As outlined in the Cybersecurity and Infrastructure Security Agency’s (CISA’s) Secure by Design initiative, software manufacturers should ensure that security is a core consideration from the onset of software development and throughout the entirety of the development lifecycle.
This voluntary guidance provides an overview of product security bad practices that are considered exceptionally risky, particularly for software manufacturers who produce software used in service of critical infrastructure or national critical functions (NCFs). This guidance also provides recommendations for software manufacturers to mitigate these risks.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- Data breach may have leaked classified law enforcement operations information to criminals
January 24, 2023
A company that provides tech solutions to law enforcement agencies has reportedly suffered a breach that might jeopardize ongoing police operations and undercover personnel. It is unclear if criminals currently under investigation have accessed the information, but the fact that cybercriminals have it and could potentially sell it is disturbing. On January 11, Wired reported that ...
- FBI Confirms Lazarus Group Cyber Actors Responsible for Harmony’s Horizon Bridge Currency Theft
January 23, 2023
The FBI continues to combat malicious cyber activity, including the threat posed by the Democratic People’s Republic of Korea (DPRK) to the U.S. and our private sector partners. Through our investigation, we were able to confirm that the Lazarus Group (also known as APT38), cyber actors associated with the DPRK, are responsible for the theft ...
- US authorities release asylum seekers after leaking their data online
January 23, 2023
Nearly 3,000 immigrants seeking asylum in the United States have been released from custody after Immigration and Customs Enforcement (ICE) officials inadvertently published their personal information online. Records including names, birth dates, nationalities and detention locations of 6,252 immigrants were posted to an area of ICE’s website normally used to report detention statistics last November. Further ...
- Hacker finds copy of TSA no-fly list on exposed cloud storage
January 22, 2023
A copy of the U.S. Transportation Security Administration’s “no-fly list” has been found by a Swiss hacker exposed on the open internet in yet another case of misconfigured cloud storage. First reported by The Daily Dot, the exposure of the database was found by a Swiss hacker known as “maia arson crimew” on a server run ...
- LAUSD says Vice Society ransomware gang stole contractors’ SSNs
January 20, 2023
Los Angeles Unified School District (LAUSD), the second-largest school district in the United States, says the Vice Society ransomware gang has stolen files containing contractors’ personal information, including Social Security Numbers (SSNs). LAUSD also revealed that the threat actors were active in its network for over two months, between July 31, 2022, and September 3, 2022. Read ...
- 37 million T-Mobile customers hacked in data breach
January 20, 2023
T-Mobile said a “bad actor” accessed personal data from 37 million current customers in a November data breach. In a regulatory filing Thursday, the company said the hacker stole customer data that included names, billing addresses, emails, phone numbers, dates of birth, T-Mobile account numbers, and information describing the kind of service they have with the ...