10 Routine Security Gaffes the Feds Are Begging You to Fix

  /     /     /  
Publicated : 23/11/2024   Category : security

10 Routine Security Gaffes the Feds Are Begging You to Fix


Here are the most common misconfigurations plaguing large organizations, according to a new joint cybersecurity advisory.


The National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) have issued a plea to network defenders to fix easy misconfiguration errors that allow threat actors to launch successful cyberattacks against their organizations.
Red and blue teams, as well as incident response teams from both agencies, identified these as the
top 10 most common network configurations:
Default configurations of software and applications
Improper separation of user/administrator privilege
Insufficient internal network monitoring
Lack of network segmentation
Poor patch management
Bypass of system access controls
Weak or misconfigured multifactor authentication (MFA) methods
Insufficient access control lists (ACLs) on network shares and services
Poor credential hygiene
Unrestricted code execution
The agencies added that software providers need to immediately adopt principles of secure-by-design to prevent these and other
misconfigurations
.
As America’s Cyber Defense Agency, CISA is charged with safeguarding our nation against ever-evolving cyber threats and to understand, manage, and reduce risk to the cyber and physical infrastructure that Americans rely on every hour of every day, the
advisory
said. Ensuring software is secure by design will help keep every organization and every American more secure.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
10 Routine Security Gaffes the Feds Are Begging You to Fix