As outlined in the Cybersecurity and Infrastructure Security Agency’s (CISA’s) Secure by Design initiative, software manufacturers should ensure that security is a core consideration from the onset of software development and throughout the entirety of the development lifecycle.
This voluntary guidance provides an overview of product security bad practices that are considered exceptionally risky, particularly for software manufacturers who produce software used in service of critical infrastructure or national critical functions (NCFs). This guidance also provides recommendations for software manufacturers to mitigate these risks.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- NY OAG warns T-Mobile data breach victims of identity theft risks
March 3, 2022
The New York State Office of the Attorney General (NY OAG) warned victims of the August 2021 T-Mobile data breach that they faced identity theft risks after some of the stolen information ended up for sale on the dark web. The alert comes after individuals impacted in the incident were notified by identity theft protection services ...
- US Senate passes cybersecurity act forcing orgs to report cyberattacks, ransom payments
March 2, 2022
The US Senate approved new cybersecurity legislation that will force critical infrastructure organizations to report cyberattacks to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours and ransomware payments within 24 hours. The Strengthening American Cybersecurity Act passed by unanimous consent on Tuesday after being introduced on February 8 by Senators Rob Portman and Gary ...
- DHS: Secretary Mayorkas Designates Ukraine for Temporary Protected Status for 18 Months
March 2, 2022
WASHINGTON — The Department of Homeland Security (DHS) announced the designation of Ukraine for Temporary Protected Status (TPS) for 18 months. “Russia’s premeditated and unprovoked attack on Ukraine has resulted in an ongoing war, senseless violence, and Ukrainians forced to seek refuge in other countries,” said Secretary Alejandro N. Mayorkas. “In these extraordinary times, we will ...
- Quarter of a million lawyer disciplinary records leak
February 28, 2022
Approximately 260,000 nonpublic disciplinary records stored on behalf of The State Bar of California were found to be exposed to the public and to have been republished on Judyrecords.com, a website that aggregates over 630 million public court records. The sensitive records exposed include the case number, filing date, case type, case status, and respondent and ...
- The United Kingdom Is Prepared for NATO-Russia Cyber Conflict
February 27, 2022
The unfolding Ukraine crisis has focused attention on the role of cyber operations in defensive and offensive military-intelligence strategy. Russia’s cyber aggression against Ukrainian government and civilian targets was expected and is consistent with its long-standing information war strategy and conduct across its “near abroad.” What is less certain is how Western powers should respond ...
- White House denies reports that it is considering cyberattacks on Russian infrastructure
February 24, 2022
The White House has denied reports that it is considering a range of cyberattacks on Russian infrastructure in response to the invasion of Ukraine. The denials came after NBC News reported US President Joe Biden was offered options that included the use of American cyberweapons “on a scale never before contemplated.” Reporters for NBC News claimed they ...