US regulators have done little to address firmware vulnerabilities, think tank argues
Firmware vulnerabilities in devices are frequently exposed to security risks but have not received enough attention from lawmakers and federal officials.
Firmware-linked cyberattacks are often harder to detect and remove compared to software cyberattacks. [ more ]
CISA urges vendors to get rid of default passwords
The Cybersecurity and Infrastructure Security Agency is urging vendors to eliminate default passwords in their products following a hacking spree on water facilities.
CISA has warned about the use of default passwords for internet-facing devices for years, highlighting the potential harm caused by manufacturers distributing products with static default passwords. [ more ]