These errors can leave networks vulnerable to cyber threats. This advisory also describes the tactics, techniques, and procedures (TTPs) that attackers use to exploit these issues.
The top ten errors include default software configurations, inadequate separation of user and administrator rights, inadequate internal network monitoring, lack of network segmentation, ineffective patch management, bypassing system access controls, weak or misconfigured multi-factor authentication methods, inadequate access control. lists of network resources and services, poor hygiene of credentials, and unlimited code execution.
To mitigate these risks, NSA and CISA recommend actions such as disabling unused services, regularly patching known vulnerabilities, and monitoring administrator accounts and privileges.
They also encourage software makers to prioritize security by design and use standard practices, including eliminating default passwords, providing audit trails, and requiring multi-factor authentication.
This recommendation letter aims to increase the level of cyber security and reduce the possibility of cyber attacks.
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
