CISA Alerts including Patch Tuesday | Smart Thinking Solutions

The US government Cybersecurity and Infrastructure Security Agency (CISA) site is one of the “go to places” for me and my team to keep up with vulnerabilities in our client’s software. Although aimed at the US Government and US users it is still really useful.

The alerts cover both software and hardware.

With yesterday being Microsoft Patch Tuesday many companies take the opportunity to release their updates on the same day.

Here is the Microsoft Patch Tuesday alert:

Microsoft Releases Security Updates for Multiple Products | CISA

…and others:

The Apache Software Foundation Updates Struts 2 | CISA

Adobe Releases Security Updates for Multiple Products | CISA

This is probably by chance but Apple released their updates on Patch Tuesday as well:

Apple Releases Security Updates for Multiple Products | CISA

Known Exploited Vulnerabilities

The CISA Known Exploited Vulnerabilities Catalog is also a good source of information on vulnerabilities that are actually being exploited, with links to mitigation:

Known Exploited Vulnerabilities Catalog | CISA

Industry

CISA also releases industrial control system advisories – if you are responsible for these types of systems you should monitor their news page:

Current Activity | CISA

…and more

They also issue more detailed documents on specific attacks – I do not often link to these as they often aimed at the US Government offices however the following were co-authored with other international cyber security agencies including the UK’s National Cyber Security Centre (NCSC), so I thought they would be useful:

Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally | CISA

CISA and Partners Release Advisory on Russian SVR-affiliated Cyber Actors Exploiting CVE-2023-42793 | CISA

Clive Catton MSc (Cyber Security) – by-line and other articles

My advice: Either you or your IT support need to check whether these issues impact your systems. You need to have a master document that details your systems, hardware, software, online, networks, back-ups, suppliers etc – so when cyber security (or operational) issues arise you and your support teams can quickly check if you are affected. From there you can take fast, effective action.

Microsoft Patch Tuesday – December 2023

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.