"CISA Seeks to Curtail 'Unforgivable' SQL Injection Defects"

Supply chains are facing SQL injection vulnerabilities, which have prompted a joint warning from the US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) to develop safer software products. CISA and the FBI have announced the new "Secure by Design" guidance as a direct response to the recent widespread exploitation of a SQLi flaw in the MoveIT file transfer application. SQL injection vulnerabilities enable threat actors to inject their own data into SQL commands. Such attacks allow them to run arbitrary queries and access sensitive data within the database. This article continues to discuss the joint alert regarding SQL injection vulnerabilities. 

Dark Reading reports "CISA Seeks to Curtail 'Unforgivable' SQL Injection Defects"

Submitted by grigby1