CISA Urges Manufacturers Eliminate Default Passwords to Thwart Cyber Threats


Manufacturers are being urged by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to completely remove default passwords from systems that are exposed to the internet. The agency cites serious dangers that might be used by hostile actors to obtain initial access to an organization and move laterally inside it.

The CIA denounced Iranian threat actors connected to the Islamic Revolutionary Guard Corps (IRGC) in a warning released last week for using operational technology devices that have default passwords to access vital infrastructure systems in the United States.

Default passwords are the factory default software configurations for embedded systems, appliances, and devices that are same across all systems in a vendor’s product range and usually publicly disclosed.

Read More…