Common security mistakes and overlooked misconfigurations can open the door for attackers to drop malware or exfiltrate data. Having appropriate security configurations requires your applications, servers and databases to be hardened in accordance with best practices. Avoid the following top five configuration gaffes to reduce the threat exposure to your organization: Default Credentials, Remote Desktop Services and Default Ports are easy for a hacker to exploit: Leaving default credentials on network devices such as firewalls and routers allows adversaries to simply use password-checking scanners to walk right into the network.
Source: https://threatpost.com/top-5-configuration-mistakes-hackers/144457/