As outlined in the Cybersecurity and Infrastructure Security Agency’s (CISA’s) Secure by Design initiative, software manufacturers should ensure that security is a core consideration from the onset of software development and throughout the entirety of the development lifecycle.
This voluntary guidance provides an overview of product security bad practices that are considered exceptionally risky, particularly for software manufacturers who produce software used in service of critical infrastructure or national critical functions (NCFs). This guidance also provides recommendations for software manufacturers to mitigate these risks.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- US government agencies hit in global cyberattack
June 15, 2023
“Several” US federal government agencies have been hit in a global cyberattack that exploits a vulnerability in widely used software. The US Cybersecurity and Infrastructure Security Agency “is providing support to several federal agencies that have experienced intrusions affecting their MOVEit applications,” Eric Goldstein, the agency’s executive assistant director for cybersecurity, said in a statement on ...
- CISA and Partners Release Joint Advisory on Understanding Ransomware Threat Actors: LockBit
June 14, 2023
Today, CISA, the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and international partners released Understanding Ransomware Threat Actors: LockBit, a joint Cybersecurity Advisory (CSA) to help organizations understand and defend against threat actors using LockBit, the most globally used and prolific Ransomware-as-a-Service (RaaS) in 2022 and 2023. This guide is ...
- Cyber insurance premiums surge by 50% as ransomware attacks increase
June 14, 2023
US cyber insurance premiums surged 50% in 2022 as increased ransomware attacks and online commerce drove demand for coverage. Premiums collected from policies written by insurers reached $7.2 billion in 2022 and tripled in the past three years, ratings firm AM Best said in a study released this week. “Systematic risk is an ongoing concern,” Fred ...
- New bill would give CISA greater cyber outreach responsibilities
June 13, 2023
Lawmakers have introduced a new bipartisan bill that aims to equip the most frequent targets of ransomware attacks and underserved communities across the country with critical access to cybersecurity training, education and resources. The Cybersecurity Awareness Act would require the Cybersecurity and Infrastructure Security Agency to launch a new public-private campaign promoting cybersecurity best practices — ...
- The Role of the SEC in Enforcing InfoSec Legislation
June 12, 2023
Founded 85 years ago at the height of the Great Depression, the Securities and Exchange Commission (SEC) has a clear mission: to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation. Put simply, the SEC aims to protect US investors by maintaining a fair market. The SEC doesn’t work directly with investors, however. ...
- #StopRansomware: CL0P Ransomware Gang Exploits MOVEit Vulnerability
June 7, 2023
CISA and FBI released a joint Cybersecurity Advisory (CSA) CL0P Ransomware Gang Exploits MOVEit Vulnerability in response to a recent vulnerability exploitation attributed to CL0P Ransomware Gang. This joint guide provides indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) identified through FBI investigations as recently as May this year. Additionally, it provides immediate ...