As outlined in the Cybersecurity and Infrastructure Security Agency’s (CISA’s) Secure by Design initiative, software manufacturers should ensure that security is a core consideration from the onset of software development and throughout the entirety of the development lifecycle.
This voluntary guidance provides an overview of product security bad practices that are considered exceptionally risky, particularly for software manufacturers who produce software used in service of critical infrastructure or national critical functions (NCFs). This guidance also provides recommendations for software manufacturers to mitigate these risks.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- U.S. unveils plan to improve cyber defenses for water utilities
January 27, 2022
The White House on Thursday unveiled a plan to beef up cybersecurity in the nation’s water sector, an extension of its efforts to thwart attacks against critical infrastructure including electricity and natural gas pipeline operators. Senior administration officials said water facilities use automation and electronic networks that are vulnerable to cyber attacks, which could include producing ...
- Context and Recommendations to Protect Against Malicious Activity by Iranian Cyber Group Emennet Pasargad
January 26, 2022
This Private Industry Notice provides a historical overview of Iran-based cyber company Emennet Pasargad’s tactics, techniques, and procedures (TTPs) to enable recipients to identify and defend against the group’s malicious cyber activities. On 20 October 2021, a grand jury in the US District Court for the Southern District of New York indicted two Iranian nationals ...
- Biden warns of US ‘cyber’ response after Ukraine says computers wiped during attack
January 20, 2022
US President Joe Biden responded forcefully to reports of a wide-ranging cyberattack on Ukrainian government systems Wednesday afternoon, telling reporters that the US would respond with its own cyberattacks if Russia continues to target Ukraine’s digital infrastructure. “The question is if it’s something significantly short of an…invasion or major military forces coming across,” Biden said in ...
- Biden signs cybersecurity memorandum for Defense Department, intelligence agencies
January 19, 2022
US President Joe Biden signed a memorandum on Tuesday concerning the cybersecurity of the Defense Department and the country’s intelligence agencies, sketching out exactly how an executive order he signed in May 2021 will be implemented. “This NSM requires that, at minimum, National Security Systems employ the same network cybersecurity measures as those required of federal ...
- Former DHS official charged with stealing govt employees’ PII
January 14, 2022
A former Department of Homeland Security acting inspector general pleaded guilty today to stealing confidential and proprietary software and sensitive databases from the US government containing employees’ personal identifying information (PII). 61-year-old Charles Kumar Edwards coordinated the scheme while working for DHS-OIG (Department of Homeland Security, Office of Inspector General) as an employee and acting IG ...
- Cyberattack shuts down Albuquerque schools; county copes with ransomware incident
January 13, 2022
School officials in Albuquerque, New Mexico have cancelled classes for Thursday and Friday due to a cyberattack. The shutdown took place just days after a ransomware attack hit government services across Bernalillo County. In a statement posted to the Albuquerque Public Schools (APS) website, officials said schools will remain closed “as the district continues to investigate ...