Security Bulletins

  • Critical Vulnerability in Windows OpenType Font Drivers

    RCE vulnerability in OpenFont support for all versions of Windows

  • Actively Exploited Zero-Day Java Vulnerability - Updated

    Notice of a zero-day vulnerability in Oracle's Java has been made public

  • Zero-Day Adobe Flash Player Vulnerabilities - Updated

    Multiple Zero-Day Flash vulnerabilities.

  • Critical Vulnerability in Microsoft HTTP.sys

    A critical vulnerability in Microsoft's HTTP.sys component may lead to remote code execution.

  • Adobe Flash Vulnerability Currently Being Exploited

    Adobe Flash is vulnerable to exploit that could allow an attacker to take control of the affected system.

  • Critical SSL Vulnerability: POODLE

    Vulnerability in SSL 3.0

  • Critical Bash Exploit: Shellshock

    Critical Bash Exploit: Shellshock

  • Vulnerability in some versions of OpenSSL

    Vulnerability in OpenSSL versions 1.0.1 before 1.0.1g

  • CryptoLocker

    New ransomware named CryptoLocker threatens to destroy data unless a payment is made.

  • Vulnerable Java versions being actively exploited

    Critical Java Vulnerability included in Exploit Kit

  • Subscribe to Bulletins

    Read the UISO Bulletins three different ways: HTML, RSS, and email.

    To subscribe via email, send an email message to list@indiana.edu with a body of:
    subscribe uiso-bulletins-l

    Security & Policy Blog Posts

  • OpenSSL vulnerability made public on JUly 9, 2015 does not impact current popular linux distrubitons
  • The GHOST vulnerability allows an attacker to remotely take control of a system.
  • Drupal announced the availability of a patch to fix a critical SQL injection vulnerability in Drupal 7.
  • Creating and maintaining a disaster recovery plan for departments and thier critical services