The joint Secure by Design Alert from CISA and FBI calls for intensified efforts to address directory traversal vulnerabilities, exploited in recent cyber-attacks like CVE-2024-1708 and CVE-2024-20345, impacting critical sectors; despite being a long-standing issue, these flaws persist, posing global cybersecurity risks and necessitating a proactive security approach to mitigate threats, safeguard sensitive data, and ensure service continuity; CISA and FBI recommend formal testing, OWASP guidance adherence, and secure design publishing by software makers, advocating for customer inquiry on security testing practices, aiming to enhance transparency and accountability; with CISA identifying 55 exploited directory traversal vulnerabilities, the collaboration emphasizes industry-wide cooperation for cybersecurity, stressing adherence to the alert's guidelines to reduce cyber-attack risks and protect essential infrastructure and public safety. ```
https://cybersecuritynews.com/cisa-fbi-release-urges-developers-to-eliminate-directory-traversal-vulnerabilities/