New recommendations on key protections against prevalent software memory safety concerns have been released by the National Security Agency in a bid to curb the exploitation of issues stemming from logic errors, incorrect operation orders, uninitialized variable use, and improper memory management to facilitate remote code execution, reports SecurityWeek.
Organizations could mitigate software memory safety issues by adopting memory safe programming languages, including Go, C#, Rust, Java, Ruby, and Swift, but such languages could still be open to risk due to non-memory safe libraries or actions, according to the NSA. Using static and dynamic application security testing to strengthen non-memory safe languages could also help avert issues, such as memory leaks, buffer overflows, user-after-free, and race conditions. The NSA also advised the use of the compilation and execution environment through the Address Space Layout Randomization, Control Flow Guard, and Data Execution Prevention. "By using memory safe languages and available code hardening defenses, many memory vulnerabilities can be prevented, mitigated, or made very difficult for cyber actors to exploit," said the NSA.
Cyberattack disclosed by HTC Global Services following ALPHV/BlackCat leak After having its data exposed by the ALPHV/BlackCat ransomware attack, IT and business process services provider HTC Global Services has disclosed being impacted by a cyberattack, reports BleepingComputer.
Numerous Web3 smart contracts, including DropERC20, AirDrop20, ERC721, and ERC1155, were discovered by Thirdweb to be exposed to a vulnerability in a widely used open-source nonfungible token library, reports SiliconAngle.
Vulnerability management: Finding and fixing fatal flaws
Reducing silos between Developers and AppSec in your Software Supply Chain with Snyk and ServiceNow
Vulnerability management: Finding and fixing your fatal flaws
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news