"CISA Urges Manufacturers Eliminate Default Passwords to Thwart Cyber Threats"

The US Cybersecurity and Infrastructure Security Agency (CISA) urges manufacturers to eliminate default passwords on Internet-connected systems, citing serious risks that malicious actors could exploit to gain initial access to and move laterally within organizations. In a recent alert, the agency said Iranian threat actors affiliated with the Islamic Revolutionary Guard Corps (IRGC) have gained access to critical infrastructure systems in the US by exploiting Operational Technology (OT) devices with default passwords. Default passwords are factory default software configurations for embedded systems, devices, and appliances that are typically publicly documented and consistent across all systems in a vendor's product line. Therefore, threat actors could use tools such as Shodan to scan for Internet-exposed endpoints and attempt to breach them using default passwords. This article continues to discuss CISA's recent alert to manufacturers. 

THN reports "CISA Urges Manufacturers Eliminate Default Passwords to Thwart Cyber Threats"

Submitted by grigby1