* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Sunday, June 8, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    Ceramic Dalmatian Entertainment is WLAF’s Business of the Week – WLAF

    Spotlight on Success: Ceramic Dalmatian Entertainment Shines as This Week’s Featured Business!

    Brass Lion Entertainment unveils co-op action RPG Wu-Tang: Rise of the Deceiver – VentureBeat

    Unleash Your Inner Warrior: Discover the Co-Op Action RPG Wu-Tang: Rise of the Deceiver!

    Entertainment lineup released for 2025 Mississippi State Fair – WAPT

    Exciting Entertainment Lineup Unveiled for the 2025 Mississippi State Fair!

    After Denzel Washington Said He Would Be In Black Panther 3, Ryan Coogler Explained Why He’s ‘Fine’ With That Information Being Revealed So Early – Yahoo

    Ryan Coogler Shares Why He’s Cool with Denzel Washington’s Black Panther 3 Reveal!

    Traveling Tacos and Tequila Festival to stop at Florence Yall’s stadium this October – Cincinnati Enquirer

    Get Ready for a Flavor Fiesta: Traveling Tacos and Tequila Festival Hits Florence Y’all’s Stadium This October!

    9 things to do this weekend in Lake County plus a look ahead – Leesburg Daily Commercial

    Discover 9 Exciting Weekend Adventures in Lake County and What’s Coming Up!

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Drag racer survives frightening airborne crash at World Wide Technology Raceway – FOX 2

    Drag racer survives frightening airborne crash at World Wide Technology Raceway – FOX 2

    Apple Watch and the future of wearable technology in healthcare – MSN

    Revolutionizing Healthcare: The Future of Wearable Technology with Apple Watch

    ECS Professor Pankaj K. Jha Receives NSF Grant to Develop Quantum Technology – Syracuse University News

    Unlocking the Future: ECS Professor Pankaj K. Jha Secures NSF Grant for Groundbreaking Quantum Technology Development

    Fire Tech Brief: 5 Fire Apparatus Technology Upgrades – firehouse.com

    Revving Up Safety: 5 Innovative Upgrades for Fire Apparatus Technology

    U.S. FDA Grants Platform Technology Designation to the Viral Vector Used in SRP-9003, Sarepta’s Investigational Gene Therapy for the Treatment of Limb Girdle Muscular Dystrophy Type 2E/R4 – Sarepta Therapeutics

    Breakthrough for Gene Therapy: FDA Designates Viral Vector in Sarepta’s SRP-9003 for Limb Girdle Muscular Dystrophy Treatment

    Waunakee Fifth-Graders Dive into the Future at Exciting Tech Day!

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    Ceramic Dalmatian Entertainment is WLAF’s Business of the Week – WLAF

    Spotlight on Success: Ceramic Dalmatian Entertainment Shines as This Week’s Featured Business!

    Brass Lion Entertainment unveils co-op action RPG Wu-Tang: Rise of the Deceiver – VentureBeat

    Unleash Your Inner Warrior: Discover the Co-Op Action RPG Wu-Tang: Rise of the Deceiver!

    Entertainment lineup released for 2025 Mississippi State Fair – WAPT

    Exciting Entertainment Lineup Unveiled for the 2025 Mississippi State Fair!

    After Denzel Washington Said He Would Be In Black Panther 3, Ryan Coogler Explained Why He’s ‘Fine’ With That Information Being Revealed So Early – Yahoo

    Ryan Coogler Shares Why He’s Cool with Denzel Washington’s Black Panther 3 Reveal!

    Traveling Tacos and Tequila Festival to stop at Florence Yall’s stadium this October – Cincinnati Enquirer

    Get Ready for a Flavor Fiesta: Traveling Tacos and Tequila Festival Hits Florence Y’all’s Stadium This October!

    9 things to do this weekend in Lake County plus a look ahead – Leesburg Daily Commercial

    Discover 9 Exciting Weekend Adventures in Lake County and What’s Coming Up!

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Drag racer survives frightening airborne crash at World Wide Technology Raceway – FOX 2

    Drag racer survives frightening airborne crash at World Wide Technology Raceway – FOX 2

    Apple Watch and the future of wearable technology in healthcare – MSN

    Revolutionizing Healthcare: The Future of Wearable Technology with Apple Watch

    ECS Professor Pankaj K. Jha Receives NSF Grant to Develop Quantum Technology – Syracuse University News

    Unlocking the Future: ECS Professor Pankaj K. Jha Secures NSF Grant for Groundbreaking Quantum Technology Development

    Fire Tech Brief: 5 Fire Apparatus Technology Upgrades – firehouse.com

    Revving Up Safety: 5 Innovative Upgrades for Fire Apparatus Technology

    U.S. FDA Grants Platform Technology Designation to the Viral Vector Used in SRP-9003, Sarepta’s Investigational Gene Therapy for the Treatment of Limb Girdle Muscular Dystrophy Type 2E/R4 – Sarepta Therapeutics

    Breakthrough for Gene Therapy: FDA Designates Viral Vector in Sarepta’s SRP-9003 for Limb Girdle Muscular Dystrophy Treatment

    Waunakee Fifth-Graders Dive into the Future at Exciting Tech Day!

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Technology

CISA urges devs to weed out OS command injection vulnerabilities

July 11, 2024
in Technology
CISA urges devs to weed out OS command injection vulnerabilities
Share on FacebookShare on Twitter

CISA

​CISA and the FBI urged software companies on Wednesday to review their products and eliminate path OS command injection vulnerabilities before shipping.

The advisory was released in response to recent attacks that exploited multiple OS command injection security flaws (CVE-2024-20399, CVE-2024-3400, and CVE-2024-21887) to compromise Cisco, Palo Alto, and Ivanti network edge devices.

Velvet Ant, the Chinese state-sponsored threat actor that coordinated these attacks, deployed custom malware to gain persistence on hacked devices as part of a cyber espionage campaign.

“OS command injection vulnerabilities arise when manufacturers fail to properly validate and sanitize user input when constructing commands to execute on the underlying OS,” today’s joint advisory explains.

“Designing and developing software that trusts user input without proper validation or sanitization can allow threat actors to execute malicious commands, putting customers at risk.”

CISA advises developers to implement well-known mitigations to prevent OS command injection vulnerabilities at scale while designing and developing software products:

Use built-in library functions that separate commands from their arguments whenever possible instead of constructing raw strings fed into a general-purpose system command.
Use input parameterization to keep data separate from commands; validate and sanitize all user-supplied input.
Limit the parts of commands constructed by user input to only what is necessary.

Tech leaders should be actively involved in the software development process. They can do this by ensuring that the software uses functions that generate commands safely while preserving the command’s intended syntax and arguments.

Additionally, they should review threat models, use modern component libraries, conduct code reviews, and implement rigorous product testing to ensure the quality and security of their code throughout the development lifecycle.

CISA OS command injection tweet

“OS command injection vulnerabilities have long been preventable by clearly separating user input from the contents of a command. Despite this finding, OS command injection vulnerabilities—many of which result from CWE-78—are still a prevalent class of vulnerability,” CISA and the FBI added.

“CISA and FBI urge CEOs and other business leaders at technology manufacturers to request their technical leaders to analyze past occurrences of this class of defect and develop a plan to eliminate them in the future.”

OS command injection security bugs took the fifth spot in MITRE’s top 25 most dangerous software weaknesses, surpassed only by out-of-bounds write, cross-site scripting, SQL injection, and use-after-free flaws.

In May and March, two other “Secure by Design” alerts urged tech executives and software developers to weed out path traversal and SQL injection (SQLi) security vulnerabilities.

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : BleepingComputer – https://www.bleepingcomputer.com/news/security/cisa-urges-devs-to-weed-out-os-command-injection-vulnerabilities/

Tags: CommandtechnologyUrges
Previous Post

What Is NVIDIA Reflex & Should You Enable It?

Next Post

ViperSoftX malware covertly runs PowerShell using AutoIT scripting

designing for ‘abundance,’ with ecological landscaper kelly norris – A Way To Garden

Embracing Abundance: Insights from Ecological Landscaper Kelly Norris

June 8, 2025
How to take photos on your phone via remote control – Popular Science

How to take photos on your phone via remote control – Popular Science

June 8, 2025
Opinion | RFK Jr.’s Deadly War on Science – Common Dreams

RFK Jr.’s Dangerous Assault on Science: A Call to Action

June 8, 2025
The Worst Bonne Maman Preserves Flavor Leaves A Lot To Be Desired – Yahoo

The Worst Bonne Maman Preserves Flavor Leaves A Lot To Be Desired – Yahoo

June 8, 2025
D.C. Hosts WorldPride Parade in the Shadow of Trump – The New York Times

Celebrating Love and Unity: D.C. Lights Up for WorldPride Parade Amidst Political Tensions

June 8, 2025
This New England state has the best economy in the country, according to WalletHub – Boston.com

Discover the New England State Boasting the Strongest Economy in the Nation!

June 8, 2025
Ceramic Dalmatian Entertainment is WLAF’s Business of the Week – WLAF

Spotlight on Success: Ceramic Dalmatian Entertainment Shines as This Week’s Featured Business!

June 8, 2025
Billy Joel jokes about aging, cremation after brain disorder diagnosis – Fox News

Billy Joel Shares Hilarious Takes on Aging and Life After a Health Scare

June 8, 2025
Supreme Court restores DOGE’s access to sensitive Social Security data and says it doesn’t have to turn over documents – CNN

Supreme Court Grants DOGE Access to Sensitive Social Security Data, Protects Confidential Documents!

June 8, 2025
Drag racer survives frightening airborne crash at World Wide Technology Raceway – FOX 2

Drag racer survives frightening airborne crash at World Wide Technology Raceway – FOX 2

June 8, 2025

Categories

Archives

June 2025
MTWTFSS
 1
2345678
9101112131415
16171819202122
23242526272829
30 
« May    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (676)
  • Economy (689)
  • Entertainment (21,595)
  • General (15,271)
  • Health (9,731)
  • Lifestyle (693)
  • News (22,149)
  • People (690)
  • Politics (697)
  • Science (15,908)
  • Sports (21,192)
  • Technology (15,675)
  • World (674)

Recent News

designing for ‘abundance,’ with ecological landscaper kelly norris – A Way To Garden

Embracing Abundance: Insights from Ecological Landscaper Kelly Norris

June 8, 2025
How to take photos on your phone via remote control – Popular Science

How to take photos on your phone via remote control – Popular Science

June 8, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version