As outlined in the Cybersecurity and Infrastructure Security Agency’s (CISA’s) Secure by Design initiative, software manufacturers should ensure that security is a core consideration from the onset of software development and throughout the entirety of the development lifecycle.
This voluntary guidance provides an overview of product security bad practices that are considered exceptionally risky, particularly for software manufacturers who produce software used in service of critical infrastructure or national critical functions (NCFs). This guidance also provides recommendations for software manufacturers to mitigate these risks.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- Mint Mobile reveals another major data breach
December 29, 2023
American mobile virtual network operator (MVNO) Mint Mobile has confirmed suffering a data breach affecting an unknown number of its customers. The company revealed the news in an email sent to its customers, in which it explained “We are writing to inform you about a security incident we recently identified in which an unauthorized actor obtained ...
- Another top US mortgage firm reveals a major data breach, over a million customers affected
December 28, 2023
LoanCare suffered a data breach last month, which resulted in the theft of sensitive customer data, the insurance service company has confirmed. Roughly 1.3 million people were affected by the breach, the company further explained, as hackers stole people’s full names, physical addresses, Social Security Numbers (SSN), and loan numbers. Read more… Source: MSN News
- Michigan health system reports 2nd data breach, affecting more than 1M patients
December 27, 2023
A health system in Michigan has experienced its second cybersecurity breach this year, affecting more than 1 million patients, according to state officials. Michigan Attorney General Dana Nessel announced Tuesday there was a breach at HealthEC, a vendor that provides services to Corewell Health’s southeast Michigan properties. The breach exposed patients’ personal and medical information Read more… Source: ...
- CBS, Paramount owner National Amusements says it was hacked
December 26, 2023
National Amusements, the cinema chain and corporate parent giant of media giants Paramount and CBS, has confirmed it experienced a data breach in which hackers stole the personal information of tens of thousands of people. The private media conglomerate said in a legally required filing with Maine’s attorney general that hackers stole personal information on 82,128 ...
- Cyberattack forces First American to take some IT systems offline
December 22, 2023
First American, one of the largest insurance companies in the United States, suffered a malware attack that forced the company to shut some of its systems down, including its website. At press time, the official website firstam.com was still offline, while a dedicated notification site – firstamupdate.com – was set up. There is a short notification ...
- Here’s Why You’ll Hear About a Lot More Data Breaches in 2024
December 20, 2023
Cybersecurity incidents are constantly in the news these days, but you’ll soon be hearing about a lot more of them. That’s because a new rule from the Securities and Exchange Commission went into effect on Monday, requiring all public companies to report data breaches in just four days. The new SEC rule requires public companies to ...