CISA issues security advisories across a range of popular products

It has been a busy couple of days at the US Cybersecurity and Infrastructure Security Agency as they issue a range of security advisories: Drupal Releases Security Update | CISA Microsoft Releases Guidance on Zero-Day Vulnerabilities in Microsoft Exchange Server | CISA Cisco Releases Security Updates for Multiple Products | …

Log4shell – the vulnerability that is inside many software packages – just ask VMware – is here to stay

The SolarWinds attack, where the threat actors got inside SolarWinds’ systems and added their malicious code to a legitimate software update, so having SolarWinds distribute this malware to many of its high and low profile customers around the world, seems a long time ago now. But at least in this …

You need to be aware of the support status of your Cisco equipment

Here is something new to add to your cyber security plan – the end-of-life of any Cisco equipment you have, as Cisco is no longer going to issue security patches for expired products: Cisco won’t fix authentication bypass zero-day in EoL routers (bleepingcomputer.com) You or your cyber security team need …

CISA security updates for Cisco and Apple

The US Cybersecurity and Infrastructure Security Agency has issued several security updates: Cisco Releases Security Update for Cisco Secure Web Appliance | CISA Here is the notice about the important Apple updates: Apple Releases Security Updates for Multiple Products | CISA