CISA security advisories

The UK’s National Cyber Security Centre has joined with the US government Cybersecurity and Infrastructure Security Agency (CISA), FBI and US National Security Agency (NSA) to issue a security advisory about vulnerabilities in Cisco devices:

APT28 Exploits Known Vulnerability To Carry Out Reconnaissance and Deploy Malware on Cisco Routers | CISA

(We have been out checking the ones we are responsible for.)

CISA also added known vulnerabilities to its Known Exploited Vulnerabilities Catalog:

CISA Adds One Known Vulnerability to Catalog | CISA – this relates to the above joint statement about Cisco.

CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA – for Apple and Google products.

CISA also releases industrial control system advisories – if you are responsible for these types of systems you should monitor their news page:

Current Activity | CISA

My advice: Either you or your IT support need to check whether these issues impact your systems. You need to have a master document that details your systems, hardware, software, online, networks, back-ups, suppliers etc – so when cyber security (or operational) issues arise you and your support teams can quickly check if you are affected. From there you can take fast, effective action.