{"id":46696,"date":"2022-05-18T16:17:51","date_gmt":"2022-05-18T16:17:51","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/33466\/FBI-And-NSA-Say-Stop-Doing-These-10-Things-That-Let-Hackers-In.html"},"modified":"2022-05-18T16:17:51","modified_gmt":"2022-05-18T16:17:51","slug":"fbi-and-nsa-say-stop-doing-these-10-things-that-let-hackers-in","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/fbi-and-nsa-say-stop-doing-these-10-things-that-let-hackers-in\/","title":{"rendered":"FBI And NSA Say: Stop Doing These 10 Things That Let Hackers In"},"content":{"rendered":"<div class=\"share-bar-wrapper\">\n<div class=\"full-byline\">\n<div class=\"author-avatars\"> <a rel=\"author\" class=\"thumb author-modal-open\" data-component=\"authorModal\" data-author-modal-options=\"{&quot;selector&quot;:&quot;liam-tung-modal&quot;,&quot;hoverSelector&quot;:&quot;.full-byline&quot;}\" href=\"https:\/\/www.zdnet.com\/meet-the-team\/eu\/liam-tung\/\" data-vanity-rewritten=\"true\"> <span class=\"img \"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.zdnet.com\/a\/img\/resize\/edd135640c2822791e2a2387e6b68798e65dbe9b\/2014\/07\/22\/b17789dd-1174-11e4-9732-00505685119a\/liam-tung.jpg?width=50&amp;height=50&amp;fit=crop&amp;auto=webp\" class alt=\"Liam Tung\" height=\"50\" width=\"50\"><\/span> <\/a> <\/div>\n<\/p><\/div>\n<\/p><\/div>\n<p>Cyber attackers regularly exploit unpatched software vulnerabilities, but they &#8220;routinely&#8221; target security misconfigurations for initial access, so the US Cybersecurity and Infrastructure Security Agency (CISA) and its peers have created a to-do list for defenders in today&#8217;s heightened threat environment.&nbsp;<\/p>\n<p>CISA, the FBI and National Security Agency (NSA), as well as cybersecurity authorities from Canada, New Zealand, the Netherlands, and the UK, have <a href=\"https:\/\/www.cisa.gov\/uscert\/ncas\/alerts\/aa22-137a\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">compiled a list<\/a> of the main weak security controls, poor configurations, and poor security practices that defenders should implement to thwart initial access. It also contains the authorities&#8217; collective recommended mitigations. &nbsp;<\/p>\n<p>&#8220;Cyber actors routinely exploit poor security configurations (either misconfigured or left unsecured), weak controls, and other poor cyber hygiene practices to gain initial access or as part of other tactics to compromise a victim&#8217;s system,&#8221; CISA says.&nbsp;<\/p>\n<p><strong>SEE: <\/strong><a href=\"https:\/\/www.zdnet.com\/article\/just-in-time-bosses-are-finally-waking-up-to-the-cybersecurity-threat\/#link=%7B%22role%22:%22standard%22,%22href%22:%22https:\/\/www.zdnet.com\/article\/just-in-time-bosses-are-finally-waking-up-to-the-cybersecurity-threat\/%22,%22target%22:%22_blank%22,%22absolute%22:%22%22,%22linkText%22:%22Just%20in%20time?%20Bosses%20are%20finally%20waking%20up%20to%20the%20cybersecurity%20threat%22%7D\"><strong>Just in time? Bosses are finally waking up to the cybersecurity threa<\/strong><\/a><\/p>\n<p>The list of actions includes all obvious candidates, such as enabling multi-factor authentication (MFA) on key systems, such as virtual private networks (VPNs), but which are prone to misconfigurations when implemented in complex IT environments.&nbsp;<\/p>\n<p>For example, last year Russian hackers combined a <a href=\"https:\/\/www.zdnet.com\/article\/cisa-and-fbi-warning-hackers-used-these-tricks-to-dodge-multi-factor-authentication-and-steal-email\/\">default policy shared by multiple MFA solutions and a Windows printer privilege of escalation flaw<\/a> to disable MFA for active domain accounts and then establish remote desktop protocol (RDP) connections to Windows domain controllers. This complexity can also be seen in <a href=\"https:\/\/www.zdnet.com\/article\/nsa-cisa-partner-for-guide-on-safe-vpns-amid-widespread-exploitation-by-nation-states\/\">the choice of, deployment and use of VPNs<\/a>, whose adoption escalated after the pandemic struck. &nbsp;<\/p>\n<p>Recent research by Palo Alto Networks found that 99% of cloud services utilize excessive permissions, against the well-known <a href=\"https:\/\/csrc.nist.gov\/glossary\/term\/principle_of_least_privilege\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">principle of least privilege<\/a> to limit opportunities for attackers to breach a system.&nbsp; &nbsp;<\/p>\n<p>The security controls outlined in CISA&#8217;s list serve as a useful checklist for organizations, many of which deployed remote-working IT infrastructure hastily due to the pandemic, and amid today&#8217;s heightened geopolitical tensions due to Russia&#8217;s invasion of Ukraine. It also follows the EU joining the US-Five Eyes in jointly <a href=\"https:\/\/www.zdnet.com\/article\/elon-musk-says-russian-efforts-to-jam-starlink-are-ramping-up\/\" target=\"_blank\" rel=\"noopener\">blaming the Russian military on this year&#8217;s cyberattack against Viasat&#8217;s European satellite broadband users<\/a>.&nbsp; &nbsp;<\/p>\n<p>As noted in the joint alert, attackers commonly exploit public-facing applications, external remote services, and use phishing to obtain valid credentials and exploit trusted relationships and valid accounts.&nbsp;<\/p>\n<p>The joint alert recommends MFA is enforced for everyone, especially since RDP is commonly used to deploy ransomware. &#8220;Do not exclude any user, particularly administrators, from an MFA requirement,&#8221; CISA notes.<\/p>\n<p>Incorrectly applied privileges or permissions and errors in access control lists can prevent the enforcement of access control rules and could give unauthorized users or system processes access to objects. &nbsp;<\/p>\n<p>Of course, make sure software is up to date. But also don&#8217;t use vendor-supplied default configurations or default usernames and passwords. These might be &#8216;user friendly&#8217; and help the vendor deliver faster troubleshooting, but they&#8217;re often publicly available &#8216;secrets&#8217;. The NSA&nbsp;<a href=\"https:\/\/www.zdnet.com\/article\/nsa-report-this-is-how-you-should-be-securing-your-network\/\">strongly urges admins to remove vendor-supplied defaults<\/a> in its network infrastructure security guidance.&nbsp;<\/p>\n<p>&#8220;Network devices are also often pre-configured with default administrator usernames and passwords to simplify setup,&#8221; CISA notes. &#8220;These default credentials are not secure \u2013 they may be physically labeled on the device or even readily available on the internet. Leaving these credentials unchanged creates opportunities for malicious activity, including gaining unauthorized access to information and installing malicious software.&#8221;&nbsp;<\/p>\n<p><strong>SEE: <\/strong><a href=\"https:\/\/www.zdnet.com\/article\/ransomware-an-executive-guide-to-one-of-the-biggest-menaces-on-the-web\/#link=%7B%22linkText%22:%22What%20is%20ransomware?%20Everything%20you%20need%20to%20know%20about%20one%20of%20the%20biggest%20menaces%20on%20the%20web%22,%22target%22:%22_blank%22,%22href%22:%22https:\/\/www.zdnet.com\/article\/ransomware-an-executive-guide-to-one-of-the-biggest-menaces-on-the-web\/%22,%22role%22:%22standard%22,%22absolute%22:%22%22%7D\"><strong>What is ransomware? Everything you need to know about one of the biggest menaces on the web<\/strong><\/a><\/p>\n<p>CISA notes that remote services, such as VPNs, lack sufficient controls to prevent unauthorized access. Defenders should add access control mechanisms like MFA to reduce risks. Also, put the VPN behind a firewall, and use IDS and IPS sensors to detect suspicious network activity.&nbsp;<\/p>\n<p>Other key problems include: strong password policies are not implemented; open ports and internet-exposed services that can be scanned via the internet by attackers; failure to detect or block phishing using Microsoft Word and Excel documents booby-trapped with malicious macros; and poor endpoint detection and response.&nbsp;<\/p>\n<p>CISA&#8217;s recommendations include control access measures, implanting credential hardening, establishing centralized log management, using antivirus, employing detection tools and searching for vulnerabilities, maintaining configuration management programs, and implementing patch management.&nbsp;<\/p>\n<p>CISA also recommends adopting a zero-trust security model, but this is likely a long-term goal. US federal agencies <a href=\"https:\/\/www.zdnet.com\/article\/white-house-rolls-out-zero-trust-strategy-for-federal-agencies\/\">have until 2024 to make significant headway on this<\/a>&nbsp;aim. &nbsp;<\/p>\n<p>The full list of security &#8216;don&#8217;ts&#8217; includes:<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/33466\/FBI-And-NSA-Say-Stop-Doing-These-10-Things-That-Let-Hackers-In.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[7393],"class_list":["post-46696","post","type-post","status-publish","format-standard","hentry","category-cybersecurity-blogs","tag-headlinehackergovernmentusafbinsa"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>FBI And NSA Say: Stop Doing These 10 Things That Let Hackers In 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/fbi-and-nsa-say-stop-doing-these-10-things-that-let-hackers-in\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"FBI And NSA Say: Stop Doing These 10 Things That Let Hackers In 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/fbi-and-nsa-say-stop-doing-these-10-things-that-let-hackers-in\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-05-18T16:17:51+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.zdnet.com\/a\/img\/resize\/edd135640c2822791e2a2387e6b68798e65dbe9b\/2014\/07\/22\/b17789dd-1174-11e4-9732-00505685119a\/liam-tung.jpg?width=50&amp;height=50&amp;fit=crop&amp;auto=webp\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/fbi-and-nsa-say-stop-doing-these-10-things-that-let-hackers-in\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/fbi-and-nsa-say-stop-doing-these-10-things-that-let-hackers-in\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"FBI And NSA Say: Stop Doing These 10 Things That Let Hackers In\",\"datePublished\":\"2022-05-18T16:17:51+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/fbi-and-nsa-say-stop-doing-these-10-things-that-let-hackers-in\\\/\"},\"wordCount\":753,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/fbi-and-nsa-say-stop-doing-these-10-things-that-let-hackers-in\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/edd135640c2822791e2a2387e6b68798e65dbe9b\\\/2014\\\/07\\\/22\\\/b17789dd-1174-11e4-9732-00505685119a\\\/liam-tung.jpg?width=50&amp;height=50&amp;fit=crop&amp;auto=webp\",\"keywords\":[\"headline,hacker,government,usa,fbi,nsa\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/fbi-and-nsa-say-stop-doing-these-10-things-that-let-hackers-in\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/fbi-and-nsa-say-stop-doing-these-10-things-that-let-hackers-in\\\/\",\"name\":\"FBI And NSA Say: Stop Doing These 10 Things That Let Hackers In 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/fbi-and-nsa-say-stop-doing-these-10-things-that-let-hackers-in\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/fbi-and-nsa-say-stop-doing-these-10-things-that-let-hackers-in\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/edd135640c2822791e2a2387e6b68798e65dbe9b\\\/2014\\\/07\\\/22\\\/b17789dd-1174-11e4-9732-00505685119a\\\/liam-tung.jpg?width=50&amp;height=50&amp;fit=crop&amp;auto=webp\",\"datePublished\":\"2022-05-18T16:17:51+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/fbi-and-nsa-say-stop-doing-these-10-things-that-let-hackers-in\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/fbi-and-nsa-say-stop-doing-these-10-things-that-let-hackers-in\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/fbi-and-nsa-say-stop-doing-these-10-things-that-let-hackers-in\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/edd135640c2822791e2a2387e6b68798e65dbe9b\\\/2014\\\/07\\\/22\\\/b17789dd-1174-11e4-9732-00505685119a\\\/liam-tung.jpg?width=50&amp;height=50&amp;fit=crop&amp;auto=webp\",\"contentUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/edd135640c2822791e2a2387e6b68798e65dbe9b\\\/2014\\\/07\\\/22\\\/b17789dd-1174-11e4-9732-00505685119a\\\/liam-tung.jpg?width=50&amp;height=50&amp;fit=crop&amp;auto=webp\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/fbi-and-nsa-say-stop-doing-these-10-things-that-let-hackers-in\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,government,usa,fbi,nsa\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackergovernmentusafbinsa\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"FBI And NSA Say: Stop Doing These 10 Things That Let Hackers In\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"FBI And NSA Say: Stop Doing These 10 Things That Let Hackers In 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/fbi-and-nsa-say-stop-doing-these-10-things-that-let-hackers-in\/","og_locale":"en_US","og_type":"article","og_title":"FBI And NSA Say: Stop Doing These 10 Things That Let Hackers In 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/fbi-and-nsa-say-stop-doing-these-10-things-that-let-hackers-in\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-05-18T16:17:51+00:00","og_image":[{"url":"https:\/\/www.zdnet.com\/a\/img\/resize\/edd135640c2822791e2a2387e6b68798e65dbe9b\/2014\/07\/22\/b17789dd-1174-11e4-9732-00505685119a\/liam-tung.jpg?width=50&amp;height=50&amp;fit=crop&amp;auto=webp","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/fbi-and-nsa-say-stop-doing-these-10-things-that-let-hackers-in\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/fbi-and-nsa-say-stop-doing-these-10-things-that-let-hackers-in\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"FBI And NSA Say: Stop Doing These 10 Things That Let Hackers In","datePublished":"2022-05-18T16:17:51+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/fbi-and-nsa-say-stop-doing-these-10-things-that-let-hackers-in\/"},"wordCount":753,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/fbi-and-nsa-say-stop-doing-these-10-things-that-let-hackers-in\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/edd135640c2822791e2a2387e6b68798e65dbe9b\/2014\/07\/22\/b17789dd-1174-11e4-9732-00505685119a\/liam-tung.jpg?width=50&amp;height=50&amp;fit=crop&amp;auto=webp","keywords":["headline,hacker,government,usa,fbi,nsa"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/fbi-and-nsa-say-stop-doing-these-10-things-that-let-hackers-in\/","url":"https:\/\/www.threatshub.org\/blog\/fbi-and-nsa-say-stop-doing-these-10-things-that-let-hackers-in\/","name":"FBI And NSA Say: Stop Doing These 10 Things That Let Hackers In 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/fbi-and-nsa-say-stop-doing-these-10-things-that-let-hackers-in\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/fbi-and-nsa-say-stop-doing-these-10-things-that-let-hackers-in\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/edd135640c2822791e2a2387e6b68798e65dbe9b\/2014\/07\/22\/b17789dd-1174-11e4-9732-00505685119a\/liam-tung.jpg?width=50&amp;height=50&amp;fit=crop&amp;auto=webp","datePublished":"2022-05-18T16:17:51+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/fbi-and-nsa-say-stop-doing-these-10-things-that-let-hackers-in\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/fbi-and-nsa-say-stop-doing-these-10-things-that-let-hackers-in\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/fbi-and-nsa-say-stop-doing-these-10-things-that-let-hackers-in\/#primaryimage","url":"https:\/\/www.zdnet.com\/a\/img\/resize\/edd135640c2822791e2a2387e6b68798e65dbe9b\/2014\/07\/22\/b17789dd-1174-11e4-9732-00505685119a\/liam-tung.jpg?width=50&amp;height=50&amp;fit=crop&amp;auto=webp","contentUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/edd135640c2822791e2a2387e6b68798e65dbe9b\/2014\/07\/22\/b17789dd-1174-11e4-9732-00505685119a\/liam-tung.jpg?width=50&amp;height=50&amp;fit=crop&amp;auto=webp"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/fbi-and-nsa-say-stop-doing-these-10-things-that-let-hackers-in\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,government,usa,fbi,nsa","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackergovernmentusafbinsa\/"},{"@type":"ListItem","position":3,"name":"FBI And NSA Say: Stop Doing These 10 Things That Let Hackers In"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/46696","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=46696"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/46696\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=46696"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=46696"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=46696"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}