The gap between the vendor discovering a vulnerability and the patch getting to you will always be an issue – this is the zero-day threat. It escalates if the threat actors became aware of the vulnerability and exploits it before the vendor becomes aware. Now research by Mandiant shows that, …
CISA security advisory for Drupal
Drupal is a CMS platform, similar to WordPress, so it is out there on the internet, vulnerable for exploitation. So if you use Drupal get it patched: Drupal Releases Security Advisory to Address Vulnerability in Drupal Core | CISA Do you know if your organisation’s website is hosted on Drupal …
US government Cybersecurity and Infrastructure Security Agency Advisories
The US government Cybersecurity and Infrastructure Security Agency (CISA) site in one of my “go to” places for information on vulnerabilities, exploitations and patches. Built for the US Government, and American centric, it is still a great resource. This week it has run an excellent article for security professionals on …
Continue reading “US government Cybersecurity and Infrastructure Security Agency Advisories”
Patching Matters…
…for governments and for you. Hot on the heels of Microsoft’s Patch Tuesday – an important day of the month for patches and updates from many vendors – is appears that various threat actors gained access to an unpatched US Government Agency server, exploiting a three year old vulnerability that …
Patch Tuesday
Yesterday was Patch Tuesday – so get ready for your Windows PC to ask you to rebbot your machine – even though you are in the middle of a job – read about that here. What is fixed this month? The headlines are- as it is every month – this …
