As outlined in the Cybersecurity and Infrastructure Security Agency’s (CISA’s) Secure by Design initiative, software manufacturers should ensure that security is a core consideration from the onset of software development and throughout the entirety of the development lifecycle.
This voluntary guidance provides an overview of product security bad practices that are considered exceptionally risky, particularly for software manufacturers who produce software used in service of critical infrastructure or national critical functions (NCFs). This guidance also provides recommendations for software manufacturers to mitigate these risks.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- Updates to U.S. State Data Privacy Laws: What You Need to Know
November 22, 2023
The United States is trying to catch up with global data privacy laws passed in recent years. While the European Union (EU) passed the General Data Protection Regulation (GDPR) which went into effect in 2018, the U.S. has not been able to pass its version called the American Data Privacy and Protection Act (ADPPA) into ...
- FCC wants to improve cyber protections for schools, libraries
November 21, 2023
Ransomware attacks and cybersecurity threats against schools are multiplying and have led to some dramatic consequences. Last year, the Los Angeles Unified School District was hit by a ransomware attack that resulted in hackers posting 500 gigabytes of stolen data online, after the district’s superintendent refused to pay the ransom. The attack compromised about 2,000 student ...
- U.S. DOD strategy warns emerging tech is ‘at the forefront’ of information threats
November 21, 2023
The Pentagon publicly released its strategy for operating in the information environment – which covers both physical and digital sources of information – on Friday, outlining how the agency plans to modernize its collecting, processing and sharing of data to better counteract adversaries’ weaponization of the internet and emerging technologies. DOD “must embrace a cultural shift ...
- #StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability
November 21, 2023
The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Multi-State Information Sharing & Analysis Center (MS-ISAC), and Australian Signals Directorate’s Australian Cyber Security Center (ASD’s ACSC) are releasing this joint Cybersecurity Advisory (CSA) to disseminate IOCs, TTPs, and detection methods associated with LockBit 3.0 ransomware exploiting CVE-2023-4966, labeled Citrix Bleed, affecting Citrix ...
- Binance CEO pleads guilty to money laundering charges
November 21, 2023
The Binance chief executive, Changpeng Zhao, has resigned after pleading guilty to money laundering violations. The Justice Department said it was requiring Binance, the largest crypto-exchange in the world, to pay $4.3bn (£3.4bn) in penalties and forfeitures. It said Binance had helped users bypass sanctions across the world. Read more… Source: BBC News
- Hackers accessed sensitive health data of Welltok patients
November 20, 2023
Hackers accessed the personal data of more than a million people by exploiting a security vulnerability in a file transfer tool used by Welltok, the healthcare platform owned by Virgin Pulse. Welltok, a Denver-based patient engagement company that works with healthcare plans to provide communications to subscribers about their healthcare, confirmed in a data breach notification ...