As outlined in the Cybersecurity and Infrastructure Security Agency’s (CISA’s) Secure by Design initiative, software manufacturers should ensure that security is a core consideration from the onset of software development and throughout the entirety of the development lifecycle.
This voluntary guidance provides an overview of product security bad practices that are considered exceptionally risky, particularly for software manufacturers who produce software used in service of critical infrastructure or national critical functions (NCFs). This guidance also provides recommendations for software manufacturers to mitigate these risks.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- KillNet and affiliate hacktivist groups targeting healthcare with DDoS attacks
March 17, 2023
In the last year, geopolitical tension has led to an uptick of reported cybercrime events fueled by hacktivist groups. The US Cybersecurity and Infrastructure Security Agency (CISA) published an advisory to warn organizations about these attacks and teamed with the FBI on a distributed denial-of-service (DDoS) response strategy guide. KillNet, a group that the US ...
- Threat Actors Exploited Progress Telerik Vulnerability in U.S. Government IIS Server
March 15, 2023
Today, the CISA, Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory (CSA), Threat Actors Exploit Progress Telerik Vulnerability in U.S. Government IIS Server. This joint CSA provides IT infrastructure defenders with tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), and methods to detect and protect ...
- Hands up who DIDN’T exploit this years-old flaw to ransack a US govt web server…
March 15, 2023
Multiple criminals, including at least potentially one nation-state group, broke into a US federal government agency’s Microsoft Internet Information Services web server by exploiting a critical three-year-old Telerik bug to achieve remote code execution. The snafu happened between November 2022 and early January, according to a joint alert from the FBI, CISA, and America’s Multi-State Information ...
- What happens if you ‘cover up’ a ransomware infection? For Blackbaud, a $3m charge
March 10, 2023
Blackbaud has agreed to pay $3 million to settle charges that it made misleading disclosures about a 2020 ransomware infection in which crooks stole more than a million files on around 13,000 of the cloud software slinger’s customers. According to America’s financial watchdog, the SEC, Blackbaud will cough up the cash – without admitting or denying ...
- Significant hack potentially exposes US lawmakers’ personal data
March 9, 2023
A serious breach at a healthcare administrator serving the U.S. House of Representatives has potentially exposed the personal data of hundreds of lawmakers and their staff, top representatives and a senior Congressional official said in letters circulated on Wednesday. One of the letters, which the House’s Chief Administrative Officer Catherine Szpindor (CAO) sent to members of ...
- TSA issues new cybersecurity requirements for airport and aircraft operators
March 7, 2023
Today, the Transportation Security Administration (TSA) issued a new cybersecurity amendment on an emergency basis to the security programs of certain TSA-regulated airport and aircraft operators, following similar measures announced in October 2022 for passenger and freight railroad carriers. This is part of the Department of Homeland Security’s efforts to increase the cybersecurity resilience of U.S. critical infrastructure and ...