I am always using the above image as it reinforces the message that for good cyber security you need to keep up with the patches and updates for both software and hardware. Our team use a variety of sources to keep up with this job of which the US government’s Cybersecurity and Infrastructure Security Agency (CISA) is a key one.
Here is a round-up of the key cyber security patches they have highlighted – although for the last few weeks most of the alerts have been for industrial control systems..
Adobe Releases Security Updates for Multiple Products | CISA
Mozilla Releases Security Updates for Firefox and Thunderbird | CISA
Known Exploited Vulnerabilities
The CISA Known Exploited Vulnerabilities Catalog is also a good source of information on vulnerabilities that are actually being exploited, with links to mitigation:
Known Exploited Vulnerabilities Catalog | CISA
Cyber Security Advisories
CISA also issues cyber security advisories, often in co-operation with other US aganecies and/or International cyber security organisations and law enforcement, including the UK’s National Cyber Security Centre (NCSC).
Here are two of the most relevantrecent advisories:
#StopRansomware: ALPHV Blackcat | CISA
The agency is charged with issuing advice to US Government Departments and US organisations – so some of the vendors and products listed are not so common in the UK – but it is still a valuable source of cyber security information.
My advice: Either you or your IT support need to check whether these issues impact your systems. You need to have a master document that details your systems, hardware, software, online, networks, back-ups, suppliers etc – so when cyber security (or operational) issues arise you and your support teams can quickly check if you are affected. From there you can take fast, effective action.
CISA also releases industrial control system advisories – if you are responsible for these types of systems you should monitor their news page:
Clive Catton MSc (Cyber Security) – by-line and other articles
