Water task force, Loop DoS attacks, GitHub vulnerability fixer | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

US plans Water Sector Cybersecurity Task Force

The US Environmental Protection Agency announced it will seek to form this task force as a way to create an “immediate” solution to threats against the water system. The task force will look to create industry-wide best practices and look to address systemic vulnerabilities. This group will also consider recommendations from an upcoming meeting of state environmental, health and homeland security secretaries on March 21st. EPA administrator Michael Regan noted that right now, even cybersecurity basics are being followed in this industry, with software left unpatched and passwords kept on factory defaults. 

(The Register)

Loop DoS attack exploits the infinite regress of UDP

Researchers at the CISPA Helmholtz-Center for Information Security detailed this new attack vector. Loop DoS targets application-layer protocols using UDP to pair servers to communicate with each other indefinitely, effectively creating a crippling loop. Because UDP does not validate IP addresses, an attacker can forge UDP packets with a target IP address to initiate the attack. The researchers estimate roughly 300,000 hosts using vulnerable solutions from Broadcom, Cisco, Honeywell, Microsoft and Zyxel remain online. With that being said, no evidence of exploitation in the wild.

(The Hacker News)

GitHub tool uses AI to fix vulnerabilities

GitHub launched a beta of this code-scanning autofix feature for GitHub Advanced Security customers. This uses its existing Copilot AI engine along with its CodeQL semantic engine to find and fix security vulnerabilities in real time. Language support at launch includes JavaScript, Java, Python and Typescript. The company claims the new feature can fix two-thirds of found vulnerabilities. In use, the feature will provide an explanation of the issue detected and steps needed to remediate it, if not automatically done. 


Cato Networks eyes IPO

Reuters’ sources say the  Israeli cybersecurity firm hired underwriters as part of its plan for an initial public offering. Currently valued at over $3 billion, Cato reportedly hopes to raise over $500 million with an IPO in early 2025. The company currently holds over 2,200 enterprise customers and disclosed it saw 59% annual revenue growth last year. This IPO could reflect easing equity capital markets and serve as a bellwether for other cybersecurity startups. 


Rich Stroffolino

Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. Since 2015, he’s worked in technology news podcasting and media. He dreams of someday writing the oral history of Transmeta.


Click Here For The Original Source.

National Cyber Security