CISA, FBI publish secure by design alert on class of vulnerability affecting health, education sectors

The Cybersecurity and Infrastructure Security Agency and FBI are raising awareness of best practices to eliminate vulnerabilities in software directories, in the latest entry of the secure by design alert series.

“Approaches to avoid directory traversal vulnerabilities are known, yet threat actors continue to exploit these vulnerabilities which have impacted the operation of critical services, including hospital and school operations,” CISA said in the alert issued on Thursday.

CISA’s secure by design alert series is aimed at illuminating how...