Security Misconfiguration

• Poorly configured permissions on cloud services
• Having unnecessary features enabled (services, pages, accounts or priveleges)
• Default accounts with unchanged passwords
• Overly Detailed Error Messages (allows attacker to find out more about system)
• NOT using HTTP Security Headers
• Revealing too much detail in Server:HTTP Header

The Mirari Malware was able to take offline a DNS provider
because it used DEFAULT PASSWORDS