Common Information
| Type | Value |
|---|---|
| Value |
Default Accounts - T1078.001 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Default accounts are those that are built-into an OS, such as the Guest or Administrator accounts on Windows systems. Default accounts also include default factory/provider set accounts on other types of systems, software, or devices, including the root user account in AWS and the default service account in Kubernetes.(Citation: Microsoft Local Accounts Feb 2019)(Citation: AWS Root User)(Citation: Threat Matrix for Kubernetes) Default accounts are not limited to client machines, rather also include accounts that are preset for equipment such as network devices and computer applications whether they are internal, open source, or commercial. Appliances that come preset with a username and password combination pose a serious threat to organizations that do not change it post installation, as they are easy targets for an adversary. Similarly, adversaries may also utilize publicly disclosed or stolen [Private Keys](https://attack.mitre.org/techniques/T1552/004) or credential materials to legitimately connect to remote environments via [Remote Services](https://attack.mitre.org/techniques/T1021).(Citation: Metasploit SSH Module) |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2025-03-21 | 2 | A Vulnerability in Google Chrome Could Allow for Arbitrary Code Execution | ||
| Details | Website | 2025-03-20 | 2 | Are Attackers "Passing Through" Your Azure App Proxy? | ||
| Details | Website | 2025-03-20 | 2 | A Vulnerability in AMI MegaRAC Software Could Allow for Remote Code Execution | ||
| Details | Website | 2025-03-18 | 2 | Are Attackers "Passing Though" Your Azure App Proxy? | ||
| Details | Website | 2025-03-18 | 2 | A Vulnerability in Apache Tomcat Could Allow for Remote Code Execution | ||
| Details | Website | 2025-03-14 | 7 | MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Sante PACS Server Could Allow for Remote Code Execution - PATCH NOW - TLP: CLEAR | ||
| Details | Website | 2025-03-13 | 96 | Inside BRUTED: Black Basta (RaaS) Members Used Automated Brute Forcing Framework to Target Edge Network Devices | ||
| Details | Website | 2025-03-11 | 5 | *DRAFT* MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution - PATCH: NOW - TLP: CLEAR | ||
| Details | Website | 2025-03-11 | 7 | Critical Patches Issued for Microsoft Products, March 11, 2025 | ||
| Details | Website | 2025-03-11 | 38 | Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution | ||
| Details | Website | 2025-03-11 | 19 | Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution | ||
| Details | Website | 2025-03-07 | 0 | Cybersecurity Essentials: A Complete Overview | ||
| Details | Website | 2025-03-04 | 4 | Multiple vulnerabilities have been discovered in VMware ESXi, Workstation, and Fusion which could allow for local code execution. | ||
| Details | Website | 2025-03-02 | 0 | Harden a Simple Website — Database | ||
| Details | Website | 2025-02-28 | 0 | Database Security Best Practices: Protecting Your Data from Attacks | ||
| Details | Website | 2025-02-26 | 10 | Cyber Threat Intelligence (CTI) Report: CVE-2023–20118 — Cisco Small Business Routers Remote Code… | ||
| Details | Website | 2025-02-26 | 4 | Identity Security Is the Missing Link To Combatting Advanced OT Threats | ||
| Details | Website | 2025-02-18 | 7 | Threat Spotlight: Inside the World's Fastest Rising Ransomware Operator — BlackLock - ReliaQuest | ||
| Details | Website | 2025-02-12 | 20 | OWASP Top 10 Vulnerabilities in .NET Core 7+ (and How to Beat Them) | ||
| Details | Website | 2025-02-11 | 47 | Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution | ||
| Details | Website | 2025-02-11 | 12 | Multiple Vulnerabilities in Fortinet Products Could Allow for Remote Code Execution | ||
| Details | Website | 2025-02-11 | 2 | Critical Patches Issued for Microsoft Products, February 11, 2025 | ||
| Details | Website | 2025-02-07 | 3 | Zyxel HTTP Vulnerability - Blog - VulnCheck | ||
| Details | Website | 2025-02-06 | 2 | A Vulnerability in Trimble Cityworks Could Allow for Remote Code Execution | ||
| Details | Website | 2025-02-04 | 6 | Zyxel Telnet Vulnerabilities - Blog - VulnCheck |