechanics: Scammers impersonated the Donald Trump inaugural committee to solicit donations.
• Financial Impact: The exchange transferred $250,000 to the scammers.
• Recovery Efforts: The FBI managed to recover 16% of the stolen funds.

Quote:
Claire Aird notes, "The FBI recovered 16% of the funds" (09:10).

Textjet DeFi Platform Hack

Overview:
A significant breach resulted in the theft of $2.2 million worth of crypto assets from the Textjet DeFi platform.

Details:

• Response: Textjet negotiated with the hacker, recovering 90% of the stolen funds the following day.
• Hacker's Reward: The remaining 10% was retained by the hacker as a bug bounty reward.

Quote:
Claire Aird states, "Textjet says it was able to negotiate with the hacker and recover 90% of the funds" (10:45).

GMX Cryptocurrency Platform Incident

Overview:
A hacker returned stolen assets to the GMX cryptocurrency platform after initially exploiting a smart contract vulnerability.

Details:

• Financial Impact: GMX lost $42 million due to the exploit.
• Resolution: The hacker returned the majority of the assets and retained $5 million as a bug bounty.
• Company Stance: GMX agreed not to press charges provided the hacker returned 90% of the stolen funds.

Quote:
Claire Aird mentions, "GMX allowed the hacker to keep $5 million worth of assets as a bug bounty" (12:00).

Cyber Intrusions and Legal Actions

Breach in Washington, D.C. Law Firm

Overview:
A cyberattack breached the email service of a prominent law firm in Washington, D.C.

Details:

• Attribution: The intrusion is linked to hackers affiliated with the Chinese government.
• Firm's Profile: Erane represents clients in regulatory and transnational cases, with many lawyers holding previous positions within the US Government.

Quote:
Claire Aird reports, "Suspected Chinese hackers have breached the email service of a law firm in Washington, D.C." (13:30).

Extradition of Russian Cybercriminal

Overview:
A Russian national, Alexander Zveryev, has been extradited from Indonesia to Moscow to face charges related to cybercrime.

Details:

• Allegations: Zveryev is accused of selling Russian citizen data on Telegram.
• Sourcing of Data: Russian officials assert that the data was obtained from government and code databases.
• Timeline: Zveryev fled Russia in 2022 after his illicit activities.

Quote:
Claire Aird states, "Alexander Zveryev allegedly spent years selling Russian citizen data on Telegram before fleeing the country in 2022" (15:00).

Thailand's Largest Cyber Scam Gang Dismantled

Overview:
Thailand sentenced 71 individuals involved in a massive cyber scam operation.

Details:

• Composition of the Gang: 52 Chinese and 19 Thai nationals.
• Law Enforcement Action: The group was detained in March of the previous year.
• Sentences: Leaders received 24-year prison terms.
• Significance: This is the largest cyber scam gang ever prosecuted in Thailand.

Quote:
Claire Aird highlights, "The group included 52 Chinese and 19 Thai nationals. They were detained in March last year" (16:45).

U.S. Crypto Scammer Receives Extended Sentence

Overview:
Nicholas Trullia, a cryptocurrency scammer, has been sentenced to an additional 12 years in U.S. prison.

Details:

• Initial Sentence: Trullia was originally sentenced to 18 months.
• Crime: In 2022, he executed a SIM swapping attack, stealing over $20 million in crypto assets from a single victim.
• Current Sentence: The additional term is due to his failure to repay the victim and the substantial value of the stolen assets, totaling approximately $53 million.

Quote:
Claire Aird reports, "Nicholas Trulia was initially sentenced to 18 months... In 2022, he used a SIM swapping attack to steal more than $20 million worth of crypto assets" (18:10).

Vulnerabilities and Security Advisories

Citrix Bleed 2 Exploitation

Overview:
The Cybersecurity and Infrastructure Security Agency (CISA) warns of active exploitation of the Citrix Bleed 2 vulnerability.

Details:

• Vulnerability Notice: Recently, CISA provided federal agencies with only one day to patch this vulnerability.
• Standard Procedure: Typically, agencies are granted a three-week window for patch implementation.

Quote:
Claire Aird underscores the urgency, "CISA says hackers are actively exploiting the Citrix Bleed 2 vulnerability" (19:30).

Fortinet FortiWeb Firewalls SQL Injection

Overview:
A severe pre-authentication SQL injection vulnerability has been discovered in Fortinet FortiWeb Firewalls.

Details:

• Nature of the Vulnerability: Allows attackers to inject malicious code into the authentication header, potentially taking over the firewall.
• Release of Exploit Code: Security researchers have published proof-of-concept code demonstrating the vulnerability.
• Vendor Response: Fortinet released security updates last week to address the issue.

Quote:
Claire Aird notes, "Security researchers have published proof of concept code for a major Vulnerability in Fortinet FortiWeb Firewalls" (20:45).

Gigabyte's Unpatched UEFI Firmware Vulnerabilities

Overview:
Motherboard manufacturer Gigabyte has failed to patch four critical vulnerabilities in its UEFI firmware.

Details:

• Vulnerabilities: The flaws enable attackers to take control of the highly privileged System Management Mode (SMM).
• Source of Issues: Gigabyte did not implement patches provided by upstream vendor AMI.
• Discovery: The initial vulnerabilities were identified by firmware security company Binaly.
• Certification: Carnegie Mellon University CERT highlighted the severity of these flaws.

Quote:
Claire Aird states, "Gigabyte failed to implement patches from upstream vendor AMI" (22:10).

AMD's Patch for New Side Channel Attacks

Overview:
AMD has addressed four newly identified side channel attacks affecting its processors.

Details:

• Discovery: These vulnerabilities were unearthed by Microsoft last year.
• Affected Products: AMD's EPYC, Ryzen, and Athlon CPU series.
• Attack Mechanism: The Rowhammer attack has been adapted for GPU memory, enabling bit flips in graphics processor memory and tampering with data in shared GPU environments.
• Demonstration: The modified attack was successfully used against GPUs in AI applications, reducing a model's accuracy from 80% to nearly zero.

Quote:
Claire Aird explains, "AMD has patched four new side channel attacks in its processes" (23:30).

Microsoft's Replacement of JScript

Overview:
Microsoft has deprecated JScript in favor of a new scripting engine in Windows 11.

Details:

• Change: JScript 9 Legacy is no longer the default scripting engine in Windows 11 versions 24H2 and later.
• Benefits: The new engine adheres to more modern standards and incorporates enhanced security features.
• Historical Context: JScript has been the default scripting engine in Windows since the mid-1990s.

Quote:
Claire Aird concludes, "Microsoft has replaced JScript with a new scripting engine... including more security features" (25:00).

Conclusion

The July 14, 2025 episode of Risky Bulletin underscores the ever-evolving landscape of cybersecurity threats and responses. From vulnerabilities in critical infrastructure like railway systems to significant breaches in technology platforms and aggressive actions against cybercriminals, the episode provides a thorough overview of current challenges and mitigation efforts in the cybersecurity domain.

For more detailed insights and updates, listeners are encouraged to stay tuned to future episodes of Risky Bulletin.

Listen to the full episode here.