back to top
Wednesday, July 24, 2024

FBI and CISA alert: Developers urged to tackle security vulnerabilities

FBI and CISA advise developers to address security flaws, enhancing cybersecurity.



Trending Stories

- Advertisement -

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have jointly issued a security alert, stressing the importance for software developers to address path traversal vulnerabilities before releasing their products.

Path traversal, also referred to as directory traversal or climbing, poses a significant risk in software . This vulnerability allows threat actors to access sensitive files and directories, particularly in web or systems that construct file paths based on user input without proper validation.

Despite being well documented for over two decades, path traversal remains a persistent issue in software products. The agencies highlight that threat actors consistently exploit this vulnerability class, particularly targeting sectors like healthcare and public health.

In the recent alert, CISA and the FBI emphasised the urgent need for action from software manufacturers. They expressed concern that these vulnerabilities continue to put customers at risk and have even impacted critical services such as hospital and school operations.

Currently, CISA has identified 55 path traversal vulnerabilities in the Known Exploited Vulnerabilities catalogue, indicating active exploitation in the wild. The agencies urge software manufacturer executives to mandate formal testing to assess their products' susceptibility to these vulnerabilities, referring to OWASP testing guidance.

Additionally, they encourage all software users to inquire with their partners about formal directory traversal testing. Manufacturers are advised to promptly implement mitigations to eliminate this class of defect from their products, stressing the importance of integrating security measures from the initial stages of development.

Tech Edition has partnerships that involve sponsored content. While this financial support helps us with daily operations, it doesn't affect the integrity of our reviews. We remain committed to delivering honest and insightful content to our readers.

Tech Edition is now on Telegram! Join our channel here and catch all the latest tech news!

Emma Job
Emma Job
Emma is a freelance news editor at Tech Edition. With a decade's experience in content writing, she revels in both crafting and immersing herself in narratives. From tracking down viral trends to delving into the most recent news stories, her goal is to deliver insightful and timely content to her readers.

Featured Content

Netgear Orbi 970 Series review: Revolutionising home WiFi with unmatched coverage

Read our comprehensive review of the Netgear Orbi 970 Series to discover how it transforms home WiFi with advanced features like WiFi 7, Quad-Band technology, and unparalleled coverage.

Related Stories