risk assessment

As security professionals, we are trained to think in worst-case scenarios. We run through the land of the theoretical, chasing “what if” scenarios as though they are lightning bugs to be gathered and stashed in a glass jar. Most of time, this type of thinking is absolutely the correct thing...

Severity Rating: Critical Revision Note: V1.0 (September 10, 2013): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a file that contains a specially crafted OLE...

Severity Rating: Important Revision Note: V1.0 (May 14, 2013): Bulletin published. Summary: This security update resolves one privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted file or previews a specially...

Severity Rating: Important Revision Note: V1.0 (November 13, 2012): Bulletin published. Summary: This security update resolves four privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially...

As previously mentioned in the Advance Notification blog on Thursday, today we’re releasing seven bulletins, one Critical-class and six Important-class bulletins. Before we discuss those releases, let’s take a closer look at the Security Advisories we also released today. Security...

Severity Rating: Important Revision Note: V1.0 (March 13, 2012): Bulletin published. Summary: This security update resolves one privately reported vulnerability in Microsoft Expression Design. The vulnerability could allow remote code execution if a user opens a legitimate...

Hello. As I previously mentioned in the Advance Notification Service blog post on Thursday, today we are releasing seven security bulletins, one of which is rated Critical in severity, with the remaining six classified as Important. These bulletins will address eight vulnerabilities in Microsoft...

Revision Note: V1.0 (September 26, 2011): Advisory published. Summary: Microsoft is aware of detailed information that has been published describing a new method to exploit a vulnerability in SSL 3.0 and TLS 1.0, affecting the Windows operating system. This vulnerability affects the...

Hello all. It has been very nearly a week since our Link Removed due to 404 Error at Black Hat. Now that everyone’s had some time to digest the basics, we’ve asked Senior Security Strategist and chief BlueHat Prize architect Katie Moussouris to stop by the Trustworthy Computing...

Does using Facebook put you at more risk elsewhere on the internet? | Naked Security

Hello all -- Over the years we’ve often talked about exploit mitigations – DEP, ASLR, SEHOP and so forth – as effective tools for improving computer security, reducing risk, preventing attacks, and minimizing operational disruption. Today we’re releasing a user’s...

TOKYO (AP) — Japanese nuclear regulators trusted that the reactors at Fukushima Dai-ichi were safe from the worst waves an earthquake could muster based on a single-page memo from the plant operator nearly a decade ago. In the Dec. 19, 2001 document — one double-sized page obtained by The...

Plant operator Tepco reveals meltdown and breach of pressure vessel, with Greenpeace warning against pumping water in. Greenpeace has urged Tepco to abandon plans to flood the container with water, given the likelihood that melted fuel had damaged it. Shaun Burnie, nuclear adviser to Greenpeace...

Hello everyone, Today we are announcing changes to Microsoft’s Link Removed Since October 2008, we have used the Exploitability Index to provide customers with valuable exploitability analysis for our security bulletins, and starting Tuesday this information will become even more...

Exploitability Index Improvements Now Offer Additional Guidance In October of 2008, Microsoft published its first Link Removed a rating system that helps customers identify the likelihood that a specific vulnerability would be exploited within the first 30 days after bulletin release. As of...

Scientists of earth, sea and sky, scholars of law, politics and philosophy: In three intense days cloistered behind Chicheley Hall's old brick walls, four dozen thinkers pondered the planet's fate as it grows warmer, weighed the idea of reflecting the sun to cool the atmosphere and debated the...

Of the 31 nations and regions with nuclear power plants, Japan is the most at risk of being hit by an earthquake. Particularly worrisome is the fact that Japan has lots of nuclear power plants and nuclear power plants and nuclear treatment facilities are built in earthquake-prone areas. The...

December 10, 2010 Weird News: Bad lung beats none at all Britain’s National Health Service acknowledged in November that, because of a shortage of healthy lungs and other organs available for transplant, it was offering those on waiting lists the option of receiving them from former...

Hello all. As part of our usual cycle of monthly updates, todayMicrosoft is releasing three security bulletins, addressing 11 vulnerabilities.One of the bulletins has a Critical severity rating, while the other two arerated Important. Recapping the trio: Link Removed due to 404 Error This...

Severity Rating: Important - Revision Note: V1.0 (October 12, 2010): Bulletin published.Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All...