TLDR:
- The US plans to form a Water Sector Cybersecurity Task Force to address vulnerabilities in the water system.
- Researchers reveal a new Loop DoS attack that targets application-layer protocols using UDP.
- GitHub launches a beta feature using AI to fix vulnerabilities in real time.
- Cato Networks is eyeing an IPO, aiming to raise over $500 million in early 2025.
Article Summary:
The US Environmental Protection Agency has announced plans to create a Water Sector Cybersecurity Task Force to address threats to the water system. This task force aims to establish industry-wide best practices and address systemic vulnerabilities in the industry, with a focus on following basic cybersecurity practices, such as patching software and updating passwords.
Researchers at the CISPA Helmholtz-Center for Information Security have identified a new Loop DoS attack that targets application-layer protocols using UDP. This attack exploits an infinite regress of UDP to create a crippling loop, affecting vulnerable solutions from companies like Broadcom and Microsoft. While no evidence of exploitation in the wild has been found, roughly 300,000 hosts remain online.
GitHub has launched a beta feature that uses AI to fix vulnerabilities in real time for GitHub Advanced Security customers. This code-scanning autofix feature leverages the Copilot AI engine and CodeQL semantic engine to automatically identify and remediate security issues in popular programming languages like JavaScript and Python. GitHub claims that this feature can fix two-thirds of vulnerabilities and provides detailed explanations for issues detected.
Israeli cybersecurity firm Cato Networks is reportedly eyeing an IPO in early 2025, with the aim of raising over $500 million. The company currently holds over 2,200 enterprise customers and has seen significant revenue growth. If successful, this IPO could serve as a benchmark for other cybersecurity startups and reflect the state of equity capital markets in the industry.
Additionally, a trio of security researchers discovered 842 misconfigured Google Firebase instances leaking millions of user records, including sensitive information like passwords and billing details. Meanwhile, recent takedowns of ransomware groups by law enforcement agencies have led to market opportunities, with new ransomware startups offering more generous terms to affiliates to gain trust.