The US government Cybersecurity and Infrastructure Security Agency (CISA) has issued a number of cyber security here is a round-up of the most recent:
The CISA site is one of the “go to places” for me and my team to keep up with vulnerabilities in our client’s software. Although aimed at the US Government and US users it is still really useful.
Citrix Releases Security Updates for Citrix Hypervisor | CISA
Juniper Releases Security Advisory for Juniper Secure Analytics | CISA
Mozilla Releases Security Updates for Firefox and Thunderbird | CISA
Adobe Releases Security Updates for ColdFusion | CISA
They also issue information on specific attacks:
FBI and CISA Release Advisory on Scattered Spider Group | CISA
#StopRansomware: Rhysida Ransomware | CISA
The CISA Known Exploited Vulnerabilities Catalog is also a good source of information on vulnerabilities that are actually being exploited, with links to mitigation:
Known Exploited Vulnerabilities Catalog | CISA
CISA also releases industrial control system advisories – if you are responsible for these types of systems you should monitor their news page:
My advice: Either you or your IT support need to check whether these issues impact your systems. You need to have a master document that details your systems, hardware, software, online, networks, back-ups, suppliers etc – so when cyber security (or operational) issues arise you and your support teams can quickly check if you are affected. From there you can take fast, effective action.
Clive Catton MSc (Cyber Security) – by-line and other articles