CISA Round-up

I am back in the office this week so let’s get a round-up of the security advisories issued by The US government Cybersecurity and Infrastructure Security Agency (CISA), one of my trusted sources for information about cyber security vulnerabilities.

Oracle Releases October 2023 Critical Patch Update Advisory | CISA

Fortinet Releases Security Updates for Multiple Products | CISA

CISA, the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have updated their advice document on Ransomware and phishing.

#StopRansomware Guide (cisa.gov)

Phishing Guidance: Stopping the Attack Cycle at Phase One (cisa.gov)

Known Exploited Vulnerabilities Catalog

There new entries in the exploited vulnerabilities database – these are particularly important as a product only gets listed here if there is evidence that a vulnerability is actually being exploited in the wild. There are new entries for Cisco iOS and Citrix

Known Exploited Vulnerabilities Catalog | CISA

CISA also releases industrial control system advisories – if you are responsible for these types of systems you should monitor their news page:

Current Activity | CISA

My advice: Either you or your IT support need to check whether these issues impact your systems. You need to have a master document that details your systems, hardware, software, online, networks, back-ups, suppliers etc – so when cyber security (or operational) issues arise you and your support teams can quickly check if you are affected. From there you can take fast, effective action.

Clive Catton MSc (Cyber Security) – by-line and other articles

Further Reading