risk assessment

Microsoft's Unified SecOps Platform is making waves with its latest multi-workspace for multi-tenant support, an evolution designed to simplify and strengthen the management of security operations across modern, hybrid environments. This much-anticipated feature, now available in public preview...

Windows Server 2025 has hit a snag that could send ripples through countless enterprise networks by jeopardizing one of its most critical components—the domain controllers. Microsoft recently disclosed that following a restart, affected domain controllers might load the default firewall profile...

Introduction In today’s ever-evolving cybersecurity landscape, even the most robust industrial control systems (ICS) are not immune to vulnerabilities. A recently disclosed advisory on Hitachi Energy’s PCU400 and PCULogger products draws attention to critical flaws that could allow remote...

Ah, the sweet allure of industrial control systems! They're the backbone of our modern infrastructure, working tirelessly and silently in the background, yet as prone to digital threats as our more consumer-facing tech. Today, we delve into significant news about a vulnerability in Schneider...

Imagine this: Switzerland’s oldest private insurance company, Mobiliar, founded way back in 1826, has taken a quantum leap into the digital age, blending its centuries-old expertise with cutting-edge AI and cloud-based solutions. What’s the result? A transformation so robust that even the most...

If you're rocking Windows 11 on hardware that doesn't quite meet Microsoft's stringent requirements, you might want to pay close attention. Microsoft has issued a pointed warning to users side-stepping compatibility rules to run the latest Windows OS on unsupported devices. This move isn't just...

In an age where the buzz of digital connectivity rings louder than ever, security vulnerabilities can play the proverbial fly in the ointment. Recently, CISA (Cybersecurity and Infrastructure Security Agency) made waves with an advisory revolving around the vulnerabilities in the 2N Access...

If you’ve been connecting your critical infrastructure and automation systems to the internet, then you need to sit up and take notice. Recent advisories from the Cybersecurity and Infrastructure Security Agency (CISA) have highlighted some alarmingly severe vulnerabilities within the...

In a significant advisory release on October 3, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) warned about severe vulnerabilities in the TEM Opera Plus FM Family Transmitter. The discovery has raised red flags for organizations using this equipment, especially in...

:zoned:

Original release date: October 17, 2019 Summary On January 14, 2020, Microsoft will end extended support for their Windows 7 and Windows Server 2008 R2 operating systems.[1] After this date, these products will no longer receive free technical support, or software and security updates...

Revision Note: V3.0 (April 14, 2015): Revised advisory to announce with the release of security update 3038314 on April 14, 2015 SSL 3.0 is disabled by default in Internet Explorer 11, and to add instructions for how to undo the workarounds. Summary: Microsoft is aware of detailed information...

Every day, the Microsoft Security Response Center (MSRC) receives vulnerability reports from security researchers, technology/industry partners, and customers. We want those reports, because they help us make our products and services more secure. High-quality reports that include proof of...

For the second in this series of blog entries we want to look into which vulnerability reports make it into the monthly release cadence. It may help to start with some history. In September 2003 we made a change from a release anytime approach to a mostly predictable, monthly release cadence...

Original release date: June 12, 2017 | Last revised: July 27, 2017 Systems Affected Industrial Control Systems Overview The National Cybersecurity and Communications Integration Center (NCCIC) is aware of public reports from ESET and Dragos outlining a new, highly capable Industrial...

Original release date: June 12, 2017 Systems Affected Industrial Controls Systems Overview The National Cybersecurity and Communications Integration Center (NCCIC) is aware of public reports from ESET and Dragos outlining a new, highly capable Industrial Controls Systems (ICS) attack...

Original release date: April 27, 2017 Systems Affected Networked Systems Overview The National Cybersecurity and Communications Integration Center (NCCIC) has become aware of an emerging sophisticated campaign, occurring since at least May 2016, that uses multiple malware implants. Initial...

Today, Microsoft triaged a large release of exploits made publicly available by Shadow Brokers. Understandingly, customers have expressed concerns around the risk this disclosure potentially creates. Our engineers have investigated the disclosed exploits, and most of the exploits are already...

Original release date: March 16, 2017 Systems Affected All systems behind a hypertext transfer protocol secure (HTTPS) interception product are potentially affected. Overview Many organizations use HTTPS interception products for several purposes, including detecting malware that uses HTTPS...

Severity Rating: Important Revision Note: V1.0 (November 8, 2016): Bulletin published. Summary: The Windows Virtual Hard Disk Driver improperly handles user access to certain files. An attacker can manipulate files in locations not intended to be available to the user by exploiting this...