News

Security Alerts

September 6, 2017

Summary

A critical vulnerability has been discovered in the Apache Struts web application framework for Java web applications. A remote code execution attack is possible when using the Apache Struts REST plugin with XStream handler to deserialise XML requests. [1]

Impact

Attackers can execute arbitrary code remotely by exploiting this vulnerability.

June 14, 2017

Summary

A remote code execution vulnerability exists when Windows Search handles objects in memory.  This can be exploited by an attacker sending a specially crafted SMB message to the Windows Search service. [4]

Due to recent nation-state activity and the elevated risk of potential cyber attacks, Microsoft has released security updates for older unsupported versions of Windows for this issue as well as other high-severity fixes in the June patch release. [1]

May 25, 2017

Summary

The samba team has released a patch for a Remote Code Execution bug that affects all versions between 3.5.0 and 4.6.3/4.5.9/4.4.13. This vulnerability will allow a malicious attacker to upload a library to a writable share then cause the server to execute that library. [1] Patches are available from the samba.org. [2]

Impact

March 9, 2017

Summary

A critical vulnerability has been discovered and released in the Apache Struts 2 framework. Patches are available from Apache. [1]

Impact

This vulnerability allows for unauthenticated, remote code execution on the server. Further, there are at least two known public exploits for this vulnerability [2] and ISP has already started to see scanning and exploit attempts against campus systems.

February 3, 2017

Summary

WordPress has fixed several critical flaws in its content management system, addressing cross-site scripting and sql injection bugs, along with a severe privilege escalation / content injection vulnerability. [1]

October 24, 2016

A local privilege escalation vulnerability has been found in the Linux kernel. Nearly all versions of Linux are affected, and when exploited, attackers can escalate local privileges to root. Linux users are advised to patch or implement temporary mitigation immediately.

July 13, 2016

Highly critical remote code execution vulnerabilities have been announced by the Drupal security team for the third-party modules RESTWS, Coder, and Webform Multiple File Upload. Open Berkeley Drupal sites are NOT affected.

June 29, 2016

Multiple, critical vulnerabilities have been discovered in Symantec products including Symantec Endpoint Protection (SEP), an anti-virus product previously licensed and distributed on campus. Users are advised to remove or upgrade affected Symantec products.

June 13, 2016

Apple has announced that it will no longer support Quicktime on Windows. All users are advised to remove Quicktime on Windows machines as there are multiple zero-day, remote code execution vulnerabilities that Apple has announced they will not be patching.

May 24, 2016

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2016-4117 exists in the wild. Please refer to APSA16-02 for additional details.

May 5, 2016

Multiple Vulnerabilities have been discovered in ImageMagick, an open-source software library for displaying, converting, and editing a wide range of image types. Attackers may be able to execute arbitrary code remotely by exploiting this vulnerability.

April 28, 2016

Information Security and Policy has received confirmed reports of recent attempts to deliver the "Locky" family of Ransomware via malicious email attachments. Campus users are advised to be vigilant as Ransomware like Locky can be extremely destructive. Please review the full security alert for guidance.

March 10, 2016

Adobe has released security updates for Adobe Flash Player that addresses multiple, critical vulnerabilities that could allow an attacker to take control of an affected system. Microsoft has released an out-of-band patch for Adobe Flash Player when on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.

March 2, 2016

The OpenSSL development team published a security advisory regarding high-impact TLS/SSL vulnerabilities, which could allow an attacker to decrypt TLS sessions by using a server supporting legacy ciphers (CVE-2016-0800).

February 18, 2016

The glibc (since version 2.9) DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used. Software using this function may be remotely exploited with attacker-controlled domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack.

December 15, 2015

A remote code execution vulnerability has been discovered in Joomla versions 1.5.0 to version 2.4.5. Exploits for this vulnerability have been observed in the wild. Patches are available and users are advised to upgrade immediately.

November 13, 2015

A serious vulnerability in Apache Commons, a library that contains a widely used set of Java components maintained by the Apache Software Foundation, puts thousands of Java applications and servers at risk of remote code execution attacks.

October 15, 2014

A critical vulnerability that can be exploited remotely without authentication has been discovered in Drupal 7.

October 14, 2014

A major flaw, dubbed POODLE, has been discovered by Google in the design of SSL version 3.0.

September 24, 2014

A remotely exploitable flaw has been discovered in GNU Bash that allows code execution through specially-crafted environment variables.