CSOonline

CISA, FBI call software with buffer overflow issues ‘unforgivable’

The federal directive forbids vendors from shipping software with such flaws, and flags recent Microsoft, and Ivanti zero-days as examples. FBI and CISA have issued a joint advisory to warn software ...
WeLiveSecurity

What are buffer overflow attacks and how are they thwarted?

The Morris worm of 1988 was one of those industry-shaking experiences that revealed how quickly a worm could spread using a vulnerability known as a buffer overflow or buffer overrun. Around 6,000 of ...
Computer Weekly

Exploiting Software: How to Break Code, Chapter 7 -- Buffer Overflow

This excerpt is from Chapter 7, Buffer Overflow of Exploiting Software: How to Break Code written by Greg Hoglund and Gary McGraw, and published by Addison-Wesley ...
Homeland Security Today

CISA and FBI Warn of Malicious Cyber Actors Using Buffer Overflow Vulnerabilities to Compromise Software

CISA and the Federal Bureau of Investigation (FBI) have released a Secure by Design Alert, Eliminating Buffer Overflow Vulnerabilities, as part of their cooperative Secure by Design Alert series—an ...
Online Recruitment

Fortify Software says buffer overflows scupper Facebook, MySpace

Fortify Software, the application vulnerability specialist, says that buffer overflows are at the heart of a series of hacks against the Facebook and MySpace social networking sites Fortify Software, ...
Ars Technica

Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability

"A vulnerability in the Internet Key Exchange (IKE) version 1 (v1) and IKE version 2 (v2) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected ...
WeLiveSecurity

Exploiting 1-byte buffer overflows

A few weeks ago, we published a challenge relating to the exploitation of a simple buffer overflow in Linux. In the published solution, it was noted how it was possible to change the execution flow of ...