As outlined in the Cybersecurity and Infrastructure Security Agency’s (CISA’s) Secure by Design initiative, software manufacturers should ensure that security is a core consideration from the onset of software development and throughout the entirety of the development lifecycle.
This voluntary guidance provides an overview of product security bad practices that are considered exceptionally risky, particularly for software manufacturers who produce software used in service of critical infrastructure or national critical functions (NCFs). This guidance also provides recommendations for software manufacturers to mitigate these risks.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- Enhanced Monitoring to Detect APT Activity Targeting Outlook Online
July 12, 2023
In June 2023, a Federal Civilian Executive Branch (FCEB) agency identified suspicious activity in their Microsoft 365 (M365) cloud environment. The agency reported the activity to Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA), and Microsoft determined that advanced persistent threat (APT) actors accessed and exfiltrated unclassified Exchange Online Outlook data. CISA and the Federal ...
- Privacy activists slam EU-US pact on data sharing
July 11, 2023
The European Commission has announced a pact with the US to allow easier legal transfer of personal data across the Atlantic. Data privacy activists vowed to challenge the agreement in court. President Joe Biden and EU officials welcomed the deal, which overcame objections about US intelligence agencies’ access to European data. The deal ensures Meta, Google ...
- FBI worked with Ukraine intelligence agency to remove social media accounts
July 10, 2023
The FBI colluded with a Ukrainian intelligence agency in an effort to disrupt Russian disinformation campaigns by flagging social media accounts in a failed effort that ensnared a verified Russian-language U.S. State Department account and others, the House Judiciary Committee said in a report released Monday. The report said the FBI partnered with the SBU, one ...
- Florida patients among 11 million affected by HCA Healthcare data breach
July 10, 2023
Data on roughly 11 million HCA Healthcare patients in 20 states including Florida, was stolen and recently posted on an online forum, the hospital chain reported on Sunday. According to the company, an unauthorized party gained access to 27 million rows of data stored at an external location that is used to to automate company email ...
- Charges filed in cyber attack on East Bay water treatment plant
July 6, 2023
A 53-year-old Tracy man is facing federal criminal charges in connection with an alleged attack on the computer systems of a Discovery Bay water treatment plant more than two years ago, according to the U.S. Attorney’s Office. Rambler Gallo was a full-time employee of a private Massachusetts-based company that contracted with Discovery Bay to operate the ...
- CISA and Partners Release Joint Cybersecurity Advisory on Newly Identified Truebot Malware Variants
July 6, 2023
Today, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigations (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS) released a joint Cybersecurity Advisory (CSA), Increased Truebot Activity Infects U.S. and Canada Based Networks, to help organizations detect and protect against newly identified Truebot malware ...