As outlined in the Cybersecurity and Infrastructure Security Agency’s (CISA’s) Secure by Design initiative, software manufacturers should ensure that security is a core consideration from the onset of software development and throughout the entirety of the development lifecycle.
This voluntary guidance provides an overview of product security bad practices that are considered exceptionally risky, particularly for software manufacturers who produce software used in service of critical infrastructure or national critical functions (NCFs). This guidance also provides recommendations for software manufacturers to mitigate these risks.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- Albania Claims New Cyberattack on Day the US Sanctions Iran for July Attack
September 9, 2022
Albania said it suffered another cyberattack on the day the U.S. announced sanctions against Iran’s Ministry of Intelligence and Security (MOIS) for an attack launched against Tirana’s government computer systems in July. “The national police’s computer systems were hit Friday by a cyberattack which, according to initial information, was committed by the same actors who in ...
- China strongly condemns US cyber attacks on China’s Northwestern Polytechnical University
September 6, 2022
China strongly condemns the cyber attacks launched by the United States on China’s Northwestern Polytechnical University, and urges the U.S. side to offer an explanation and immediately stop its unlawful moves, Foreign ministry spokesperson Mao Ning said Monday. It was reported that China’s National Computer Virus Emergency Response Center (CVERC) and cybersecurity company 360 on Monday ...
- #StopRansomware: Vice Society
September 6, 2022
This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see ...
- Los Angeles school district says it was target of ransomware attack
September 6, 2022
The Los Angeles Unified School District, the second-largest collection of public schools in the United States, said it was targeted by a ransomware attack over the Labor Day weekend that caused “significant disruption” but did not lead to cancellation of classes. “Los Angeles Unified detected unusual activity in its Information Technology systems over the weekend, which ...
- KeyBank: Hackers of third-party provider stole customer data
September 3, 2022
Hackers stole personal data including Social Security numbers, addresses and account numbers of home mortgage holders at KeyBank, the bank reports, in the breach of a third-party vendor that serves multiple corporate clients. The hackers obtained the information on July 5 after breaking into computers at the insurance services provider Overby-Seawell Company, according to a letter ...
- IRS data leak exposes personal info of 120,000 taxpayers
September 3, 2022
The Internal Revenue Service has accidentally leaked confidential information for approximately 120,000 taxpayers who filed a form 990-T as part of their tax returns. IRS Form 990T is used to report ‘unrelated business income’ paid to a tax-exempt entity, such as nonprofits (charities) or IRA and SEP retirement accounts. This income is commonly derived from sales unrelated ...