• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Western Allies Warn of Top Cyber-Attack Mistakes

You are here: Home / General Cyber Security News / Western Allies Warn of Top Cyber-Attack Mistakes
May 18, 2022

​

The security businesses of five countries have outlined 10 of the most typical ways threat actors compromise their victims, most of which can be mitigated by basic cyber-hygiene most effective tactics.

The notify comes from the cybersecurity authorities of the US, Canada, New Zealand, the Netherlands and the UK.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


It focuses on weak security controls, lousy configurations and sub-par security practices. Lots of of these relate to logins, together with a deficiency of multi-factor authentication (MFA) use of default logins and usernames an absence of powerful password policies and faults inside of entry manage lists.

Unpatched software program is also detailed, as is a absence of sufficient security controls utilized to remote entry companies like VPNs. In quite a few cases, MFA, firewalls and intrusion detection/avoidance (IDS/IPS) are not used to these devices, the inform claimed.

Misconfigured cloud solutions, open ports and misconfigured significant-risk products and services this kind of as SMB, RDP, Telnet and NetBIOS also pose a substantial risk to businesses.

Eventually, failures to detect and block phishing attempts and poor endpoint detection and response were being highlighted as opening the doorway to attackers.

The security organizations encouraged businesses to get the adhering to mitigation steps:

  • Regulate accessibility by adopting a zero belief product and other steps.
  • Implement credential hardening, including MFA.
  • Set up centralized log management to strengthen danger detection.
  • Deploy anti-malware on workstations and frequently keep track of scan effects.
  • Deploy detection resources on the endpoint, network and in the cloud, along with vulnerability scanning.
  • Maintain arduous configuration administration systems.
  • Apply a software package and patch administration system.

Security gurus welcomed the assistance. Mike Newman, CEO of My1Login, argued that it delivers “great intelligence” for corporations.

“The advisory also highlights just how regularly weak passwords and user qualifications show up in attacker exploits,” he additional.

“Whether it be through exploiting default passwords, phishing, guessing insecure passwords, a failure to deploy MFA, or employing stolen login credentials, passwords are clearly a key enabler at the rear of many cyber-attack situations.”


Some areas of this post are sourced from:
www.infosecurity-journal.com

Previous Post: «malwarebytes hires new channel chief to lead msp and partner Malwarebytes hires new channel chief to lead MSP and partner network
Next Post: Deliver a modernised end-user experience that pays for itself deliver a modernised end user experience that pays for itself»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • CISA Unveils Ransomware Notification Initiative
  • WooCommerce Patches Critical Plugin Flaw Affecting Half a Million Sites
  • GitHub Updates Security Protocol For Operations Over SSH
  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet

Copyright © TheCyberSecurity.News, All Rights Reserved.