Go Unlimited with Magzter GOLD
Get unlimited access to 10,000+ magazines, newspapers and Premium stories for just
Try GOLD - Free
The Little Things Count
Security Advisor Middle East
|November 2019
TIM BANDOS, VICE PRESIDENT OF CYBERSECURITY, DIGITAL GUARDIAN, DISCUSSES HOW CONFIGURATION MISTAKES COULD PROVIDE FIELD DAYS FOR HACKERS.
-
Sometimes it’s the little things. In hindsight, more often than not, getting hacked can stem from a minor misstep or completely preventable mistake. Common security mistakes and overlooked misconfigurations can open the door for malware or attackers, potentially leaving your environment and any exposed data ripe for the picking. Avoid these top five configuration gaffes to reduce the threat exposure to your organisation.
Default credentialsIt almost seems too obvious to include here but leaving default usernames and passwords unconfigured for databases, installations, and devices, by far, is one of the most common and easy items for a hacker to exploit. Leaving default credentials on network devices such as firewalls, routers, or even operating systems, allows adversaries to simply use password checking scanners to walk right in. In more skilled setups, hackers can simply stage a series of scripted attacks geared at brute forcing devices by focusing on either default usernames and passwords, or basic passwords like “qwerty” or “12345.”
A few months ago, researchers uncovered a Python-based web scanner, Xwo, that can easily scan the web for exposed web services and default passwords. After collecting default MySQL, MongoDB, Postgre SQL, and Tomcat credentials, the scanner forwards the results back to a command and control server.
Leaving default credentials on any device is akin to leaving your keys in a locked door. Even a 12-year-old with some internet access at home could majorly breach a corporation just by using one of these freely available tools on the internet to check for default credentials.
Password reuse
This story is from the November 2019 edition of Security Advisor Middle East.
Subscribe to Magzter GOLD to access thousands of curated premium stories, and 10,000+ magazines and newspapers.
Already a subscriber? Sign In
MORE STORIES FROM Security Advisor Middle East
Security Advisor Middle East
CITRIX REDEFINES SECURE ACCESS FOR THE HYBRID ERA
FRANCOIS VAN DEVENTER, CTO AT MICLOUDSW, SHARES HOW CITRIX IS TRANSFORMING FROM A REMOTE-ACCESS PIONEER INTO A MODERN ACCESS SECURITY LEADER-EMPOWERING ENTERPRISES TO THRIVE IN AN AI-DRIVEN, ZERO-TRUST WORLD.
7 mins
October 2025
Security Advisor Middle East
KASPERSKY STRENGTHENS CLOUD PROTECTION WITH NEW CLOUD WORKLOAD SECURITY UPDATE
Kaspersky, together with Smart Africa and Africaines in Tech, has launched an innovative, science-backed career orientation test “Future You in Tech” created to promote professional development for young women in the cybersecurity industry and help remove potential entry barriers. The test is designed to help them discover which career paths best align with their interests, skills, and personality.
2 mins
October 2025
Security Advisor Middle East
SANS STRENGTHENS GULF CYBERSECURITY SKILLS THROUGH IMMERSIVE TRAINING, AI-DRIVEN LEARNING
NED BALTAGI OF SANS INSTITUTE OUTLINES HOW ADVANCED TRAINING, NATIONAL WORKFORCE ALIGNMENT, AND AI-FOCUSED FRAMEWORKS ARE SHAPING A MORE RESILIENT CYBERSECURITY LANDSCAPE ACROSS SAUDI ARABIA AND THE WIDER REGION.
4 mins
October 2025
Security Advisor Middle East
FORTINET SECURES DUBAI ENGLISH SPEAKING SCHOOL'S NEW ACADEMIC CITY CAMPUS WITH INTEGRATED NETWORKING AND SECURITY SOLUTIONS
DEPLOYMENT SUPPORTS GROWTH, DELIVERS CENTRALIZED NETWORK MANAGEMENT, AND STRENGTHENS CYBERSECURITY FOR HYBRID LEARNING IN THE EDUCATION SECTOR
2 mins
October 2025
Security Advisor Middle East
FROM CONTINUITY TO CONTINUOUS BUSINESS
COMMVAULT'S FADY RICHMANY OUTLINES HOW MULTI-CLOUD ADOPTION, AI DISRUPTION, AND RELENTLESS THREATS DEMAND A NEW RESILIENCE PLAYBOOK FOR THE UAE'S DIGITAL-FIRST FUTURE.
10 mins
October 2025
Security Advisor Middle East
SENTINELONE NAMED A LEADER IN THE 2025 IDC MARKETSCAPE FOR WORLDWIDE XDR SOFTWARE
SentinelOne, the leader in AI-native cybersecurity, announced that it has been recognised as a Leader in the IDC MarketScape: Worldwide Extended Detection and Response (XDR) Software 2025 Vendor Assessment. It is the latest third-party recognition of the company's Al-powered Singularity platform and its state-of-the-art approach to leveraging both native and third-party security data to stop attacks.
1 mins
October 2025
Security Advisor Middle East
RANSOMWARE PAYMENTS ARE DROPPING, BUT EMEA ORGANISATIONS ARE STILL UNPREPARED FOR ATTACKS
DESPITE THE NUMBER OF ORGANISATIONS PAYING RANSOMS DROPPING BY 22% YEAR-ON-YEAR, 63% WOULD STILL BE UNABLE TO RECOVER FROM A SITE-WIDE CRISIS DUE TO A LACK OF ALTERNATIVE INFRASTRUCTURE PLANS.
2 mins
October 2025
Security Advisor Middle East
FORTINET REPORT REVEALS CONTINUED RISE IN DATA LOSS DESPITE SMARTER DATA SECURITY PRACTICES AND RECORD CYBERSECURITY SPENDING
BUDGETS FOR DATA SECURITY ROSE AT 72% OF ORGANISATIONS LAST YEAR, YET 41% OF ORGANISATIONS STILL LOST MILLIONS TO INSIDER-DRIVEN DATA INCIDENTS
3 mins
October 2025
Security Advisor Middle East
VAD TECHNOLOGIES, CYBERX JOIN FORCES TO STRENGTHEN PEOPLE-CENTRIC CYBERSECURITY ACROSS GCC
THE NEW PARTNERSHIP AIMS TO EMPOWER ENTERPRISES TO BUILD CYBER-RESILIENT WORKFORCES AND DRIVE A CULTURE OF AWARENESS ACROSS THE REGION.
2 mins
October 2025
Security Advisor Middle East
FROM AWARENESS TO ACTION: THE UAE'S CYBERSECURITY FRONTLINES TAKE CENTRE STAGE AT GITEX 2025
OCTOBER BRINGS A POWERFUL CONVERGENCE FOR THE UAE'S DIGITAL LANDSCAPE—WHERE GITEX GLOBAL 2025 AND CYBERSECURITY AWARENESS MONTH UNITE TO SPOTLIGHT THE NATION'S LEADERSHIP IN RESILIENCE, INNOVATION, AND SECURE DIGITAL TRANSFORMATION.
8 mins
October 2025
Translate
Change font size