itbrew.com

Ransomware tactics are developing as data-only extortion rises and AI, open-source tools, and vendor integrations expand the attack surface. Join us for a breakdown of what’s actually changing, where risks are emerging, and how IT leaders can strengthen defenses before incidents spiral.

Trend Watch: The Latest in Ransomware and What That Means for IT Teams

Billy Hurley

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

IT Brew

Hey there, this made me think of you. I read IT Brew to ensure I’m up to date on the latest industry news and trends…I love it and thought you would too. It’s completely free, plus it only takes 5 minutes to read. Subscribe using my personal invite link below to get IT Brew directly to your inbox.

IT Brew is a newsletter that delivers the latest news and analysis of trends shaping the IT industry. Sign up here:

CISA says default passwords like “1111” need at least a few more special characters.

 issued December 15, the agency offered “secure by design” recommendations for tech manufacturers, especially those making programmable logic controllers (PLCs)—devices that cyber attackers have targeted to compromise waste and water-system facilities.

CISA’s main plea for technology developers: “eliminate default passwords in the design, release, and update of all products.”

Threat actors, “including Islamic Revolutionary Guard Corps (IRGC)-affiliated actors,” have compromised critical US infrastructure systems by targeting operational technology (OT) products, which frequently have “passwords set to a static default,” CISA warned.

For technology manufacturers, CISA recommended:

Time-limited, self-disabling passwords that require activation of more secure authentication after initial setup.

Physical-access requirements for the beginning of implementation

Factory-default passwords can be found on publicly available online lists and product documentation.

, NSA and CISA incident-response teams identified “default configurations of software and applications” as the top-most “common network misconfigurations.”

This isn’t the first time CISA has warned about hardcoded default credentials. “Change default passwords as soon as possible and absolutely before deploying the system on an untrusted network such as the internet,” the agency advised 

A more recent urging in December announced that the Iran-affiliated “CyberAv3ngers” group is actively targeting and compromising Israeli-made Unitronics Vision Series PLCs “that are publicly exposed to the internet, through the 

“The use of widely known default passwords is unacceptable given the current threat environment,” CISA’s most recent advisory said.

CIA urges ‘secure by design’ elimination of factory-default passwords

The agency recommended physical access requirements for initial setup and time-limited credentials.

Billy Hurley

Top insights for IT pros

Billy Hurley

Top insights for IT pros