Security Bulletins

  • Vulnerability in some versions of OpenSSL

    Vulnerability in OpenSSL versions 1.0.1 before 1.0.1g

  • CryptoLocker

    New ransomware named CryptoLocker threatens to destroy data unless a payment is made.

  • Vulnerable Java versions being actively exploited

    Critical Java Vulnerability included in Exploit Kit

  • Vulnerabilities in Adobe ColdFusion

    This bulletin details four recently published, critical rated, vulnerabillies in Adobe ColdFusion and ways to mitigate the risk of them being exploited including the hotfix for supported versions.

  • Java Security Recommendations

    As the use of Java applets on websites continues to diminish and in light of the rash of recent vulnerability exploits, the implications of installing Java for use in web browsers should be considered carefully.

  • Zero Day Java 7 Vulnerability

    On January 10, 2013, security researchers reported a zeroday vulnerability in Oracle Java 1.7u10.

  • Vulnerability in Symantec Endpoint Protection

    On November 5th, 2012, the United States Computer Emergency Readiness Team (US-CERT) website announced their researcher had discovered a vulnerability in the way some versions of Symantec Endpoint Protections handle CAB files. This vulnerability may allow an unauthenticated remote or local attacker to execute arbitrary code with SYSTEM privileges on a targeted computer.

  • Vulnerability In Multiple Versions of Internet Explorer

    On September 17, 2012 Microsoft released Security Advisory 2757760 acknowledging an unpatched vulnerability in multiple versions of Internet Explorer.

  • Unpatched Vulnerability In Oracle Java Version 7 (aka 1.7)

    Unpatched Vulnerability In Oracle Java Version 7 (aka 1.7)

  • "Wire Transfer" Phishing Emails

    See an email about a wire transfer? You're right to be suspicious. These are definitely phishing/SPAM; you should simply delete them.

  • Subscribe to Bulletins

    Read the UISO Bulletins three different ways: HTML, RSS, and email.

    To subscribe via email, send an email message to list@indiana.edu with a body of:
    subscribe uiso-bulletins-l

    Security & Policy Blog Posts

  • Creating and maintaining a disaster recovery plan for departments and thier critical services
  • How workplace culture affects information security and how that culture can be improved.