CISA urges device makers to stop using default passwords

CyberScoop reports that tech manufacturers have been urged by the Cybersecurity and Infrastructure Security Agency to remove default passwords from their software and devices following the widespread exploitation of Unitronics' programmable logic controllers that impacted water utilities across the U.S. "Studies by CISA show that the use of default credentials, such as passwords, is a top weakness that threat actors exploit to gain access to systems, including those within U.S. critical infrastructure," said CISA. Such an alert comes just days after the agency, along with Office of the Director of National Intelligence and the National Security Agency, provided secure-by-design guidance for the development of open source software in a bid to strengthen the cybersecurity of the software supply chain. "Software incorporated and/or utilized through open source may have embedded issues. It is imperative that we pay close attention to how these modules are bundled with the software at release," said the agencies.