As outlined in the Cybersecurity and Infrastructure Security Agency’s (CISA’s) Secure by Design initiative, software manufacturers should ensure that security is a core consideration from the onset of software development and throughout the entirety of the development lifecycle.
This voluntary guidance provides an overview of product security bad practices that are considered exceptionally risky, particularly for software manufacturers who produce software used in service of critical infrastructure or national critical functions (NCFs). This guidance also provides recommendations for software manufacturers to mitigate these risks.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- NSA, FBI, and CISA Release Cybersecurity Information Sheet on Deepfake Threats
September 12, 2023
Today, the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Information Sheet (CSI), Contextualizing Deepfake Threats to Organizations, which provides an overview of synthetic media threats, techniques, and trends. Threats from synthetic media, such as deepfakes, have exponentially increased—presenting a growing challenge for ...
- MGM Resorts Slot machines go down in cyber-attack on firm
September 12, 2023
Customers have reported problems with slot machines and online room booking systems following a cyber-attack on casino and hotel giant MGM Resorts. Certain systems were shut down due to a “cyber-security issue”, the firm said. But it added that its facilities remained “operational”. One customer at the MGM Grand in Las Vegas said she had walked ...
- Analyzing Cuba ransomware
September 11, 2023
The group’s offensives first got on Kaspersky researchers radar in late 2020. Back then, the cybercriminals had not yet adopted the moniker “Cuba”; they were known as “Tropical Scorpius”. Cuba mostly targets organizations in the United States, Canada and Europe. The gang has scored a series of resonant attacks on oil companies, financial services, government ...
- 11 alleged Conti criminals hit with UK and US sanctions
September 8, 2023
UK and US authorities have issued sanctions on 11 individuals who are allegedly part of a cybercriminal gang that use Trickbot and Conti malware. The 11 individuals have been hit with asset freezes and travel bans in a coordinated effort to counter the threat of ransomware, according to UK officials. The country’s National Crime Agency (NCA) ...
- Storm-0558: Understanding How Microsoft Failed to Protect Itself
September 7, 2023
You’re undoubtedly familiar with the so-called Storm-0558 attacks from July 2023. If not a quick recap: these attacks (widely attributed as the work of the Chinese government) compromised a number of high-value Exchange Online mailboxes, including the US Secretary of Commerce and the US Ambassador to China. Given the sensitivity of the mailboxes, it’s likely ...
- CISA, FBI, and CNMF Release Advisory on Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475
September 7, 2023
Today, CISA, Federal Bureau of Investigation (FBI), and U.S. Cyber Command’s Cyber National Mission Force (CNMF) published a joint Cybersecurity Advisory (CSA), Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475. This CSA provides information on an incident at an Aeronautical Sector organization, with malicious activity occurring as early as January 2023. CISA, FBI, and CNMF confirmed ...