Cybersecurity Dive May 7, 2024
The software defects are linked to recent exploitation campaigns against critical infrastructure providers, including healthcare and schools.
Dive Brief:
- The FBI and Cybersecurity and Infrastructure Security Agency urged software companies to eliminate directory traversal vulnerabilities from their products, citing a rise in attacks against critical industries, including hospitals and school operations, in a secure by design alert released Thursday.
- The agencies are seeking industry action following two recent campaigns where threat groups engaged in extensive exploitation activity. The agencies referenced a path traversal vulnerability in ConnectWise ScreenConnect, listed as CVE-2024-1708, and a vulnerability in the file upload functionality of Cisco AppDynamics Controller, listed as CVE-2024-20345.
- In total, directory traversal or path traversal vulnerabilities were identified in 55 different...