Many software manufacturers and service providers deploy software and configuration updates as part of their service offerings. These updates may enhance features and/or address security vulnerabilities to provide benefits and security to customers.
However, software and the systems that deploy software are highly complex and continually evolving, making it challenging to deploy secure updates. It is critical for all software manufacturers to implement a safe software deployment program supported by verified processes, including robust testing and measurements. The program should support and enhance both the security and quality of the product and deployment environment. This guide, authored by the Cybersecurity and Infrastructure Security Agency (CISA) and partners, encourages software manufacturers to establish a safe software deployment program as part of their software development lifecycle (SDLC).
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- Scammers Exploit 2024 US General Election to Perpetrate Multiple Fraud Schemes
October 29, 2024
The FBI is warning the public about scammers exploiting the 2024 US General election to perpetrate multiple types of financial fraud schemes. These scams target victims across the United States and have previously exploited state and local elections for similar scams. Scammers use the names, images, logos, and slogans of candidates to fraudulently solicit campaign contributions, ...
- 100 million people hit in largest healthcare data breach in history – medical info, SSNs and more
October 26, 2024
More than 100 million people had their personal information and healthcare data stolen in the massive UnitedHealth ransomware attack earlier this year, making it the largest healthcare data breach in the country. After completing its investigation into February’s data breach, the US Department of Health and Human Services said this week that roughly a third of ...
- Safe Software Deployment: How Software Manufacturers Can Ensure Reliability for Customers
October 24, 2024
Many software manufacturers and service providers deploy software and configuration updates as part of their service offerings. These updates may enhance features and/or address security vulnerabilities to provide benefits and security to customers. However, software and the systems that deploy software are highly complex and continually evolving, making it challenging to deploy secure updates. It is ...
- U.S. Investigating Intelligence Leak About Israel’s Plans for Attacking Iran
October 20, 2024
The U.S. is investigating the leak of top-secret American documents that show Israel military preparations for an expected strike on Iran, U.S. officials said Sunday. The two leaked reports were prepared last week by the National Geospatial-Intelligence Agency, which analyzes imagery gathered by American reconnaissance satellites and other intelligence. Neither document indicates Israel’s potential targets, and ...
- China again claims Volt Typhoon cyber-attack crew was invented by the US to discredit it
October 15, 2024
Chinese authorities have published another set of allegations that assert the Volt Typhoon cyber-crew is an invention of the US and its allies, and not a crew run by Beijing. Published on Monday in five languages, a document titled “Lie to Me: Volt Typhoon III – Unravelling Cyberespionage and Disinformation Operations Conducted by US Government Agencies” ...
- Over 77,000 customers’ personal information is exposed in Fidelity Investments data breach
October 12, 2024
Fidelity Investments reported in a filing with Maine’s attorney general that an unnamed third party accessed information from its systems using two recently established customer accounts. It did not say how the creation of two Fidelity customer accounts allowed access to the data of thousands of other customers. The breach occurred between Aug. 17 and 19 ...