The US government Cybersecurity and Infrastructure Security Agency (CISA) is one of our go to location for information about exploited vulnerabilities and patching – the type of resource I discuss in this week’s CyberAwake article:
The Zero-day Threat – What can you do about it?
Keeping up with these issues is a way to reduce the attack surface for threat actors.
CISA This Week
CISA has issued a variety of cyber security advisories covering both hardware and software.
I mentioned this earlier in the week but Apple released a range of security updates across it’s product range to address among other things a zero-day flaw in iMessage:
Apple Releases Security Updates for Multiple Products | CISA
If you are not sure what risks the zero-day threat poses to your organisation have a look at this article:
The Zero-day Threat – What is it?
Other advisories were:
Juniper Networks Releases Security Advisory for Junos OS and Junos OS Evolved | CISA
Known Exploited Vulnerabilities Catalog
CISA maintains a list of products that are known to have exploited vulnerabilities. It includes link to patches and vendor sites. This advisory covers products from VMware, Microsoft, RoundCube and Mozilla.
CISA Adds Six Known Exploited Vulnerabilities to Catalog | CISA
CISA also releases industrial control system advisories – if you are responsible for these types of systems you should monitor their news page:
My advice: Either you or your IT support need to check whether these issues impact your systems. You need to have a master document that details your systems, hardware, software, online, networks, back-ups, suppliers etc – so when cyber security (or operational) issues arise you and your support teams can quickly check if you are affected. From there you can take fast, effective action.
Clive Catton MSc (Cyber Security) – by-line and other articles