As outlined in the Cybersecurity and Infrastructure Security Agency’s (CISA’s) Secure by Design initiative, software manufacturers should ensure that security is a core consideration from the onset of software development and throughout the entirety of the development lifecycle.
This voluntary guidance provides an overview of product security bad practices that are considered exceptionally risky, particularly for software manufacturers who produce software used in service of critical infrastructure or national critical functions (NCFs). This guidance also provides recommendations for software manufacturers to mitigate these risks.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- Elon Musk’s X hit by waves of outages in what he claims is ‘a massive cyberattack’
March 10, 2025
Elon Musk’s X has been hit by three waves of outages since this morning, which the billionaire claims was due to a cyberattack. According to outage tracking site DownDetector, the problems began around 6 am ET when up to 20,538 users reported problems. The issues temporarily died down before nearly 40,000 users reported outages at 10 ...
- Allstate sued for not reporting data breach of 165,000 New Yorkers
March 10, 2025
New York state sued Allstate on Monday, accusing the insurer’s National General unit of failing to report a data breach that exposed drivers’ license numbers, and not developing reasonable safeguards to protect policyholders’ private information. The lawsuit by New York Attorney General Letitia James was filed in a state court in Manhattan, and seeks civil fines. ...
- European Commission defends EU digital markets rules in the face of US attacks
March 7, 2025
Vice-Presidents Teresa Ribera and Henna Virkkunen have insisted that the EU’s Digital Markets Act (DMA) does not target US companies and applies agnostically to digital platforms designated under its rules as “gatekeepers”, in a letter responding to questions from the US Congress seen by Euronews. “The criteria for gatekeeper designation are based on objectively identified and ...
- Russian crypto exchange Garantex seized by law enforcement operation
March 6, 2025
The U.S. Secret Service, working with a coalition of international law enforcement agencies, has taken down and seized the website of Garantex, a Russian cryptocurrency exchange accused of being associated with darknet markets and ransomware hackers. On Thursday, the official Garantex website was replaced with a notice saying the exchange’s domain has been seized by the ...
- Hacked health firm HCRG demanded journalist ‘take down’ data breach reporting, citing UK court order
March 6, 2025
A U.S.-based independent cybersecurity journalist has declined to comply with a U.K. court-ordered injunction that was sought following their reporting on a recent cyberattack at U.K. private healthcare giant HCRG. Law firm Pinsent Masons, which served the February 28 court order on behalf of HCRG, demanded that DataBreaches.net “take down” two articles that referenced the ransomware ...
- US charges Chinese hackers who allegedly caused millions of dollars worth of damages
March 5, 2025
US prosecutors on Wednesday announced criminal charges against multiple Chinese nationals for allegedly hacking a range of US companies and municipalities for profit, causing millions of dollars’ worth of damage. Victims of the hackers include US-based critics of the Chinese government, Asian government foreign ministries, and US federal and state agencies, the Justice Department said. Some ...