Security Bulletins

  • Vulnerability in some versions of OpenSSL

    Vulnerability in OpenSSL versions 1.0.1 before 1.0.1g

  • CryptoLocker

    New ransomware named CryptoLocker threatens to destroy data unless a payment is made.

  • Vulnerable Java versions being actively exploited

    Critical Java Vulnerability included in Exploit Kit

  • Vulnerabilities in Adobe ColdFusion

    This bulletin details four recently published, critical rated, vulnerabillies in Adobe ColdFusion and ways to mitigate the risk of them being exploited including the hotfix for supported versions.

  • Java Security Recommendations

    As the use of Java applets on websites continues to diminish and in light of the rash of recent vulnerability exploits, the implications of installing Java for use in web browsers should be considered carefully.

  • Zero Day Java 7 Vulnerability

    On January 10, 2013, security researchers reported a zeroday vulnerability in Oracle Java 1.7u10.

  • Vulnerability in Symantec Endpoint Protection

    On November 5th, 2012, the United States Computer Emergency Readiness Team (US-CERT) website announced their researcher had discovered a vulnerability in the way some versions of Symantec Endpoint Protections handle CAB files. This vulnerability may allow an unauthenticated remote or local attacker to execute arbitrary code with SYSTEM privileges on a targeted computer.

  • Vulnerability In Multiple Versions of Internet Explorer

    On September 17, 2012 Microsoft released Security Advisory 2757760 acknowledging an unpatched vulnerability in multiple versions of Internet Explorer.

  • Unpatched Vulnerability In Oracle Java Version 7 (aka 1.7)

    Unpatched Vulnerability In Oracle Java Version 7 (aka 1.7)

  • "Wire Transfer" Phishing Emails

    See an email about a wire transfer? You're right to be suspicious. These are definitely phishing/SPAM; you should simply delete them.

  • Subscribe to Bulletins

    Read the UISO Bulletins three different ways: HTML, RSS, and email.

    To subscribe via email, send an email message to list@indiana.edu with a body of:
    subscribe uiso-bulletins-l

    Security & Policy Blog Posts

  • We have received approximately 15 reports from faculty and staff who have had a fraudulent 2013 federal tax return submitted to the IRS in their name. There is no evidence the tax fraud is a result of a disclosure of information that originated from IU.
  • On March 24th 2014, Microsoft released an advisory describing a vulnerability in all supported versions of Microsoft Word.
  • Apple has released critical security updates to address a dangerous bug in Apple's implementation of SSL/TLS that affects multiple versions of iOS 6, iOS 7, Apple TV OS 6, OS X 10.9 (Maverics).