Security News > 2023 > October > CISA reveals 'Admin123' as top security threat in cyber sloppiness chart

The US Cybersecurity and Infrastructure Security Agency and the National Security Agency are blaming unchanged default credentials as the prime security misconfiguration that leads to cyberattacks.
The misconfigurations in the CSA illustrate a trend of systemic weaknesses in many large organizations, including those with mature cyber postures, and highlights the importance of software manufacturers embracing secure-by-design principles to reduce the burden on network defenders.
On the topic of network monitoring, insufficient configuration of these tools is also deemed a serious risk to security, especially when host and network sensors aren't properly set up for traffic collection and end-host logging.
Organizations can benefit from host-based monitoring's ability to flag potentially malicious activity on a single host, but network monitoring alerts to suspicious activity that moves laterally across the network.
Weak or misconfigured multifactor authentication methods Insufficient access control lists on network shares and services Poor credential hygiene Unrestricted code execution US stays staunch on security by design.
The National Defense Authorization Act for fiscal 2023 has passed the House of Representatives but is yet to be formally approved as a law in the US. The bill, which if left unchanged would prohibit the Department of Homeland Security from buying software with any known vulnerabilities in it at all, caused quite a stir last year when it was proposed, dividing the opinions of leading infosec experts working in the field.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/10/06/cisa_top_10_misconfigurations/
Related news
- Inconsistent security strategies fuel third-party threats (source)
- Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA (source)
- DHS says CISA will not stop monitoring Russian cyber threats (source)
- AI threats and workforce shortages put pressure on security leaders (source)
- FCC stands up Council on National Security to fight China in ways that CISA used to (source)
- CISA fires, now rehires and immediately benches security crew on full pay (source)
- 5 Identity Threat Detection & Response Must-Haves for Super SaaS Security (source)