As outlined in the Cybersecurity and Infrastructure Security Agency’s (CISA’s) Secure by Design initiative, software manufacturers should ensure that security is a core consideration from the onset of software development and throughout the entirety of the development lifecycle.
This voluntary guidance provides an overview of product security bad practices that are considered exceptionally risky, particularly for software manufacturers who produce software used in service of critical infrastructure or national critical functions (NCFs). This guidance also provides recommendations for software manufacturers to mitigate these risks.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- A Lack Of Cybersecurity Funding And Expertise Threatens U.S. Infrastructure
April 23, 2018
As our physical infrastructure becomes increasingly digitalized, it also becomes increasingly vulnerable to cyber attack. Russian hackers, for example, have been trying to compromise U.S. electrical infrastructure for years, and successfully cut off power to hundreds of thousands of people throughout Ukraine in 2015 and again in 2016. Beyond our energy infrastructure, traffic signals are also susceptible to being hijacked, ...
- US, UK cyber cops warn Russians are rooting around in your routers
April 16, 2018
American and British crimefighters have launched another round of pin-the-tail-on-the-Russians – with a warning that Moscow-backed hackers are trying to subvert the world’s network devices. The US Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the United Kingdom’s National Cyber Security Centre (NCSC) on Monday issued a joint Technical Alert describing a global assault ...
- Energy Transfer Says ‘Cyber Attack’ Shut Pipeline Data System
April 3, 2018
A cyber attack that hobbled the electronic communication system used by a major U.S. pipeline network has been overcome. Energy Transfer Partners LP was confident that, after 6 p.m. New York time on Monday, files could safely be exchanged through the EDI platform provided by third-party Energy Services Group LLC, the pipeline company said in a notice. ...
- U.S. DoD Hopes To Stamp Out Threats With Bug Bounty Program
April 2, 2018
The U.S. Department of Defense is doubling down on routing out vulnerabilities in its massive government systems. On Monday, the DoD announced it was expanding its bug bounty program to include the agency’s massive Defense Travel System. The “Hack the DTS” program launched in partnership with bug bounty firm HackerOne. It targets potential threats found in a ...
- Atlanta, hit by ransomware attack, also fell victim to leaked NSA exploits
March 27, 2018
It’s been almost a week since the City of Atlanta was hit by a ransomware attack, which encrypted city data and led to the shutdown of some services. Mayor Keisha Lance Bottoms said in a press conference Monday that the city’s government is working on recovering the network after ransom notes appeared on computer displays on Thursday afternoon. ...
- Old banking Trojan TrickBot has been taught new tricks
March 22, 2018
The TrickBot Trojan has been upgraded with new modules to make detection, and defense, more difficult. First discovered in 2016, TrickBot is a financial Trojan which targets the customers of major banks. The Trojan is most commonly connected to phishing campaigns which trick users into entering their credentials into phishing and fraudulent banking websites, designed to appear as legitimate ...