The US government Cybersecurity and Infrastructure Security Agency (CISA) is one of the resources we use both here and at Octagon Technology to keep up with systems that need patching because of vulnerabilities.
I have been out of the office a lot recently, my team have been monitoring for our clients, so let’s catch-up here.
Mozilla Releases Security Advisories for Multiple Products | CISA
Apple Releases Security Advisories for Multiple Products | CISA (we have reported on this)
VMware Releases Security Advisory for vCenter Server | CISA
VMware Releases Advisory for VMware Tools Vulnerabilities | CISA
Atlassian Releases Security Advisory for Confluence Data Center and Server | CISA
Cisco Releases Security Advisories for Multiple Products | CISA
Known Exploited Vulnerabilities Catalog
CISA maintains a catalogue of vendors, vulnerabilities and mitigation – I have it shortcutted in Safari on my iPhone so it is to hand when I am at clients. Recent updates include vulnerabilities for Apache, Cisco and Citrix among others.
Known Exploited Vulnerabilities Catalog | CISA
Some these entries are for mainstream products some are fringe products – the catalogue is primarily aimed at the the products in use by the US Government – but if one of your software packages are on the list, then you, your IT or Cyber Security support need to do something about it.
CISA also releases industrial control system advisories – if you are responsible for these types of systems you should monitor their news page:
My advice: Either you or your IT support need to check whether these issues impact your systems. You need to have a master document that details your systems, hardware, software, online, networks, back-ups, suppliers etc – so when cyber security (or operational) issues arise you and your support teams can quickly check if you are affected. From there you can take fast, effective action.
Clive Catton MSc (Cyber Security) – by-line and other articles