CISA nudges makers: bid farewell to default passwords.

December 18, 2023
1 min read

The US Cybersecurity and Infrastructure Security Agency (CISA) has urged manufacturers to stop using default passwords on internet-exposed systems due to the threat posed by malicious actors. The organization highlighted a recent incident in which Iranian threat actors used default passwords to gain access to critical systems. Since default passwords are regularly identical across a vendor’s product line and publicly documented, they can easily be exploited by threat actors.

  • CISA recommends manufacturers apply secure by design principles, such as providing unique setup passwords or disabling default passwords after a set period.
  • Enabling phishing-resistant multi-factor authentication methods and performing field tests to comprehend consumer product deployment are also suggested measures by CISA.
  • The organization joined forces with the FBI, NSA, Polish Military Counterintelligence Service, CERT Polska, and the UK’s National Cyber Security Centre to release an advisory warning of Russian Foreign Intelligence Service-related threats exploiting CVE-2023-42793 “at a large scale”.
  • The NSA, Office of the Director of National Intelligence (ODNI), and CISA have jointly published practices to improve software supply chain security and management of open-source software.

Ahead of Western elections in 2024, the agencies anticipate a rise in cyberattacks. Additionally, the UK has accused Russia’s Security Service, the FSB, of conducting a ongoing cyber-hacking campaign against politicians and public figures.

The warning from CISA is a critical reminder for organizations to maintain up-to-date security practices and mitigate the risks of potential exploits and cyberattacks.

Latest from Blog

Top CISA official looks back on four years of cyber work

TLDR: Eric Goldstein, a top official at CISA, reflects on progress made in cybersecurity during his tenure. Key achievements include understanding cyber risks, collaboration with industry, and encouraging secure product development. Eric

Juggling AI cybersecurity highs and lows

TLDR: At the 2024 MIT Sloan CIO Symposium, industry leaders discussed the challenge of balancing AI’s benefits with its security risks, particularly focusing on generative AI. While generative AI can bring benefits

Get your free Cyber Security eBook now Valued at $169

“`html TLDR: Key Points: Claim your complimentary eBook worth $169 for free before May 22. The eBook covers practical applications of cyber security and network security for professionals, engineers, scientists, and students.