0DAY.news (Copyright © 2024) — Can Secure By Design eliminate Directory Traversal vulnerabilities?

CISA and the FBI recently issued a joint alert called “Secure by Design; Eliminating Directory Traversal Vulnerabilities in Software” in response to cyber threats exploiting such vulnerabilities like CVE 2024 1708 and CVE 2024 20345. These attacks targeted critical sectors such as Healthcare and Public Health, prompting a warning about the ongoing risks posed by directory traversal flaws. Despite known solutions to prevent these vulnerabilities, threat actors persist in exploiting them, causing disruptions in essential services like hospitals and schools.

The authorities are calling on software companies to conduct thorough testing to identify and address any susceptibility to directory traversal weaknesses in their products. For detailed guidance on protecting against these threats, you can visit CISA’s Secure by Design page or explore their series of alerts on the same topic.