The US government Cybersecurity and Infrastructure Security Agency (CISA) is one of my “daily checks” for cyber security news – this week they have issued information on the following:
Security advisories for the Firefox family of web browsers:
Mozilla Releases Security Updates for Firefox | CISA
CISA has also produced a document that examines threat actors actions and behaviours and provides a way to map these so cyber security analysts can better understand the threat landscape:
CISA Updates Best Practices for Mapping to MITRE ATT&CK® | CISA
CISA also maintains a database of vulnerabilities it knows are being exploited – a really useful resource to match up with your cyber security plan and make sure your patches and mitigation is up to date.
CISA Adds One Known Exploited Vulnerability to Catalog | CISA
CISA also releases industrial control system advisories – if you are responsible for these types of systems you should monitor their news page:
My advice: Either you or your IT support need to check whether these issues impact your systems. You need to have a master document that details your systems, hardware, software, online, networks, back-ups, suppliers etc – so when cyber security (or operational) issues arise you and your support teams can quickly check if you are affected. From there you can take fast, effective action.
Clive Catton MSc (Cyber Security) – by-line and other articles