FBI and CISA have issued a joint advisory to warn software developers against building codes with Buffer Overflow vulnerabilities in them, calling them “unforgivable” mistakes.
Tagging the advisory as part of their ongoing “Secure by Design” efforts, the authorities said these vulnerabilities are prevalent in software, including vendors like Microsoft, VMware, and Ivanti, that lead to full system compromise.
“CISA and FBI maintain that the use of unsafe software development practices that allow the persistence of buffer overflow vulnerabilities — especially the use of memory-unsafe programming languages — poses unacceptable risk to our national and economic security,” the authorities said.
Buffer overflow defect is a memory safety vulnerability that stems from a program reading or writing memory beyond allocated boundaries by failing to initialize memory properly.
Buffer Overflow bugs are unforgivable
“The CISA and FBI recognize that memory safety vulnerabilities encompass a wide range of issues — many of which require significant time and effort to properly resolve,” the advisory added. “While all types of memory safety vulnerabilities can be prevented by using memory safe languages during development, other mitigations may only address certain types of memory safety vulnerabilities.”
The advisory pointed out that buffer overflow flaws are well-understood vulnerabilities and are easily avoidable by using memory-safe languages. It also listed additional techniques to help fix these issues.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
FBI has taken down Cracked.to, Nulled.to, and a few other hack sites cybercriminals use for dropping stolen credentials, software cracks, and remote desktop hacks in a coordinated law enforcement operation.
In Operation Talent, several domains suspected of facilitating hacking activities have been busted with a law-enforcement “seizure” notice now showing up on their landing.
“This website, as well as the information on the customers and victims of the websites, has been seized by international law enforcement partners,” reads the notice.
Among the seized domains are Sellix.io, an online platform for cross-border financial services, reportedly misused for illicit activities, and StarkRDP.io, an RDP service allegedly used for unauthorized access and system distribution.
According to the notice, the operation was conducted by the FBI with its international partners which included Europol (European Union), Federal Criminal Police Office (Germany), Australian Federal Police (AFP), and Hellenic Police (Greece), among others.
Hack sites confirmed takedown
On 29th January, several X users reported all the seized sites had their nameservers changed to FBI-controlled ns1.fbi.seized.gov/ns2.fbi.seized.gov, without a seizure banner yet. A few hours later, a law enforcement banner started appearing on these sites.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
