CISA, NSA, and ODNI Release Part One of Guidance on Securing the Software Supply Chain

by | Sep 2, 2022 | Security, Technology

This article is contributed. See the original author and article here.

CISA, the National Security Agency (NSA), and the Office of the Director of National Intelligence (ODNI), have published part one of a three-part joint publication series, Securing Software Supply Chain Series – Recommended Practices for Developers. This guidance—created by the Enduring Security Framework (ESF), a public-private cross-sector working group led by the NSA and CISA—focuses on software developers and provides suggested practices to ensure a more secure software supply chain.

CISA encourages acquiring organizations, software suppliers, and network operators to review the guidance and consider the recommendations. See CISA’s ICT Supply Chain Risk Management Task Force, ICT Supply Chain Resource Library, National Risk Management Center (NRMC) webpages for more information.

Apple Releases Security Updates for Multiple Products

by | Sep 1, 2022 | Security, Technology

This article is contributed. See the original author and article here.

Apple has released security updates to address a vulnerability (CVE-2022-32893) in iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation). Exploitation of this vulnerability could allow an attacker to take control of affected device.

CISA encourages users and administrators to review Apple’s advisory HT213428 and apply necessary updates.