The US government’s Cybersecurity and Infrastructure Security Agency (CISA) is a key resource for us to keep up with the cyber security patches issued by the major – and sometimes more fringe – vendors. We especially pay attention in the week of Microsoft Patch Tuesday, as other vendors often issue patches during this period.
Here is a round-up of the key cyber security patches they have highlighted:
Microsoft Releases Security Updates for Multiple Products | CISA – here is their notice for Microsoft’s Patch Tuesday.
Adobe Releases Security Updates for Multiple Products | CISA
Fortinet Releases Security Updates for Multiple Products | CISA
Apple Released Security Updates for Multiple Products | CISA
Cisco Releases Security Updates for Secure Client | CISA
Apple Releases Security Updates for iOS and iPadOS | CISA
VMware Releases Security Advisory for Multiple Products | CISA
Known Exploited Vulnerabilities
The CISA Known Exploited Vulnerabilities Catalog is also a good source of information on vulnerabilities that are actually being exploited, with links to mitigation:
Known Exploited Vulnerabilities Catalog | CISA
The agency is charged with issuing advice to US Government Departments and US organisations – so some of the vendors and products listed are not so common in the UK – but it is still a valuable source of cyber security information.
My advice: Either you or your IT support need to check whether these issues impact your systems. You need to have a master document that details your systems, hardware, software, online, networks, back-ups, suppliers etc – so when cyber security (or operational) issues arise you and your support teams can quickly check if you are affected. From there you can take fast, effective action.
CISA also releases industrial control system advisories – if you are responsible for these types of systems you should monitor their news page:
Clive Catton MSc (Cyber Security) – by-line and other articles
