May 8, 2024 at 12:08PM CISA director Jen Easterly stressed the need to improve software security to combat ransomware attacks in critical infrastructure. She urged collective efforts and highlighted the government’s role in pushing for more secure technology. Chris Krebs emphasized the potential levers to enhance technology security, including voluntary efforts, litigation, regulatory action, and … Read more
May 6, 2024 at 09:44AM CISA urges the software industry to eliminate directory traversal vulnerabilities, which allow users to access and manipulate data. Exploits can lead to data theft and system compromise, posing a heightened threat to critical organizations including healthcare and cloud services. CISA recommends specific mitigations such as using ransom identifiers for files … Read more
May 3, 2024 at 09:10AM CISA and the FBI issued a Secure by Design Alert about path traversal software vulnerabilities targeting critical infrastructure. These flaws enable unauthorized access to application files and directories, allowing threat actors to compromise systems. Urging organizations to eliminate these defects, the agencies emphasize a secure software development lifecycle and suggest … Read more
May 2, 2024 at 03:44PM CISA and the FBI warn software companies about path traversal vulnerabilities in recent alert due to security risks like file manipulation, data access, and system takedown. They urge implementing preventive measures, and they recall previous exploits in essential sectors. Similarly, the agencies previously addressed SQL injection vulnerabilities and emphasized the … Read more
April 5, 2024 at 10:08AM The White House ONCD has released a report supporting the National Cybersecurity Strategy, emphasizing a shift to memory-safe programming languages for improved cybersecurity. The challenge lies in addressing legacy systems and balancing economic and technical considerations. Industry leaders, such as Mozilla, Microsoft, and Google, have invested in memory-safe languages. Practical … Read more
April 4, 2024 at 03:30PM Utah IT software firm Ivanti responded to zero-day attacks with a CEO-led media campaign vowing to revamp its cybersecurity organization, acknowledged its security issues, and promised significant investment in secure-by-design principles. After delays in releasing patches for high-severity vulnerabilities, the US government ordered disconnection of Ivanti products. The CEO outlined … Read more
April 4, 2024 at 11:15AM Ivanti plans a security overhaul, committing to a secure-by-design approach after recent exploits. CEO Jeff Abbott outlined changes, including a focus on product security, stack modernization, and better vulnerability management. The company aims to reduce time-to-patch and enhance customer support while investing in AI and transparent information sharing. These efforts … Read more
April 4, 2024 at 08:47AM The Cybersecurity and Infrastructure Security Agency is promoting the Secure by Design initiative, advising companies to intensify their efforts in eliminating SQL injection vulnerabilities. As part of its Secure by Design initiative, the Cybersecurity and Infrastructure Security Agency has urged companies to intensify their efforts to eliminate SQL injection vulnerabilities. … Read more
March 26, 2024 at 12:52PM The FBI and CISA issued a warning to software vendors about the prevalence of SQL injection vulnerabilities. They emphasized the need for formal code reviews and secure-by-design programming practices to eradicate these vulnerabilities from the development process. They also urged vendors to use parameterized queries and be transparent in disclosing … Read more
March 26, 2024 at 07:18AM CISA and the FBI advise organizations to review and eliminate SQL injection vulnerabilities in their commercial software, as such flaws pose a significant security risk. They urge technology manufacturers to conduct a formal code review and embrace secure-by-design principles in software development to prevent malicious exploitation and enhance cybersecurity. From … Read more