Inside Cybersecurity

April 12, 2024

Daily News

CISA, FBI issue secure by design alert on software vulnerability in response to MOVEit exploit

By Jacob Livesay / March 26, 2024

The Cybersecurity and Infrastructure Security Agency has released a joint alert on software security with the FBI, detailing how manufacturers can prevent a “persistent” defect that was exploited in a 2023 attack campaign on the MOVEit file transfer service.

“SQL injection—or SQLi—vulnerabilities remain a persistent class of defect in commercial software products. Despite widespread knowledge and documentation of SQLi vulnerabilities over the past two decades, along with the availability of effective mitigations, software manufacturers have continued to develop products with...

Log in to access this content.

Not a subscriber? Sign up for 30 days free access to exclusive news and analysis on cybersecurity regulations and more.