CISA Security Advisories – and why checking this post and software patching is important

CISA is the US government’s Cybersecurity and Infrastructure Security Agency and a very good source cyber security and software patching information.

Last week they posted several software patching updates and known vulnerabilities that are being exploited and mitigations for them.

Samba Releases Security Updates for Multiple Versions of Samba | CISA

Mozilla Releases Security Update for Thunderbird | CISA

Zimbra, Microsoft, Samba, Cobalt Strike, Apple, ARM, Linux, Google Chrome have been added to the Known Exploited Vulnerabilities Catalog.

CISA Adds Ten Known Exploited Vulnerabilities to Catalog | CISA

CISA Adds One Known Exploited Vulnerability to Catalog | CISA

Software Patching! Why check these advisories out?

I regularly highlight the CISA security updates and their Known Exploited Vulnerabilities Catalog and here in this article on Bleeping Computer is the reason why:

Over 15 million publicly facing services are susceptible to at least one of the 896 vulnerabilities listed in CISA’s KEV (known exploitable vulnerabilities) catalog.

Bill Toulas – BleepingComputer

Even with all the publicity about software vulnerabilities, cyber security patching and automatic updating the software patching is still not happening.

15 million public-facing services vulnerable to CISA KEV flaws (bleepingcomputer.com)

Your take away from this…

Ask yourself some question?

  • What systems of your are internet facing?
  • Who takes responsibility for keeping these resource secure?
  • Who does the software patching?
  • Are you able to answer the above questions?

Get yours’s sorted today!

Clive Catton MSc (Cyber Security) – by-line and other articles


CISA also releases industrial control system advisories – if you are responsible for these types of systems you should monitor their news page:

Current Activity | CISA

My advice: Either you or your IT support need to check whether these issues impact your systems. You need to have a master document that details your systems, hardware, software, online, networks, back-ups, suppliers etc – so when cyber security (or operational) issues arise you and your support teams can quickly check if you are affected. From there you can take fast, effective action.

software patching