Morning Overview on MSN

An 18-year-old heap buffer overflow in NGINX gives attackers remote code execution — billions of devices run the affected module

A single rewrite rule, the kind pasted into NGINX configurations thousands of times a day, can hand an unauthenticated ...
SecurityWeek

Chrome 148 Update Patches Critical Vulnerabilities

Google has released a Chrome 148 update that resolves 79 vulnerabilities, including 14 critical-severity security defects.
Infosecurity-magazine.com

CISA and FBI Warn Against Buffer Overflow Vulnerabilities

A new alert from the US Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) has outlined strategies to eliminate buffer overflow vulnerabilities in ...
CSOonline

CISA, FBI call software with buffer overflow issues ‘unforgivable’

The federal directive forbids vendors from shipping software with such flaws, and flags recent Microsoft, and Ivanti zero-days as examples. FBI and CISA have issued a joint advisory to warn software ...
TechSpot

US cyber defense agency urges developers to eliminate buffer overflow vulnerabilities

Bottom line: The US Cybersecurity and Infrastructure Security Agency is once again reminding IT manufacturers and developers that buffer overflow vulnerabilities must be eradicated from software. In ...