CISA Security Advisories – and why checking this post and software patching is important

CISA is the US government’s Cybersecurity and Infrastructure Security Agency and a very good source cyber security and software patching information.

Last week they posted several software patching updates and known vulnerabilities that are being exploited and mitigations for them.

Samba Releases Security Updates for Multiple Versions of Samba | CISA

Mozilla Releases Security Update for Thunderbird | CISA

Zimbra, Microsoft, Samba, Cobalt Strike, Apple, ARM, Linux, Google Chrome have been added to the Known Exploited Vulnerabilities Catalog.

CISA Adds Ten Known Exploited Vulnerabilities to Catalog | CISA

CISA Adds One Known Exploited Vulnerability to Catalog | CISA

Software Patching! Why check these advisories out?

I regularly highlight the CISA security updates and their Known Exploited Vulnerabilities Catalog and here in this article on Bleeping Computer is the reason why:

Over 15 million publicly facing services are susceptible to at least one of the 896 vulnerabilities listed in CISA’s KEV (known exploitable vulnerabilities) catalog.
Bill Toulas – BleepingComputer

Even with all the publicity about software vulnerabilities, cyber security patching and automatic updating the software patching is still not happening.

15 million public-facing services vulnerable to CISA KEV flaws (bleepingcomputer.com)

Your take away from this…

Ask yourself some question?

What systems of your are internet facing?
Who takes responsibility for keeping these resource secure?
Who does the software patching?
Are you able to answer the above questions?

Get yours’s sorted today!

Do you want to know more?

Clive Catton MSc (Cyber Security) – by-line and other articles

CISA also releases industrial control system advisories – if you are responsible for these types of systems you should monitor their news page:

Current Activity | CISA

My advice: Either you or your IT support need to check whether these issues impact your systems. You need to have a master document that details your systems, hardware, software, online, networks, back-ups, suppliers etc – so when cyber security (or operational) issues arise you and your support teams can quickly check if you are affected. From there you can take fast, effective action.

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.