Critical is Adobe's highest vulnerability rating and could when exploited allow malicious native-code to execute, potentially without a user being aware.

More information is available in Adobe's security bulletin 11-28, which also has links to update downloads.

Norman recommends that affected users update their Adobe Flash player as soon as possible.

Critical is Microsoft's highest vulnerability rating.

A summary describing briefly the vulnerabilities is available from Microsoft's Security Bulletin Summary for November 2011.
From this page you will also find links to more detailed information in Microsoft's Security Bulletins MS11-083 - MS11-086.

The critical update addresses the following issue:

• One privately reported vulnerability in TCP/IP. 

As expected Microsoft did not include any update for the recently discovered zero-day vulnerability in TrueType Font Parsing, which is used by Duqu. An out-of-band update for this is likely. Until a security update is available, Microsoft has published a workaround in the form of a fixit solution.

Updates that fixes the vulnerabilities addressed in the November bulletins are available from Windows automatic update mechanism.
To manually check for updates Click the Start button, click All Programs and then click Windows Update.

Norman advices all affected users to download the relevant security updates as soon as possible, to be protected from potential exploits.

This is part three of our multi-part series "An approach to an organization's risk factors".

We strongly recommend that you read these articles sequentially, starting with part 1 here.

The first article discussed different procedures and systems that could be invoked in order to mitigate risk. The second article discussed Electronic factors as an area of risk. In this third and final part we will examine Human attack factors and Physical factors.

3. Human attack factors

By human attack…

This is the second part of of our multi-part series "An approach to an organization's risk factors".

We strongly recommend that you read these articles sequentially, starting with part 1 here.

The previous article discussed different procedures and systems that could be invoked in order to mitigate risk. In subsequent parts we will examine areas at risk, starting with Electronic factors.

2. Electronic factors

By electronic factors, we will include all types of issues with the organization…

Any organization is exposed to some kind of risks. How an organization deals with this fact, however differs widely.

The larger organizations are probably better equipped to allocate sufficient resources to implement the systems that are available in security standards. Smaller organizations may feel that these are not so well suited for their needs.

However, the organization may find it useful to perform a systematic analysis of its vulnerabilities, the probability for their exploitation,…

Secure communication has been the target of several types of attack this year.  In our security article in June, Secure tokens turn insecure, we wrote about the attack against RSA, an event that turned out to have serious consequences for several high-profile vendors of military systems.  In September we wrote about breaches in the security authorization model in Secure browsing turns insecure (again). And earlier this month we wrote about BEAST (Browser Exploit Against SSL/TLS).

Yet another…

Critical is Microsoft's highest vulnerability rating.

A summary describing briefly the vulnerabilities is available from Microsoft's Security Bulletin Summary for October 2011.
From this page you will also find links to more detailed information in Microsoft's Security Bulletins MS11-075 - MS11-082.

The critical…

One popular way to trick users into infecting themselves is to use links in emails. However, the criminals are constantly looking at new ways to trick us. In this article, we shall examine a new one.

Background

In recent years, the most popular way to spread malicious software has been through web sites. Many different techniques are used, and several of our previous articles have discussed these. Among the more common types are

• the real link in an email is a different than the…