The National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) have issued a plea to network defenders to fix easy misconfiguration errors that allow threat actors to launch successful cyberattacks against their organizations.
Red and blue teams, as well as incident response teams from both agencies, identified these as the top 10 most common network configurations:
- Default configurations of software and applications
- Improper separation of user/administrator privilege
- Insufficient internal network monitoring
- Lack of network segmentation
- Poor patch management
- Bypass of system access controls
- Weak or misconfigured multifactor authentication (MFA) methods
- Insufficient access control lists (ACLs) on network shares and services
- Poor credential hygiene
- Unrestricted code execution
The agencies added that software providers need to immediately adopt principles of secure-by-design to prevent these and other misconfigurations.
“As America’s Cyber Defense Agency, CISA is charged with safeguarding our nation against ever-evolving cyber threats and to understand, manage, and reduce risk to the cyber and physical infrastructure that Americans rely on every hour of every day,” the advisory said. “Ensuring software is secure by design will help keep every organization and every American more secure.”
- SEO Powered Content & PR Distribution. Get Amplified Today.
- PlatoData.Network Vertical Generative Ai. Empower Yourself. Access Here.
- PlatoAiStream. Web3 Intelligence. Knowledge Amplified. Access Here.
- PlatoESG. Carbon, CleanTech, Energy, Environment, Solar, Waste Management. Access Here.
- PlatoHealth. Biotech and Clinical Trials Intelligence. Access Here.
- Source: https://www.darkreading.com/vulnerabilities-threats/10-routine-security-gaffes-the-feds-are-begging-you-to-fix
- :is
- $UP
- 10
- 24
- 7
- a
- access
- actors
- added
- adopt
- against
- agencies
- agency
- allow
- American
- Americans
- and
- and infrastructure
- ARE
- AS
- Authentication
- Blue
- both
- breach
- by
- charged
- code
- Common
- control
- CREDENTIAL
- cyber
- cyberattacks
- Cybersecurity
- daily
- data
- data breach
- day
- Defenders
- Defense
- delivered
- Design
- easy
- emerging
- ensuring
- Errors
- Every
- every day
- Feds
- Fix
- from
- Have
- help
- hour
- HTTPS
- identified
- immediately
- incident
- incident response
- information
- Infrastructure
- internal
- Issued
- jpg
- Keep
- latest
- launch
- Lists
- manage
- MFA
- more
- most
- MPL
- multifactor authentication
- nation
- National
- national security
- Need
- network
- of
- on
- or
- organization
- organizations
- Other
- our
- Patch
- physical
- plato
- Plato Data Intelligence
- PlatoData
- plea
- prevent
- principles
- providers
- reduce
- rely
- response
- right
- Risk
- routine
- safeguarding
- Said
- secure
- security
- Shares
- Software
- subscribe
- successful
- system
- teams
- that
- The
- their
- These
- threat
- threat actors
- threats
- to
- Trends
- understand
- Vulnerabilities
- weekly
- WELL
- will
- with
- You
- Your
- zephyrnet
