As outlined in the Cybersecurity and Infrastructure Security Agency’s (CISA’s) Secure by Design initiative, software manufacturers should ensure that security is a core consideration from the onset of software development and throughout the entirety of the development lifecycle.
This voluntary guidance provides an overview of product security bad practices that are considered exceptionally risky, particularly for software manufacturers who produce software used in service of critical infrastructure or national critical functions (NCFs). This guidance also provides recommendations for software manufacturers to mitigate these risks.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- New Tool Set Found Used Against Organizations in the Middle East, Africa and the US
December 1, 2023
Unit 42 researchers observed a series of apparently related attacks against organizations in the Middle East, Africa and the U.S. The researchers will discuss a set of tools used in the course of the attacks that reveal clues about the threat actors’ activity. Unit 42 team is sharing this research to provide detection, prevention and hunting ...
- FBI: IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities
December 1, 2023
The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD) are disseminating this joint Cybersecurity Advisory (CSA) to highlight continued malicious cyber activity against operational technology devices by Iranian Government Islamic Revolutionary Guard Corps (IRGC)-affiliated Advanced Persistent Threat ...
- AeroBlade on the hunt targeting the U.S. Aerospace industry
November 30, 2023
BlackBerry has uncovered a previously unknown threat actor targeting an aerospace organization in the United States, with the apparent goal of conducting commercial and competitive cyber espionage. The BlackBerry Threat Research and Intelligence team is tracking this threat actor as AeroBlade. The actor used spear-phishing as a delivery mechanism: A weaponized document, sent as an email ...
- Hacker claims to have hit General Electric and stolen company data
November 27, 2023
A hacker with the alias IntelBroker claims to have breached General Electric and stolen plenty of sensitive data from the company’s systems. The company operates in different fields, including aerospace, renewable energy, power, venture capital, and more. The hacker posted a new thread on an underground forum, selling access to the company’s “development and software pipelines” ...
- Ransomware ‘catastrophe’ at Fidelity National Financial causes panic with homeowners and buyers
November 27, 2023
Last Tuesday, Fidelity National Financial, or FNF, a real estate services company that bills itself as the “leading provider of title insurance and escrow services, and North America’s largest title insurance company,” announced that it had experienced a cyberattack. Since then, homeowners who have mortgages and prospective buyers who are purchasing properties with FNF or one ...
- New Jersey: Montclair, Westwood Hospitals Divert Ambulances After Cyber Attack
November 27, 2023
Two hospitals in North Jersey are diverting ambulances from their emergency rooms after a cyber attack, authorities confirmed Monday. The attack impacted the computer systems at Mountainside Medical Center in Montclair, and Pascack Valley Medical Center in Westwood. Read more… Source: MSN News