November 14, 2024 at 09:01PM The TSA has proposed new cybersecurity rules for pipeline, railroad, bus, and public transportation systems, enhancing existing frameworks. Affected operators must implement cyber risk management programs, report incidents, and maintain security measures. This initiative aims to boost cybersecurity resilience, with public comments accepted until February 2, 2025. ### Meeting Takeaways … Read more
September 6, 2024 at 06:30AM CISA responded to the disclosure of a security vulnerability in FlyCASS, a third-party application related to airport security systems. The issue allowed unauthorized access to the account of a participating airline, potentially compromising security screening and cockpit access. The researchers identified and reported several serious issues, prompting the disabling of … Read more
August 30, 2024 at 09:35AM Cybersecurity researchers discovered a vulnerability in the Known Crewmember (KCM) and Cockpit Access Security System (CASS) programs, allowing unauthorized access to skip airport security and enter the cockpit of commercial airliners. By exploiting a SQL injection bug in the third-party vendor site FlyCASS, the researchers gained admin access and manipulated … Read more