FBI and NSA say: Stop doing these 10 things that let the hackers in
Enable multi-factor authentication, patch your software, and deploy a VPN, but configure them securely, the US government and allies warn. Cyber attackers regularly exploit unpatched software vulnerabilities, but they "routinely" target security misconfigurations for initial access, so the US Cybersecurity and Infrastructure Security Agency (CISA) and its peers have created a to-do list for defenders in today's heightened threat environment. CISA, the FBI and National Security Agency (NSA), as well as cybersecurity authorities from Canada, New Zealand, the Netherlands, and the UK, have compiled a list of the main weak security controls, poor configurations, and poor security practices that defenders should implement to thwart initial access. It also contains the authorities' collective recommended mitigations. "Cyber actors routinely exploit poor security configurations (either misconfigured or left unsecured), weak controls, and other poor cyber hygiene pra...
