As outlined in the Cybersecurity and Infrastructure Security Agency’s (CISA’s) Secure by Design initiative, software manufacturers should ensure that security is a core consideration from the onset of software development and throughout the entirety of the development lifecycle.
This voluntary guidance provides an overview of product security bad practices that are considered exceptionally risky, particularly for software manufacturers who produce software used in service of critical infrastructure or national critical functions (NCFs). This guidance also provides recommendations for software manufacturers to mitigate these risks.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- The US government just launched a big push to fill cybersecurity jobs, with salaries to match
November 16, 2021
The US Department of Homeland Security, a key cybersecurity agency, has just announced a new system that will help it recruit, develop and retrain cybersecurity pros in the federal government. The DHS’s new recruitment system, dubbed the Cybersecurity Talent Management System (CTMS), launches amid a tight labor market for cybersecurity professionals who are in extremely high ...
- Dutch newspaper accuses US spy agencies of orchestrating 2016 Booking.com breach
November 11, 2021
Jointly US-Dutch owned Booking.com was illegally accessed by an American attacker in 2016 – and the company failed to tell anyone when it became aware of what happened, according to explosive revelations. The alleged miscreant, named as “Andrew”, is said to have stolen “details of thousands of hotel reservations in countries in the Middle East,” according ...
- New Zealand spooks say satellite snooping is obsolete – better intel is found elsewhere
November 11, 2021
New Zealand’s Government Communications Security Bureau (GCSB) – the nation’s signals intelligence and infosec agency – will retire its Waihopai satellite communications interception station because it’s no longer needed. “The nature of telecommunications has changed, and other needs and capabilities have overtaken the sort of satellite communication interception that has been done at Waihopai,” said Andrew ...
- Average ransomware payment for US victims more than $6 million, survey says
November 9, 2021
A new report from Mimecast has found that the US leads the way in the size of payouts following ransomware incidents. In the “State of Ransomware Readiness” study from Mimecast, researchers spoke with 742 cybersecurity professionals and found that 80% of them had been targeted with ransomware over the last two years. Of that 80%, 39% paid ...
- US seizes $6 million from REvil ransomware, arrest Kaseya hacker
November 8, 2021
The United States Department of Justice today has announced charges against a REvil ransomware affiliate responsible for the attack against the Kaseya MSP platform on July 2nd and seizing more than $6 million from another REvil partner. The suspect is 22-year old Ukrainian national Yaroslav Vasinskyi, arrested for cybercriminal activity on October 8 at the behest ...
- INTERPOL-led operation takes down prolific cybercrime ring
November 5, 2021
SEOUL, Korea – A 30-month transcontinental investigation and operation has resulted in arrests and Red Notices for suspects believed to be behind a global malware crime network. Two Red Notices, which are internationally wanted persons alerts, have been circulated to INTERPOL’s 194 member countries following a request by Korea’s cybercrime investigation division via INTERPOL’s National Central ...