Security Bulletins

  • Adobe Flash Vulnerability Currently Being Exploited

    Adobe Flash is vulnerable to exploit that could allow an attacker to take control of the affected system.

  • Critical SSL Vulnerability: POODLE

    Vulnerability in SSL 3.0

  • Critical Bash Exploit: Shellshock

    Critical Bash Exploit: Shellshock

  • Vulnerability in some versions of OpenSSL

    Vulnerability in OpenSSL versions 1.0.1 before 1.0.1g

  • CryptoLocker

    New ransomware named CryptoLocker threatens to destroy data unless a payment is made.

  • Vulnerable Java versions being actively exploited

    Critical Java Vulnerability included in Exploit Kit

  • Vulnerabilities in Adobe ColdFusion

    This bulletin details four recently published, critical rated, vulnerabillies in Adobe ColdFusion and ways to mitigate the risk of them being exploited including the hotfix for supported versions.

  • Java Security Recommendations

    As the use of Java applets on websites continues to diminish and in light of the rash of recent vulnerability exploits, the implications of installing Java for use in web browsers should be considered carefully.

  • Zero Day Java 7 Vulnerability

    On January 10, 2013, security researchers reported a zeroday vulnerability in Oracle Java 1.7u10.

  • Vulnerability in Symantec Endpoint Protection

    On November 5th, 2012, the United States Computer Emergency Readiness Team (US-CERT) website announced their researcher had discovered a vulnerability in the way some versions of Symantec Endpoint Protections handle CAB files. This vulnerability may allow an unauthenticated remote or local attacker to execute arbitrary code with SYSTEM privileges on a targeted computer.

  • Subscribe to Bulletins

    Read the UISO Bulletins three different ways: HTML, RSS, and email.

    To subscribe via email, send an email message to with a body of:
    subscribe uiso-bulletins-l

    Security & Policy Blog Posts

  • The GHOST vulnerability allows an attacker to remotely take control of a system.
  • Drupal announced the availability of a patch to fix a critical SQL injection vulnerability in Drupal 7.
  • Creating and maintaining a disaster recovery plan for departments and thier critical services