We have been regularly visiting the US government Cybersecurity and Infrastructure Security Agency (CISA), it is one of our go-to sources for cyber security information. However it is a while since we have looked at CISA and the security patches and advice they supply – the week of Microsoft’s Patch Tuesday is a good time to catch-up.
Here is a round-up of their alerts:
Microsoft Releases June 2024 Security Updates | CISA – Patch Tuesday
Fortinet Releases Security Updates for FortiOS | CISA
Cisco Releases Security Updates for Multiple Products | CISA
Adobe Releases Security Updates for Multiple Products | CISA
Some of these patches, if they impact you should have been done some time ago. If you have missed them, get them done and then ask yourself why you missed these cyber security updates?
Known Exploited Vulnerabilities Catalog
This data base is a valuable resource for vulnerabilities that are known to be being actively attacked. Recently included vendors and software include, Oracle, PHP, Linux, Google Chromium (Microsoft Edge browser, among others, is based on this product), Apache etc..
Known Exploited Vulnerabilities Catalog | CISA
CISA also releases industrial control system advisories – if you are responsible for these types of systems you should monitor their news page:
My advice: Either you or your IT support need to check whether these issues impact your systems. You need to have a master document that details your systems, hardware, software, online, networks, back-ups, suppliers etc – so when cyber security (or operational) issues arise you and your support teams can quickly check if you are affected. From there you can take fast, effective action.
Clive Catton MSc (Cyber Security) – by-line and other articles