CISA updates

Our team use a variety of sources to keep up with this job of which the US government’s Cybersecurity and Infrastructure Security Agency (CISA) is a key one.

Here is a round-up of the key cyber security patches they have highlighted – although for the last few weeks most of the alerts have been for industrial control systems.

Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways | CISA

Cisco Releases Security Advisories for Cisco NX-OS Software | CISA

Known Exploited Vulnerabilities

The CISA Known Exploited Vulnerabilities Catalog is also a good source of information on vulnerabilities that are actually being exploited, with links to mitigation:

Known Exploited Vulnerabilities Catalog | CISA

Cyber Security Advisories

CISA also issues cyber security advisories, often in co-operation with other US aganecies and/or International cyber security organisations and law enforcement, including the UK’s National Cyber Security Centre (NCSC).

Here are two of the most relevantrecent advisories:

#StopRansomware: Phobos Ransomware | CISA


The agency is charged with issuing advice to US Government Departments and US organisations – so some of the vendors and products listed are not so common in the UK – but it is still a valuable source of cyber security information.

My advice: Either you or your IT support need to check whether these issues impact your systems. You need to have a master document that details your systems, hardware, software, online, networks, back-ups, suppliers etc – so when cyber security (or operational) issues arise you and your support teams can quickly check if you are affected. From there you can take fast, effective action.

CISA also releases industrial control system advisories – if you are responsible for these types of systems you should monitor their news page:

Current Activity | CISA

Clive Catton MSc (Cyber Security) – by-line and other articles