CyberSecurityBoard
Sponsor Register Login

CISA Secure by Design Alert Urges Manufacturers to Eliminate Default Passwords

Today, CISA published guidance on How Manufacturers Can Protect Customers by Eliminating Default Passwords as a part of our new Secure by Design Alert series.
By implementing these two principles in their design, development, and delivery processes, software manufactures will prevent exploitation of static default passwords in their customers' systems.
CISA urges technology manufacturers to read and implement the guidance in this second SbD Alert in our new series that focuses on how vendor decisions can reduce harm at a global scale.


This Cyber News was published on www.cisa.gov. Publication date: Fri, 15 Dec 2023 15:43:04 +0000


Cyber News related to CISA Secure by Design Alert Urges Manufacturers to Eliminate Default Passwords

Cybersecurity for Art and Design Schools - In the digital age, art and design schools face unique cybersecurity challenges. This article aims to shed light on the importance of cybersecurity in art and design schools and provide insights into safeguarding digital portfolios and ensuring ...
1 year ago Securityzap.com
CISA Secure by Design Alert Urges Manufacturers to Eliminate Default Passwords - Today, CISA published guidance on How Manufacturers Can Protect Customers by Eliminating Default Passwords as a part of our new Secure by Design Alert series. By implementing these two principles in their design, development, and delivery processes, ...
1 year ago Cisa.gov
CISA Issues Request For Information on Secure by Design Software Whitepaper - WASHINGTON - Today, the Cybersecurity and Infrastructure Security Agency published a Request for Information from all interested parties on secure by design software practices, including the Shifting the Balance of Cybersecurity Risk: Principles and ...
1 year ago Cisa.gov
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
8 months ago Securityaffairs.com
CISA urges tech manufacturers to stop using default passwords - Today, the U.S. Cybersecurity and Infrastructure Security Agency urged technology manufacturers to stop providing software and devices with default passwords. Once discovered, threat actors can use such default credentials a backdoor to breach ...
1 year ago Bleepingcomputer.com
Categorically Unsafe Software - We've had many people ask us why we urge software manufacturers to eliminate entire classes of defect like cross-site scripting, SQL injection, directory traversal, and memory unsafety, as called for in our Secure by Design Pledge. While it might ...
8 months ago Cisa.gov
How Hospitals Can Help Improve Medical Device Data Security - COMMENTARY. Hospitals and medical device manufacturers must team up to help create a secure environment to protect the personal health information derived from patient monitors and other medical devices. For some time, this notion of shared ...
11 months ago Darkreading.com
CISA pledges to resolve issues with threat sharing system after watchdog report - On Friday, the Department of Homeland Security’s Office of the Inspector General published a report on Automated Indicator Sharing (AIS) — which was used to spread cyber threat intelligence and was mandated as part of a 2015 law. The nation’s ...
4 months ago Therecord.media
'Secure by design' makes waves at RSA Conference 2024 - Secure by design refers to the principle that software should be developed with security in mind through established development frameworks and best practices. Though the concept is far from new, the approach has been featured in multiple different ...
8 months ago Techtarget.com
CISA, NSA, FBI and International Cybersecurity Authorities Publish Guide on The Case for Memory Safe Roadmaps - Guide encourages software manufacturesto address memory safety vulnerabilities and implement secure by design principles. WASHINGTON - Today, the Cybersecurity and Infrastructure Security Agency, in partnership with the National Security Agency, ...
1 year ago Cisa.gov
CISA Releases Key Risk and Vulnerability Findings for Healthcare and Public Health Sector - WASHINGTON - The Cybersecurity and Infrastructure Security Agency published a Cybersecurity Advisory, Enhancing Cyber Resilience: Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment, detailing the agency's key ...
1 year ago Cisa.gov
ASD's ACSC, CISA, and Partners Release Secure by Design Guidance on Choosing Secure and Verifiable Technologies - This guidance was crafted to provide organizations with secure by design considerations when procuring digital products and services. The guidance contains a range of internal and external considerations and offers sample questions to leverage at ...
8 months ago Cisa.gov
CISA's OT Attack Response Team Understaffed: GAO - The US Government Accountability Office has conducted a study focusing on the operational technology cybersecurity products and services offered by CISA and found that some of the security agency's teams are understaffed. OT environments continue to ...
10 months ago Securityweek.com
GenAI development should follow secure-by-design principles - Given how dangerous the gold rush was and how long it took to incorporate safety measures, the time is now for organizations using GenAI to follow secure-by-design principles and follow CISA's example. Beyond writing faux movie scripts and passing ...
1 year ago Techtarget.com
CISA Releases Joint Guide for Software Manufacturers: The Case for Memory Safe Roadmaps - Malicious cyber actors routinely exploit memory safety vulnerabilities, which are common coding errors and the most prevalent type of disclosed software vulnerability. Preventing and responding to these vulnerabilities cost both software ...
1 year ago Cisa.gov
Enabling Threat-Informed Cybersecurity: Evolving CISA's Approach to Cyber Threat Information Sharing - One of CISA's most important and enduring roles is providing timely and actionable cybersecurity information to our partners across the country. Nearly a decade ago, CISA stood up our Automated Indicator Sharing, or AIS, program to widely exchange ...
1 year ago Cisa.gov
alpitronic Hypercharger EV Charger - RISK EVALUATION. Successful exploitation of this vulnerability could result in an attacker disabling the device, bypassing payment, or accessing payment data. If misconfigured, the charging devices can expose a web interface protected by ...
8 months ago Cisa.gov
The most popular passwords of 2023 are easy to guess and crack - Each year, analysts at various Internet security companies release lists of the most used passwords. ADVERTISEMENT. The passwords that are on these lists may act as a warning for any Internet and electronic device user. Some common passwords have ...
1 year ago Ghacks.net
Tracking Cybersecurity Progress at Industrial Companies - Although cybersecurity has become a priority at many manufacturing companies, risks have increased at the same time. To better understand how companies are addressing heightened risks, Manufacturers Alliance and Fortinet partnered to study the ...
1 year ago Feeds.fortinet.com
Enzoic for AD Lite Data Shows Increase in Crucial Risk Factors - The 2023 data from Enzoic for Active Directory Lite data from 2023 offers a revealing glimpse into the current state of cybersecurity, highlighting a significant increase in risk factors that lead to data breaches. The free password auditor has been ...
1 year ago Securityboulevard.com
Securing Tomorrow: A Recap of CISA's Cyber Resilient 911 Symposium - CISA's Emergency Communications Division spearheaded the Cyber Resilient 911 Program's fourth regional symposium, which included CISA Regions 5 and 7. Among the attendees were state 911 administrators, representatives from 911 centers, IT/cyber ...
8 months ago Cisa.gov
CISA Seeks Public Comment on Newly Developed Secure Configuration Baselines for Google Workspace - As federal civilian agencies continue to modernize IT enterprises, increased reliance on cloud services, platform services, and external providers has introduced new types of risks. Recent threat activity from groups such as Storm-0558 have ...
1 year ago Cisa.gov
Cybersecurity Performance Goals: Assessing How CPGs Help Organizations Reduce Cyber Risk - In October 2022, CISA released the Cybersecurity Performance Goals to help organizations of all sizes and at all levels of cyber maturity become confident in their cybersecurity posture and reduce business risk. Earlier this summer, CISA outlined ...
1 year ago Cisa.gov
Open Design Alliance Drawing SDK - RISK EVALUATION. Successful exploitation of this vulnerability could allow remote attackers to disclose sensitive information on affected installations of ODA Drawing SDK. 3. Open Design Alliance's Drawing SDK prior to Version 2024.1 is vulnerable to ...
1 year ago Cisa.gov
CISA, NCSC Offer a Road Map, Not Rules, in New Secure AI Guidelines - The Guidelines - co-sealed by 23 domestic and international cybersecurity organizations - build on ongoing White House efforts to mitigate AI risk and the secure-by-design philosophy. They provide an outline for building security into AI systems, but ...
1 year ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)