As outlined in the Cybersecurity and Infrastructure Security Agency’s (CISA’s) Secure by Design initiative, software manufacturers should ensure that security is a core consideration from the onset of software development and throughout the entirety of the development lifecycle.
This voluntary guidance provides an overview of product security bad practices that are considered exceptionally risky, particularly for software manufacturers who produce software used in service of critical infrastructure or national critical functions (NCFs). This guidance also provides recommendations for software manufacturers to mitigate these risks.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- CISA, NSA, and NIST Publish Factsheet on Quantum Readiness
August 21, 2023
Today, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA) and National Institute of Standards and Technology (NIST) released a joint factsheet, Quantum-Readiness: Migration to Post-Quantum Cryptography (PQC), to inform organizations—especially those that support Critical Infrastructure—of the impacts of quantum capabilities, and to encourage the early planning for migration to post-quantum cryptographic standards ...
- Impact of SEC’s New Cybersecurity Policies
August 18, 2023
The rapid advancement of technology has led to an increasing number of cybersecurity incidents that pose significant risks to organizations, their stakeholders, and the general public. Recognizing the importance of transparent and timely reporting of such incidents, the U.S. Securities and Exchange Commission (SEC) announced on July 26, 2023, that it has adopted final rules ...
- US Offers up to $10 Million for Info on Cyber Attacks in Montenegro
August 18, 2023
The US embassy in Montenegro has placed billboards on several locations in the capital Podgorica, offering up to $10 million for information on cyber attacks in Montenegro operated against American interests. The billboards seek information about ransomware attacks on state information systems, interference in elections, or “malicious cyber activities against critical American infrastructure”. Montenegro has been ...
- China’s Ministry of State Security warns of data security risks after Wuhan Earthquake Monitoring Center cyberattack
August 16, 2023
China’s Ministry of State Security (MSS) on Wednesday warned of data security risks after recent reports identified US intelligence agencies were behind a cyberattack on Wuhan Earthquake Monitoring Center. A joint investigation team formed by the National Computer Virus Emergency Response Center (CVERC) and Chinese cybersecurity company 360 discovered malicious backdoor software that exhibits characteristics of ...
- China identifies the culprits behind cyberattack on Wuhan Earthquake Monitoring Center
August 14, 2023
New progress has been made on an investigation into a cyberattack incident targeting the Wuhan Earthquake Monitoring Center affiliated to the city’s Emergency Management Bureau, after a joint investigation team formed by the National Computer Virus Emergency Response Center (CVERC) and Chinese cybersecurity company 360 discovered malicious backdoor software that exhibits characteristics of US intelligence ...
- Clorox says certain business operations disrupted in cyber attack
August 14, 2023
Clorox said on Monday it had taken certain systems offline after unauthorized activity disrupted some business operations. It said it was implementing workarounds for certain offline operations in order to continue servicing its customers and had engaged third-party cybersecurity experts to support its investigation and recovery efforts. Read more… Source: MSN News