• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

NSA Guide Helps Firms Protect Against Memory Safety Vulnerabilities

You are here: Home / General Cyber Security News / NSA Guide Helps Firms Protect Against Memory Safety Vulnerabilities
November 14, 2022

The National Security Company (NSA) released a new guide very last 7 days to assist software builders in avoiding and mitigating program memory basic safety issues and related vulnerabilities.

The document describes scenarios where malicious cyber actors exploit inadequate memory administration issues to steal delicate information, distribute unauthorized code execution and lead to other destructive impacts.

More, inadequate memory administration can also lead to specialized issues, which includes incorrect software benefits, gradual degradation of the program’s performance and program crashes.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


In accordance to the NSA guideline, both Microsoft and Google have independently said that application memory security issues are guiding all-around 70% of their vulnerabilities.

“Memory vulnerabilities and attacks have been pervasive considering the fact that the 1990s, so in standard, this is excellent information,” John Bambenek, principal threat hunter at Netenrich, explained. “However, with that becoming explained, as this is coming from the NSA, I believe that this suggestions should really consider additional urgency and is staying driven by information they have, and we do not.”

In certain, the new NSA recommendations recommend that organizations use memory-harmless languages when attainable and enhance protection by way of code-hardening strategies this sort of as compiler alternatives, software possibilities and running method (OS) configurations.

“Shifting advancement languages can be a challenging challenge,” Mike Parkin, senior technological engineer at Vulcan Cyber, stated. “Though in lots of circumstances the programming languages the NSA is recommending arrive with other rewards and the pool of competent programmers is escalating.”

At the same time, Parkin additional that many variables are in participate in when making an attempt to port an application from one language to a different.

“In the best-case state of affairs, the shift is relatively basic and can be done efficiently and reasonably rapidly,” the government advised Infosecurity.

“In other individuals, the software relies on attributes that are trivial in the unique language but call for intensive and pricey improvement to recreate in the new a person.”

The NSA rules occur days following Lenovo patched 3 vulnerabilities that could see attackers modify secure boot options by shifting a non-risky random obtain memory (NVRAM) variable.


Some elements of this posting are sourced from:
www.infosecurity-magazine.com

Previous Post: «Cyber Security News Australia Considers Ban on Ransomware Payments After Medibank Breach
Next Post: GitHub Now Supports Private Vulnerability Reporting For Public Repositories Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Cybercriminals Using New ASMCrypt Malware Loader Flying Under the Radar
  • Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm
  • Post-Quantum Cryptography: Finally Real in Consumer Apps?
  • Microsoft’s AI-Powered Bing Chat Ads May Lead Users to Malware-Distributing Sites
  • Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server
  • Cisco Warns of Vulnerability in IOS and IOS XE Software After Exploitation Attempts
  • GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions
  • China’s BlackTech Hacking Group Exploited Routers to Target U.S. and Japanese Companies
  • The Dark Side of Browser Isolation – and the Next Generation Browser Security Technologies
  • China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies

Copyright © TheCyberSecurity.News, All Rights Reserved.