I was away at a Cyber Security Conference last week and Diana did not know to keep up with the advisories from The US government Cybersecurity and Infrastructure Security Agency (CISA) – although the support team did keep up with them.
So, what happened last week?
Microsoft Patch Tuesday
Last Tuesday was Microsoft Patch Tuesday – by now everyone should have those updates and patches installed. Here is CISA’s report:
Microsoft Releases May 2023 Security Updates | CISA
Known Exploited Vulnerabilities Catalog
There were multiple updates to the CISA Known Exploited Vulnerabilities Catalog – these are cyber security vulnerabilities that have been shown to be actively exploited by threat actors. The type that needs action if you use the software or hardware.
There were advisories for wireless equipment, Linux, Red Hat, Oracle Java, Microsoft Windows and Apache:
CISA Adds Seven Known Exploited Vulnerabilities to Catalog | CISA
CISA Adds One Known Exploited Vulnerability to Catalog | CISA
Other updates
Mozilla released a number of security updates across its product range:
Mozilla Releases Security Advisories for Multiple Products | CISA
My advice: Either you or your IT support need to check whether these issues impact your systems. You need to have a master document that details your systems, hardware, software, online, networks, back-ups, suppliers etc – so when cyber security (or operational) issues arise you and your support teams can quickly check if you are affected. From there you can take fast, effective action.
CISA also releases industrial control system advisories – if you are responsible for these types of systems you should monitor their news page:
IT Monitoring
Our remote monitoring and management service can help you keep up to date with your organisations patching and other security related activities.
Clive Catton MSc (Cyber Security) – by-line and other articles