News

Information Security and Policy has received confirmed reports of recent attempts to deliver the "Locky" family of Ransomware via malicious email attachments. Campus users are advised to be vigilant as Ransomware like Locky can be extremely destructive. Please review the full security alert for guidance.

Adobe has released security updates for Adobe Flash Player that addresses multiple, critical vulnerabilities that could allow an attacker to take control of an affected system. Microsoft has released an out-of-band patch for Adobe Flash Player when on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.

The OpenSSL development team published a security advisory regarding high-impact TLS/SSL vulnerabilities, which could allow an attacker to decrypt TLS sessions by using a server supporting legacy ciphers (CVE-2016-0800).

The glibc (since version 2.9) DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used. Software using this function may be remotely exploited with attacker-controlled domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack.

A remote code execution vulnerability has been discovered in Joomla versions 1.5.0 to version 2.4.5. Exploits for this vulnerability have been observed in the wild. Patches are available and users are advised to upgrade immediately.

A serious vulnerability in Apache Commons, a library that contains a widely used set of Java components maintained by the Apache Software Foundation, puts thousands of Java applications and servers at risk of remote code execution attacks.

A critical vulnerability that can be exploited remotely without authentication has been discovered in Drupal 7.

A major flaw, dubbed POODLE, has been discovered by Google in the design of SSL version 3.0.

A remotely exploitable flaw has been discovered in GNU Bash that allows code execution through specially-crafted environment variables.

A critical information disclosure flaw dubbed "Heartbleed" has been discovered in the OpenSSL library.