I am back in the office this week so let’s get a round-up of the security advisories issued by The US government Cybersecurity and Infrastructure Security Agency (CISA), one of my trusted sources for information about cyber security vulnerabilities.
Oracle Releases October 2023 Critical Patch Update Advisory | CISA
Fortinet Releases Security Updates for Multiple Products | CISA
CISA, the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have updated their advice document on Ransomware and phishing.
#StopRansomware Guide (cisa.gov)
Phishing Guidance: Stopping the Attack Cycle at Phase One (cisa.gov)
Known Exploited Vulnerabilities Catalog
There new entries in the exploited vulnerabilities database – these are particularly important as a product only gets listed here if there is evidence that a vulnerability is actually being exploited in the wild. There are new entries for Cisco iOS and Citrix
Known Exploited Vulnerabilities Catalog | CISA
CISA also releases industrial control system advisories – if you are responsible for these types of systems you should monitor their news page:
My advice: Either you or your IT support need to check whether these issues impact your systems. You need to have a master document that details your systems, hardware, software, online, networks, back-ups, suppliers etc – so when cyber security (or operational) issues arise you and your support teams can quickly check if you are affected. From there you can take fast, effective action.
Clive Catton MSc (Cyber Security) – by-line and other articles