As outlined in the Cybersecurity and Infrastructure Security Agency’s (CISA’s) Secure by Design initiative, software manufacturers should ensure that security is a core consideration from the onset of software development and throughout the entirety of the development lifecycle.
This voluntary guidance provides an overview of product security bad practices that are considered exceptionally risky, particularly for software manufacturers who produce software used in service of critical infrastructure or national critical functions (NCFs). This guidance also provides recommendations for software manufacturers to mitigate these risks.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- World’s Most Dangerous Malware Emotet Disrupted Through Global Action
January 27, 2021
Law enforcement and judicial authorities worldwide have this week disrupted one of most significant botnets of the past decade: EMOTET. Investigators have now taken control of its infrastructure in an international coordinated action. This operation is the result of a collaborative effort between authorities in the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, ...
- US Department of Justice Launches Global Action Against NetWalker Ransomware
January 27, 2021
The Department of Justice today announced a coordinated international law enforcement action to disrupt a sophisticated form of ransomware known as NetWalker. NetWalker ransomware has impacted numerous victims, including companies, municipalities, hospitals, law enforcement, emergency services, school districts, colleges, and universities. Attacks have specifically targeted the healthcare sector during the COVID-19 pandemic, taking advantage of the ...
- Russian government warns of US retaliatory cyberattacks
January 23, 2021
The Russian government has issued a security warning to organizations in Russia about possible retaliatory cyberattacks by the USA for the SolarWinds breach. Last month, the SolarWinds network management company disclosed that they suffered a sophisticated cyberattack that led to a supply chain attack affecting 18,000 customers. The US government believes that this attack was conducted by ...
- Rob Joyce to Take Over as NSA Cybersecurity Director
January 19, 2021
As the incoming Biden administration continues to shake up federal leadership, the National Security Agency announced Friday that Rob Joyce, who is currently serving at the U.S. Embassy in London, was named to lead its cybersecurity division. Joyce will inherit the job from Anne Neuberger, who will leave the post to serve as deputy national security ...
- U.S. National Cybersecurity Plan Promises to Safeguard Maritime Sector
January 18, 2021
The U.S Government released on January 5, 2021, a cybersecurity plan to secure the nation’s maritime sector against cybersecurity threats that could endanger national security. The Maritime Cyber Environment With International Maritime Organization’s (IMO) mandate “to ensure that cyber risks are appropriately addressed in existing safety management systems” and the increasing number of cyber-attacks against maritime and ...
- Xiaomi added to US list of alleged Communist Chinese military companies
January 15, 2021
Chinese hardware manufacturer Xiaomi has been added to a list of alleged Communist Chinese military companies by the United States Department of Defense. “The Department is determined to highlight and counter the People’s Republic of China’s (PRC) Military-Civil Fusion development strategy, which supports the modernisation goals of the People’s Liberation Army by ensuring its access to ...