Security Bulletins

  • Vulnerabilities in Adobe ColdFusion

    February 12, 2013 at 10:03 AM EST

    This bulletin details four recently published, critical rated, vulnerabillies in Adobe ColdFusion and ways to mitigate the risk of them being exploited including the hotfix for supported versions.

  • Java Security Recommendations

    January 22, 2013 at 8:02 AM EST

    As the use of Java applets on websites continues to diminish and in light of the rash of recent vulnerability exploits, the implications of installing Java for use in web browsers should be considered carefully.

  • Zero Day Java 7 Vulnerability

    January 10, 2013 at 12:59 PM EST

    On January 10, 2013, security researchers reported a zeroday vulnerability in Oracle Java 1.7u10.

  • Vulnerability in Symantec Endpoint Protection

    November 8, 2012 at 2:50 PM EST

    On November 5th, 2012, the United States Computer Emergency Readiness Team (US-CERT) website announced their researcher had discovered a vulnerability in the way some versions of Symantec Endpoint Protections handle CAB files. This vulnerability may allow an unauthenticated remote or local attacker to execute arbitrary code with SYSTEM privileges on a targeted computer.

  • Vulnerability In Multiple Versions of Internet Explorer

    September 18, 2012 at 3:16 PM EDT

    On September 17, 2012 Microsoft released Security Advisory 2757760 acknowledging an unpatched vulnerability in multiple versions of Internet Explorer.

  • Unpatched Vulnerability In Oracle Java Version 7 (aka 1.7)

    August 28, 2012 at 9:50 AM EDT

    Unpatched Vulnerability In Oracle Java Version 7 (aka 1.7)

  • "Wire Transfer" Phishing Emails

    June 5, 2012 at 10:19 AM EDT

    See an email about a wire transfer? You're right to be suspicious. These are definitely phishing/SPAM; you should simply delete them.

  • Vulnerability in Windows Common Controls active exploit

    April 11, 2012 at 3:24 PM EDT

    A remote code execution vulnerability exists such that an attacker who successfully exploited this vulnerability could run abitrary code on the target system, then install programs; view, change, or delete data; or create new accounts with full rights.

  • Mac Malware Exploiting Java Vulnerability

    April 5, 2012 at 2:51 PM EDT

    "Flashback" is Mac-specific malware that is currently spreading via a recently patched Java vulnerability

  • Vulnerability in Microsoft Remote Desktop

    March 16, 2012 at 11:42 AM EDT

    A remote code execution vulnerability exists such that an attacker who successfully exploited this vulnerability could run abitrary code on the target system, then install programs; view, change, or delete data; or create new accounts with full rights.

    • Subscribe to Bulletins

    Read the UISO Bulletins three different ways: HTML, RSS, and email.

    To subscribe via email, send an email message to list@indiana.edu with a body of:
    subscribe uiso-bulletins-l

    Security & Policy Blog Posts

  • May 17, 2013 at 12:52 PM

    • Critical Linux Kernel Security Update
    A local, unprivileged user can use a Linux kernel flaw to gain escalated privileges, without authentication, on a system running a Linux kernel. Technical details, as well as exploit code, have been publically released.
  • April 10, 2013 at 4:07 PM

    • S/MIME certificates available
    S/MIME certificates are now available to all IU personnel at no cost.
  • March 13, 2013 at 4:00 PM

    • Policy Draft IT-28 Provisioning of IT Services
    IU VP for IT and Chief Information Officer, Brad Wheeler, spoke at a town hall meeting on March 8th on the subject of, “Mitigating Cyber Risks,” including the current risk environment, and the development of IT-28.
  • March 1, 2013 at 5:06 PM

    • Domain 12: Compliance
    As Jacqueline Simmons explains, IU operates in a complex legal, regulatory, & contractual environment, with responsibilities to comply with applicable legal, regulatory, & contractual requirements regarding