As outlined in the Cybersecurity and Infrastructure Security Agency’s (CISA’s) Secure by Design initiative, software manufacturers should ensure that security is a core consideration from the onset of software development and throughout the entirety of the development lifecycle.
This voluntary guidance provides an overview of product security bad practices that are considered exceptionally risky, particularly for software manufacturers who produce software used in service of critical infrastructure or national critical functions (NCFs). This guidance also provides recommendations for software manufacturers to mitigate these risks.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- San Diego: Scripps Health Cyberattack Causes Widespread Hospital Outages
May 3, 2021
Scripps Health, a hospital network based in San Diego, was hit by a cyberattack over the weekend, forcing some critical-care patients to be diverted, according to the San Diego Union-Tribune. Scripps acknowledged the attack in a statement but didn’t specify whether it was a ransomware incident. It’s also unknown whether the adversaries compromised any patient records ...
- Multi-Gov Task Force Plans to Take Down the Ransomware Economy
April 29, 2021
Ransomware has reached crisis levels across business sectors and across the globe, but a public-private Ransomware Task Force aims to stem the tide of attacks by disrupting the crooks’ business model. The Institute for Security and Technology (IST) put together the coalition, which includes more than 60 members from software companies, government agencies, cybersecurity vendors, financial ...
- Experian API Leaks Most Americans’ Credit Scores
April 29, 2021
A researcher is claiming that the credit scores of almost every American were exposed through an API tool used by the Experian credit bureau, that he said was left open on a lender site without even basic security protections. Experian, for its part, refuted concerns from the security community that the issue could be systemic. The tool, ...
- DC Police confirms cyberattack after ransomware gang leaks data
April 26, 2021
The Metropolitan Police Department has confirmed that they suffered a cyberattack after the Babuk ransomware gang leaked screenshots of stolen data. The Metropolitan Police Department, also known as the DC Police or MPD, is the primary law enforcement agency for Washington, DC, the US capital. In a statement to BleepingComputer, the DC Police stated that they are ...
- White House: Here’s what we’ve learned from tackling the SolarWinds and Microsoft Exchange Server cyber incidents
April 21, 2021
Lessons learned from responses to the SolarWinds and Microsoft Exchange cyber incidents will be used to coordinate action against future cybersecurity and hacking incidents, the White House has said. Both incidents required the United States to react to cyberattacks by nation-state hacking operations affecting thousands of organisations across the country – Russian intelligence compromised SolarWinds in ...
- ‘High-level’ organiser of FIN7 hacking group sentenced to ten years in prison
April 19, 2021
The US Department of Justice described Ukranian national Fedir Hladyr, 35, as a systems administrator for the FIN7 hacking group. He was arrested in Germany, in 2018 at the request of U.S. law enforcement and was extradited to Seattle. In September 2019, he pleaded guilty to conspiracy to commit wire fraud and one count of conspiracy ...