CISA urges tech manufacturers to stop using default passwords

Today, the U.S. Cybersecurity and Infrastructure Security Agency urged technology manufacturers to stop providing software and devices with default passwords.
Once discovered, threat actors can use such default credentials a backdoor to breach vulnerable devices exposed online.
Default passwords are commonly used to streamline the manufacturing process or help system administrators deploy large numbers of devices within an enterprise environment more easily.
The failure to change these default settings creates a security weakness that attackers can exploit to circumvent authentication measures, potentially compromising the security of their organization's entire network.
The U.S. cybersecurity agency advised manufacturers to provide customers with unique setup passwords tailored to each product instance as an alternative to using a singular default password across all product lines and versions.
They can implement time-limited setup passwords designed to deactivate once the setup phase concludes and prompt admins to activate more secure authentication methods, such as phishing-resistant Multi-Factor Authentication.
Another possibility involves mandating physical access for the initial setup and specifying distinct credentials for each instance.
Ten years ago, CISA issued another advisory notice highlighting the security vulnerabilities associated with default passwords.
The advisory specifically underscored the heightened risk factors to critical infrastructure and embedded systems.
Iranian hackers recently employed this approach, using a '1111' default password for Unitronics programmable logic controllers exposed online to breach U.S,.
Critical infrastructure systems, including a U.S. water facility.
Hackers breach US govt agencies using Adobe ColdFusion exploit.
CISA warns of actively exploited Windows, Sophos, and Oracle bugs.
FBI and CISA warn of opportunistic Rhysida ransomware attacks.
CISA warns of actively exploited Juniper pre-auth RCE exploit chain.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 15 Dec 2023 19:05:07 +0000

Cyber News related to CISA urges tech manufacturers to stop using default passwords

CISA urges tech manufacturers to stop using default passwords - Today, the U.S. Cybersecurity and Infrastructure Security Agency urged technology manufacturers to stop providing software and devices with default passwords. Once discovered, threat actors can use such default credentials a backdoor to breach ...
1 year ago Bleepingcomputer.com

CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
8 months ago Securityaffairs.com

CISA pledges to resolve issues with threat sharing system after watchdog report - On Friday, the Department of Homeland Security’s Office of the Inspector General published a report on Automated Indicator Sharing (AIS) — which was used to spread cyber threat intelligence and was mandated as part of a 2015 law. The nation’s ...
4 months ago Therecord.media

How Hospitals Can Help Improve Medical Device Data Security - COMMENTARY. Hospitals and medical device manufacturers must team up to help create a secure environment to protect the personal health information derived from patient monitors and other medical devices. For some time, this notion of shared ...
11 months ago Darkreading.com

CISA Secure by Design Alert Urges Manufacturers to Eliminate Default Passwords - Today, CISA published guidance on How Manufacturers Can Protect Customers by Eliminating Default Passwords as a part of our new Secure by Design Alert series. By implementing these two principles in their design, development, and delivery processes, ...
1 year ago Cisa.gov

Wearable Tech Future: Where Fashion Meets Function - From fitness trackers and smartwatches to augmented reality glasses, the future of wearable tech is full of potential. In this article, we will explore the current benefits and challenges of wearable technology, uncover its different types and ...
1 year ago Securityzap.com

CISA warns agencies of fourth flaw used in Triangulation spyware attacks - The U.S. Cybersecurity and Infrastructure Security Agency has added to its to the Known Exploited Vulnerabilities catalog six vulnerabilities that impact products from Apple, Adobe, Apache, D-Link, and Joomla. The Known Exploited Vulnerabilities ...
1 year ago Bleepingcomputer.com

Tracking Cybersecurity Progress at Industrial Companies - Although cybersecurity has become a priority at many manufacturing companies, risks have increased at the same time. To better understand how companies are addressing heightened risks, Manufacturers Alliance and Fortinet partnered to study the ...
1 year ago Feeds.fortinet.com

alpitronic Hypercharger EV Charger - RISK EVALUATION. Successful exploitation of this vulnerability could result in an attacker disabling the device, bypassing payment, or accessing payment data. If misconfigured, the charging devices can expose a web interface protected by ...
8 months ago Cisa.gov

Enabling Threat-Informed Cybersecurity: Evolving CISA's Approach to Cyber Threat Information Sharing - One of CISA's most important and enduring roles is providing timely and actionable cybersecurity information to our partners across the country. Nearly a decade ago, CISA stood up our Automated Indicator Sharing, or AIS, program to widely exchange ...
1 year ago Cisa.gov

CISA's OT Attack Response Team Understaffed: GAO - The US Government Accountability Office has conducted a study focusing on the operational technology cybersecurity products and services offered by CISA and found that some of the security agency's teams are understaffed. OT environments continue to ...
10 months ago Securityweek.com

Enzoic for AD Lite Data Shows Increase in Crucial Risk Factors - The 2023 data from Enzoic for Active Directory Lite data from 2023 offers a revealing glimpse into the current state of cybersecurity, highlighting a significant increase in risk factors that lead to data breaches. The free password auditor has been ...
1 year ago Securityboulevard.com

CISA warns of actively exploited bugs in Chrome and Excel parsing library - The U.S. Cybersecurity and Infrastructure Security Agency has added two vulnerabilities to the Known Exploited Vulnerabilities catalog, a recently patched flaw in Google Chrome and a bug affecting an open-source Perl library for reading information ...
1 year ago Bleepingcomputer.com

The most popular passwords of 2023 are easy to guess and crack - Each year, analysts at various Internet security companies release lists of the most used passwords. ADVERTISEMENT. The passwords that are on these lists may act as a warning for any Internet and electronic device user. Some common passwords have ...
1 year ago Ghacks.net

Cybersecurity Performance Goals: Assessing How CPGs Help Organizations Reduce Cyber Risk - In October 2022, CISA released the Cybersecurity Performance Goals to help organizations of all sizes and at all levels of cyber maturity become confident in their cybersecurity posture and reduce business risk. Earlier this summer, CISA outlined ...
1 year ago Cisa.gov

CISA Releases Key Risk and Vulnerability Findings for Healthcare and Public Health Sector - WASHINGTON - The Cybersecurity and Infrastructure Security Agency published a Cybersecurity Advisory, Enhancing Cyber Resilience: Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment, detailing the agency's key ...
1 year ago Cisa.gov

CISA reveals how fed agency succumbed to ColdFusion attacks The Register - CISA has released details about a federal agency that recently had at least two public-facing servers compromised by attackers exploiting a critical Adobe ColdFusion vulnerability. The vulnerability, tracked as CVE-2023-26360, was disclosed in March ...
1 year ago Go.theregister.com

LastPass now requires 12-character master passwords for better security - LastPass notified customers today that they are now required to use complex master passwords with a minimum of 12 characters to increase their accounts' security. Even though LastPass has repeatedly said that there is a 12-character master password ...
1 year ago Bleepingcomputer.com

Securing Tomorrow: A Recap of CISA's Cyber Resilient 911 Symposium - CISA's Emergency Communications Division spearheaded the Cyber Resilient 911 Program's fourth regional symposium, which included CISA Regions 5 and 7. Among the attendees were state 911 administrators, representatives from 911 centers, IT/cyber ...
8 months ago Cisa.gov

CISA Flags Gaps in Healthcare Org's Security Posture, Issues Security Guidance - The US cybersecurity agency CISA has issued cybersecurity recommendations after conducting an assessment at the request of an unnamed healthcare and public health sector organization using on-prem software. During a two-week penetration test, CISA ...
1 year ago Securityweek.com

FBI: Play ransomware breached 300 victims, including critical orgs - The Federal Bureau of Investigation says the Play ransomware gang has breached roughly 300 organizations worldwide between June 2022 and October 2023, some of them critical infrastructure entities. The warning comes as a joint advisory issued in ...
1 year ago Bleepingcomputer.com

CISA: Most critical open source projects not using memory safe code - The U.S. Cybersecurity and Infrastructure Security Agency has published research looking into 172 key open-source projects and whether they are susceptible to memory flaws. The report, cosigned by CISA, the Federal Bureau of Investigation, as well as ...
7 months ago Bleepingcomputer.com

EuroTel ETL3100 Radio Transmitter - RISK EVALUATION. Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to gain full access to the system, disclose sensitive information, or access hidden resources. EuroTel ETL3100 versions v01c01 and v01x37 does ...
1 year ago Cisa.gov

CISA confirms compromise of its Ivanti systems - CISA confirmed two of its internal systems were breached by a threat actor that exploited flaws in Ivanti products used by the U.S. cybersecurity agency. Ivanti on Jan. 10 disclosed two zero-day vulnerabilities that were under exploitation by a ...
10 months ago Techtarget.com

Optigo Networks ONS-S8 Spectra Aggregation Switch | CISA - CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial ...
4 months ago Cisa.gov

Latest Cyber News

CVE-2025-24982 - 5 hours ago
CVE-2025-22475 - 7 hours ago
CVE-2025-1003 - 10 hours ago
CVE-2025-0148 - 11 hours ago
CVE-2025-24957 - 12 hours ago
CVE-2025-24958 - 12 hours ago
CVE-2025-22129 - 12 hours ago
CVE-2025-23210 - 12 hours ago
CVE-2025-24029 - 12 hours ago
CVE-2025-24371 - 12 hours ago
CVE-2025-24901 - 12 hours ago
CVE-2025-24902 - 12 hours ago
CVE-2025-24905 - 12 hours ago
CVE-2025-24906 - 12 hours ago
CVE-2024-35177 - 12 hours ago
CVE-2024-47770 - 12 hours ago
CVE-2025-24960 - 13 hours ago
CVE-2025-24961 - 13 hours ago
CVE-2025-24962 - 13 hours ago
CVE-2025-22918 - 13 hours ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

CVE-2024-20141 - 1 day ago
CVE-2024-20142 - 1 day ago
CVE-2024-20147 - 1 day ago
CVE-2025-20631 - 1 day ago
CVE-2025-20632 - 1 day ago
CVE-2025-20633 - 1 day ago
CVE-2025-20634 - 1 day ago
CVE-2025-20635 - 1 day ago
CVE-2025-20636 - 1 day ago
CVE-2025-20637 - 1 day ago
CVE-2025-20638 - 1 day ago
CVE-2025-20639 - 1 day ago
CVE-2025-20640 - 1 day ago
CVE-2025-20641 - 1 day ago
CVE-2025-20642 - 1 day ago
CVE-2025-20643 - 1 day ago
CVE-2025-25062 - 1 day ago
CVE-2025-25063 - 1 day ago
CVE-2024-57966 - 1 day ago
CVE-2024-13347 - 1 day ago