CyberSecurityBoard
Sponsor Register Login

CISA urges tech manufacturers to stop using default passwords

Today, the U.S. Cybersecurity and Infrastructure Security Agency urged technology manufacturers to stop providing software and devices with default passwords.
Once discovered, threat actors can use such default credentials a backdoor to breach vulnerable devices exposed online.
Default passwords are commonly used to streamline the manufacturing process or help system administrators deploy large numbers of devices within an enterprise environment more easily.
The failure to change these default settings creates a security weakness that attackers can exploit to circumvent authentication measures, potentially compromising the security of their organization's entire network.
The U.S. cybersecurity agency advised manufacturers to provide customers with unique setup passwords tailored to each product instance as an alternative to using a singular default password across all product lines and versions.
They can implement time-limited setup passwords designed to deactivate once the setup phase concludes and prompt admins to activate more secure authentication methods, such as phishing-resistant Multi-Factor Authentication.
Another possibility involves mandating physical access for the initial setup and specifying distinct credentials for each instance.
Ten years ago, CISA issued another advisory notice highlighting the security vulnerabilities associated with default passwords.
The advisory specifically underscored the heightened risk factors to critical infrastructure and embedded systems.
Iranian hackers recently employed this approach, using a '1111' default password for Unitronics programmable logic controllers exposed online to breach U.S,.
Critical infrastructure systems, including a U.S. water facility.
Hackers breach US govt agencies using Adobe ColdFusion exploit.
CISA warns of actively exploited Windows, Sophos, and Oracle bugs.
FBI and CISA warn of opportunistic Rhysida ransomware attacks.
CISA warns of actively exploited Juniper pre-auth RCE exploit chain.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 15 Dec 2023 19:05:07 +0000


Cyber News related to CISA urges tech manufacturers to stop using default passwords

CISA urges tech manufacturers to stop using default passwords - Today, the U.S. Cybersecurity and Infrastructure Security Agency urged technology manufacturers to stop providing software and devices with default passwords. Once discovered, threat actors can use such default credentials a backdoor to breach ...
6 months ago Bleepingcomputer.com
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
1 month ago Securityaffairs.com
Wearable Tech Future: Where Fashion Meets Function - From fitness trackers and smartwatches to augmented reality glasses, the future of wearable tech is full of potential. In this article, we will explore the current benefits and challenges of wearable technology, uncover its different types and ...
7 months ago Securityzap.com
How Hospitals Can Help Improve Medical Device Data Security - COMMENTARY. Hospitals and medical device manufacturers must team up to help create a secure environment to protect the personal health information derived from patient monitors and other medical devices. For some time, this notion of shared ...
4 months ago Darkreading.com
CISA Secure by Design Alert Urges Manufacturers to Eliminate Default Passwords - Today, CISA published guidance on How Manufacturers Can Protect Customers by Eliminating Default Passwords as a part of our new Secure by Design Alert series. By implementing these two principles in their design, development, and delivery processes, ...
6 months ago Cisa.gov
CISA warns agencies of fourth flaw used in Triangulation spyware attacks - The U.S. Cybersecurity and Infrastructure Security Agency has added to its to the Known Exploited Vulnerabilities catalog six vulnerabilities that impact products from Apple, Adobe, Apache, D-Link, and Joomla. The Known Exploited Vulnerabilities ...
5 months ago Bleepingcomputer.com
alpitronic Hypercharger EV Charger - RISK EVALUATION. Successful exploitation of this vulnerability could result in an attacker disabling the device, bypassing payment, or accessing payment data. If misconfigured, the charging devices can expose a web interface protected by ...
1 month ago Cisa.gov
Enabling Threat-Informed Cybersecurity: Evolving CISA's Approach to Cyber Threat Information Sharing - One of CISA's most important and enduring roles is providing timely and actionable cybersecurity information to our partners across the country. Nearly a decade ago, CISA stood up our Automated Indicator Sharing, or AIS, program to widely exchange ...
6 months ago Cisa.gov
CISA's OT Attack Response Team Understaffed: GAO - The US Government Accountability Office has conducted a study focusing on the operational technology cybersecurity products and services offered by CISA and found that some of the security agency's teams are understaffed. OT environments continue to ...
3 months ago Securityweek.com
Tracking Cybersecurity Progress at Industrial Companies - Although cybersecurity has become a priority at many manufacturing companies, risks have increased at the same time. To better understand how companies are addressing heightened risks, Manufacturers Alliance and Fortinet partnered to study the ...
7 months ago Feeds.fortinet.com
Enzoic for AD Lite Data Shows Increase in Crucial Risk Factors - The 2023 data from Enzoic for Active Directory Lite data from 2023 offers a revealing glimpse into the current state of cybersecurity, highlighting a significant increase in risk factors that lead to data breaches. The free password auditor has been ...
5 months ago Securityboulevard.com
CISA warns of actively exploited bugs in Chrome and Excel parsing library - The U.S. Cybersecurity and Infrastructure Security Agency has added two vulnerabilities to the Known Exploited Vulnerabilities catalog, a recently patched flaw in Google Chrome and a bug affecting an open-source Perl library for reading information ...
6 months ago Bleepingcomputer.com
The most popular passwords of 2023 are easy to guess and crack - Each year, analysts at various Internet security companies release lists of the most used passwords. ADVERTISEMENT. The passwords that are on these lists may act as a warning for any Internet and electronic device user. Some common passwords have ...
6 months ago Ghacks.net
Cybersecurity Performance Goals: Assessing How CPGs Help Organizations Reduce Cyber Risk - In October 2022, CISA released the Cybersecurity Performance Goals to help organizations of all sizes and at all levels of cyber maturity become confident in their cybersecurity posture and reduce business risk. Earlier this summer, CISA outlined ...
7 months ago Cisa.gov
CISA Releases Key Risk and Vulnerability Findings for Healthcare and Public Health Sector - WASHINGTON - The Cybersecurity and Infrastructure Security Agency published a Cybersecurity Advisory, Enhancing Cyber Resilience: Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment, detailing the agency's key ...
6 months ago Cisa.gov
CISA reveals how fed agency succumbed to ColdFusion attacks The Register - CISA has released details about a federal agency that recently had at least two public-facing servers compromised by attackers exploiting a critical Adobe ColdFusion vulnerability. The vulnerability, tracked as CVE-2023-26360, was disclosed in March ...
7 months ago Go.theregister.com
LastPass now requires 12-character master passwords for better security - LastPass notified customers today that they are now required to use complex master passwords with a minimum of 12 characters to increase their accounts' security. Even though LastPass has repeatedly said that there is a 12-character master password ...
6 months ago Bleepingcomputer.com
Securing Tomorrow: A Recap of CISA's Cyber Resilient 911 Symposium - CISA's Emergency Communications Division spearheaded the Cyber Resilient 911 Program's fourth regional symposium, which included CISA Regions 5 and 7. Among the attendees were state 911 administrators, representatives from 911 centers, IT/cyber ...
1 month ago Cisa.gov
CISA Flags Gaps in Healthcare Org's Security Posture, Issues Security Guidance - The US cybersecurity agency CISA has issued cybersecurity recommendations after conducting an assessment at the request of an unnamed healthcare and public health sector organization using on-prem software. During a two-week penetration test, CISA ...
6 months ago Securityweek.com
FBI: Play ransomware breached 300 victims, including critical orgs - The Federal Bureau of Investigation says the Play ransomware gang has breached roughly 300 organizations worldwide between June 2022 and October 2023, some of them critical infrastructure entities. The warning comes as a joint advisory issued in ...
6 months ago Bleepingcomputer.com
CISA: Most critical open source projects not using memory safe code - The U.S. Cybersecurity and Infrastructure Security Agency has published research looking into 172 key open-source projects and whether they are susceptible to memory flaws. The report, cosigned by CISA, the Federal Bureau of Investigation, as well as ...
1 week ago Bleepingcomputer.com
Internationalizing Efforts to Counter Tech Support Scams - The Central Bureau of Investigation, India's federal enforcement agency, recently conducted a series of criminal raids against illegal call centers across the country in an attempt to clamp down on tech support fraud. These raids were the result of a ...
7 months ago Darkreading.com
CVE-2017-12757 - Certain Ambit Technologies Pvt. Ltd products are affected by: SQL Injection. This affects iTech B2B Script 4.42i and Tech Business Networking Script 8.26i and Tech Caregiver Script 2.71i and Tech Classifieds Script 7.41i and Tech Dating Script 3.40i ...
5 years ago
EuroTel ETL3100 Radio Transmitter - RISK EVALUATION. Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to gain full access to the system, disclose sensitive information, or access hidden resources. EuroTel ETL3100 versions v01c01 and v01x37 does ...
6 months ago Cisa.gov
CISA confirms compromise of its Ivanti systems - CISA confirmed two of its internal systems were breached by a threat actor that exploited flaws in Ivanti products used by the U.S. cybersecurity agency. Ivanti on Jan. 10 disclosed two zero-day vulnerabilities that were under exploitation by a ...
3 months ago Techtarget.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)