US plans water sector cybersecurity task force
The U.S. Environmental Protection Agency announced it would seek to establish the task force as a way to create “immediate” solutions to threats to water systems. This task force will work to create industry-wide best practices and address systemic vulnerabilities. The group will also consider recommendations from a meeting of state environment, health and homeland security secretaries scheduled for March 21. EPA Administrator Michael Regan said the industry currently follows even the basics of cybersecurity, with software unpatched and passwords left at factory defaults. I pointed out.
(Register)
Looping DoS attacks exploit UDP infinite regress
Researchers from the CISPA Helmholtz Center for Information Security detailed this new attack vector. Loop DoS targets application layer protocols that use UDP to pair servers to communicate with each other indefinitely, effectively creating a catastrophic loop. Because UDP does not verify IP addresses, an attacker could launch an attack by forging a UDP packet containing the target IP address. Researchers estimate that approximately 300,000 hosts using vulnerable solutions from Broadcom, Cisco, Honeywell, Microsoft, and Zyxel remain online. That being said, there is no evidence of exploitation in the wild.
(Hacker News)
GitHub tools use AI to fix vulnerabilities
GitHub has launched a beta version of this code scanning auto-fix feature for GitHub Advanced Security customers. It uses the existing Copilot AI engine and CodeQL semantic engine to detect and fix security vulnerabilities in real-time. Language support at launch includes JavaScript, Java, Python, and Typescript. The company claims the new features can fix two-thirds of the vulnerabilities it finds. This feature displays a description of the detected issue and the steps required to fix it if it is not automatically fixed.
(Tech Crunch)
Cato Networks aims for IPO
The Israeli cybersecurity company has hired an underwriter as part of its initial public offering plans, Reuters sources said. Currently valued at more than $3 billion, Cato reportedly hopes to raise more than $500 million in an IPO in early 2025. The company currently has more than 2,200 corporate customers and said its annual revenue increased by 59% last year. The IPO reflects the easing of equity capital markets and could serve as a bellwether for other cybersecurity startups.
(Reuters)
