Whilst I have been away my team have been keeping up with security advisories that have impacted our clients. The vendors are the primary sources for my team but they also use the US government Cybersecurity and Infrastructure Security Agency (CISA) alerts and the Known Exploited Vulnerabilities Catalog.
Let’s catch here with the important ones we have not yet reported on.
The following vendors have all released security patches across a range of their products to address vulnerabilities.
Juniper Releases Security Advisory for Multiple Vulnerabilities in Junos OS | CISA
Cisco Releases Security Advisories for Multiple Products | CISA
Atlassian Releases Security Update for Confluence Server and Data Center | CISA
Known Exploited Vulnerabilities Catalog
Entries have been added to the database for, WinRAR, Ignite Openfire, Ivanti Software, Veeam Backup, Adobe ColdFusion, Microsoft and Citrix.
Known Exploited Vulnerabilities Catalog | CISA
Of these the issues with Veeam Backup are probably the most serious, if Veeam is a key component of your cyber security defences.
CISA also releases industrial control system advisories – if you are responsible for these types of systems you should monitor their news page:
My advice: Either you or your IT support need to check whether these issues impact your systems. You need to have a master document that details your systems, hardware, software, online, networks, back-ups, suppliers etc – so when cyber security (or operational) issues arise you and your support teams can quickly check if you are affected. From there you can take fast, effective action.
Clive Catton MSc (Cyber Security) – by-line and other articles