Security News > 2023 > October > CISA reveals 'Admin123' as top security threat in cyber sloppiness chart

The US Cybersecurity and Infrastructure Security Agency and the National Security Agency are blaming unchanged default credentials as the prime security misconfiguration that leads to cyberattacks.

The misconfigurations in the CSA illustrate a trend of systemic weaknesses in many large organizations, including those with mature cyber postures, and highlights the importance of software manufacturers embracing secure-by-design principles to reduce the burden on network defenders.

On the topic of network monitoring, insufficient configuration of these tools is also deemed a serious risk to security, especially when host and network sensors aren't properly set up for traffic collection and end-host logging.

Organizations can benefit from host-based monitoring's ability to flag potentially malicious activity on a single host, but network monitoring alerts to suspicious activity that moves laterally across the network.

Weak or misconfigured multifactor authentication methods Insufficient access control lists on network shares and services Poor credential hygiene Unrestricted code execution US stays staunch on security by design.

The National Defense Authorization Act for fiscal 2023 has passed the House of Representatives but is yet to be formally approved as a law in the US. The bill, which if left unchanged would prohibit the Department of Homeland Security from buying software with any known vulnerabilities in it at all, caused quite a stir last year when it was proposed, dividing the opinions of leading infosec experts working in the field.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/10/06/cisa_top_10_misconfigurations/