Security Bulletins

  • Vulnerability in Windows Common Controls active exploit

    April 11, 2012 at 3:24 PM EDT

    A remote code execution vulnerability exists such that an attacker who successfully exploited this vulnerability could run abitrary code on the target system, then install programs; view, change, or delete data; or create new accounts with full rights.

  • Mac Malware Exploiting Java Vulnerability

    April 5, 2012 at 2:51 PM EDT

    "Flashback" is Mac-specific malware that is currently spreading via a recently patched Java vulnerability

  • Vulnerability in Microsoft Remote Desktop

    March 16, 2012 at 11:42 AM EDT

    A remote code execution vulnerability exists such that an attacker who successfully exploited this vulnerability could run abitrary code on the target system, then install programs; view, change, or delete data; or create new accounts with full rights.

  • Phone Phishing Observed at IU

    February 28, 2012 at 12:53 PM EST

    Warning about phone calls requesting information or requesting users to take action to compromise computers.

  • Adobe Flash Player Critical Update

    February 16, 2012 at 10:04 AM EST

    Adobe Flash Player Critical Update

  • Vulnerability in Windows TrueType Font Parsing

    November 8, 2011 at 9:40 AM EST

    On November 3rd, Microsoft released an advisory reporting a new vulnerability in TrueType font parsing for all supported versions of Windows.

  • Microsoft Windows Firewall

    May 17, 2011 at 6:39 AM EDT

    Microsoft Windows Server 2008 R2 and Windows 7 Firewall Scope Resets Settings after Service Pack 1 (SP1) Installation.

  • Vulnerable Versions of Flash, Adobe Reader, Adobe Acrobat, Adobe AIR Being Exploited

    April 22, 2011 at 10:47 AM EDT

    On April 11, 2011, Adobe released an advisory reporting that a new vulnerability in Flash, Acrobat, Adobe Reader, and AIR is being actively exploited in the wild. Adobe released a patch for Flash and AIR on April 15, 2011. A patch for some affected version of Adobe Acrobat and Adobe Reader was released April 21, 2011.

  • Vulnerable Versions of Java Being Exploited

    April 15, 2011 at 2:40 PM EDT

    On February 25, 2011, Oracle released a Critical Patch Update Advisory for Java SE and Java for Business. Since that time, active exploits have been written for this vulnerability and are being spread.

  • Vulnerability in ASP.NET

    September 28, 2010 at 12:00 AM EDT

    On September 17, 2010, Microsoft released Security Advisory 2416728 which stated Microsoft was investigating public reports of a vulnerability in ASP.NET. On September 28, 2010 Microsoft released an out-of-band (outside the normal patch schedule) bulletin, Security Bulletin MS10-070 and associated patch to address the issue.

    • Subscribe to Bulletins

    Read the UISO Bulletins three different ways: HTML, RSS, and email.

    To subscribe via email, send an email message to listserv@indiana.edu with a body of:
    subscribe uiso-bulletins-l

    Security & Policy Blog Posts

  • May 10, 2012 at 7:48 AM

    • 55,000 Twitter Accounts Hacked
    Tens of thousands of Twitter accounts have been compromised in a recent hack attack in which more than 55,000 passwords were leaked and posted to Pastebin by anonymous hackers. You should probably change your Twitter password today.
  • May 7, 2012 at 8:47 AM

    • Mac OS X Lion User Passwords Exposed
    A mistake by Apple can cause Mac OS X 10.7.3 (Lion) to store your login password on the hard drive in clear text.
  • May 4, 2012 at 11:10 AM

    • Adobe Flash Player Security Update
    Adobe Flash Player Security Update
  • April 26, 2012 at 12:53 PM

    • Information Security and Privacy Program Awareness Update
    A memo has been sent to the President's Cabinet to help raise awareness of the Information Security and Privacy Program.