As outlined in the Cybersecurity and Infrastructure Security Agency’s (CISA’s) Secure by Design initiative, software manufacturers should ensure that security is a core consideration from the onset of software development and throughout the entirety of the development lifecycle.
This voluntary guidance provides an overview of product security bad practices that are considered exceptionally risky, particularly for software manufacturers who produce software used in service of critical infrastructure or national critical functions (NCFs). This guidance also provides recommendations for software manufacturers to mitigate these risks.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- US telcos admit to storing, handing over location data
September 2, 2022
US mobile carriers know a lot about where their customers every move, and according to letters sent to the Federal Communications Commission (FCC), they routinely store such location data for years, willingly hand it over to law enforcement if served a proper subpoena, and say users can’t opt out. FCC chairwoman Jessica Rosenworcel said in a ...
- US govt sues Kochava for selling sensitive geolocation data
August 29, 2022
The U.S. Federal Trade Commission (FTC) announced today that it filed a lawsuit against Idaho-based location data broker Kochava for selling sensitive and precise geolocation data (in meters) collected from hundreds of millions of mobile devices. As the consumer protection watchdog said, Kochava’s clients could use this data to identify and keep track of mobile users’ ...
- Nelnet Servicing breach exposes data of 2.5M student loan accounts
August 29, 2022
Data for over 2.5 million individuals with student loans from Oklahoma Student Loan Authority (OSLA) and EdFinancial was exposed after hackers breached the systems of technology services provider Nelnet Servicing. Technology services from Nelnet Servicing, including a web portal, are used by OSLA and EdFinancial to give online access students taking out a loan access to ...
- US ‘actively defending against foreign interference and influence’ in midterms, Cyber Command says
August 25, 2022
US military and intelligence officials are stepping up their efforts to defend the electoral process from foreign hacking and disinformation as the November midterms approach, officials said Thursday. Officials are “actively defending against foreign interference and influence operations in U.S. elections,” US Cyber Command and the National Security Agency said in a statement, “specifically by focusing ...
- Twitter, Meta kill hundreds of pro-Western troll accounts
August 25, 2022
Well known for an abundance of anti-western troll accounts and propaganda, Twitter and Meta are reporting that they’ve taken down nearly 200 accounts that, for the past five years, have been amplifying pro-Western messages in the Middle East and Central Asia. Stanford Internet Observatory (SIO) and Graphika, a social media analytics company, have published a report ...
- CISA: Preparing Critical Infrastructure for Post-Quantum Cryptography
August 24, 2022
Nation-states and private companies are actively pursuing the capabilities of quantum computers. Quantum computing opens up exciting new possibilities; however, the consequences of this new technology include threats to the current cryptographic standards. These standards ensure data confidentiality and integrity and support key elements of network security. While quantum computing technology capable of breaking public ...