The Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation have jointly released a Secure by Design Alert titled “Eliminating Directory Traversal Vulnerabilities in Software.”
CISA said Thursday that the alert seeks to draw attention to recent campaigns by threat actors to take advantage of directory traversal vulnerabilities, which have impacted critical infrastructure like public health and healthcare, as well as continuing exploits that have affected various critical services.
The agency notes that exploits persist despite the availability of mitigation methods. Its catalog also lists 55 known traversal vulnerabilities.
Software developers are encouraged to test their products to determine their susceptibility to the vulnerabilities.
Related Articles
A U.S. government slide presentation shows that the Trump administration’s Golden Dome next-generation missile defense shield will include four layers: one satellite-based platform and three land-based missile systems, Reuters reported Tuesday. The missile defense shield is expected to cost $175 billion and be completed by 2028. According to the slides, one of the layers will be a space-based sensing and targeting layer for missile warning and tracking, and missile defense. Meanwhile, the three ground-based layers consist of radar arrays, missile interceptors and lasers. The slides presented to 3,000 defense contractors in Huntsville, Alabama, show 11 short-range missile batteries located across
The Information Technology Industry Council, or ITI, has provided the Trump administration and newly confirmed White House National Cyber Director Sean Cairncross with several policy recommendations to strengthen U.S. cyber defenses. 4 Strategic Priorities to Help ONCD Address Cybersecurity Needs ITI said Tuesday it organized its recommendations in four sections to help the Office of the National Cyber Director, or ONCD, address cybersecurity needs: lead with strength and speak with one voice; cut red tape and secure the nation; leverage public-private collaboration as a strategic asset; and defend against real and emerging threats. “ITI’s new recommendations provide a results-driven action
A new OneGov agreement between the General Services Administration and Anthropic will provide the federal civilian executive, legislative and judiciary government branches with access to Claude for Enterprise and Claude for Government for only a dollar. Under the agreement, all eligible participating branches will gain up to a year of access to the Anthropic offerings for a nominal fee, including the company’s frontier models with continuous updates as new capabilities are released. The company will also provide agencies with technical support to help them implement artificial intelligence into their productivity and mission workflows, GSA said Tuesday. Accelerating Government AI Adoption