Subscribe: SecurePurdue - Advisory Alerts
http://www.purdue.edu/securepurdue/news/securePurdueRSS_5.xml
Added By: Feedage Forager Feedage Grade A rated
Language: English
Tags:
adobe  advisory  critical  email alert  email  java  multiple  phishing email  phishing  purdue  vulnerabilities  vulnerability 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: SecurePurdue - Advisory Alerts

SecurePurdue - Advisory Alerts



Collaborating to create the university of the future through IT. Service quality, powerful partnerships, and a great place to work.



Published: Wed, 25 Aug 2010 09:28:24 -0400

 



Advisory: Critical Bash Update - Updated

Wed, 24 Sep 2014 00:00:00 -0400

A serious vulnerability (CVE-2014-6271) for Bash was discovered where remote command injection is possible through means that would call a Bash shell. Common services that would be affected are sshd, apache, DHCP, or any other service that uses shell scripts to export variables.



Advisory: SSDP Vulnerability

Fri, 08 Aug 2014 00:00:00 -0400

Systems with a running SSDP service available on a publicly accessible IP address are especially vulnerable to attack. A remote, unauthenticated attacker may be able to execute arbitrary code on the device or cause a denial of service.



Advisory: Java Critical Update

Thu, 17 Jul 2014 00:00:00 -0400

Oracle released the Critical Patch Update for July 2014 to address many vulnerabilities in a large number of its products. Java SE was updated to correct twenty (20) security vulnerabilities. ITSP recommends that you apply this Java update as soon as possible.



Advisory: IPMI Vulnerability

Fri, 11 Jul 2014 00:00:00 -0400

Systems with IPMI availability, on a publicly accessible IP address, are especially vulnerable to attack. Attackers can easily identify and control systems that run IPMI and can steal username/password combinations, gain complete control over hardware/software/firmware, and grant remote access to the BIOS and operating system.



Advisory: HP Network Printer Issue

Thu, 03 Apr 2014 00:00:00 -0400

Since April 1st 2014 (April Fools' Day), we have received multiple reports that network printers on the campus network have a status message on the display panel that say "VOTE FOR JOSH".



NTP Amplification Attacks

Thu, 20 Feb 2014 00:00:00 -0500

Open NTP servers that answer to get monlists requests on the Purdue network. These servers can be used to attack other organizations through Distributed Denial of Service attacks (DDoS).



Advisory: Malicious Email Alert - Fake Delta Email Leads to Trojan

Wed, 22 Jan 2014 00:00:00 -0500

A malicious email was sent to several university members that claimed to be from Delta regarding the purchase of a ticket.



Malicious email alert: "Voice Message from Unknown [random number]"

Wed, 23 Oct 2013 01:00:00 -0400

Email containing malicious .zip attachment with .exe application file. The application is suspected to contain Cryptoware/Ransomware.



Malicious email alert: "Scanned Image from a Xerox WorkCentre"

Wed, 23 Oct 2013 01:00:00 -0400

Email containing malicious .zip attachment with .exe application file. The application is suspected to contain Cryptoware/Ransomware.



Red Hat critical java-1.7.0-oracle security update

Mon, 21 Oct 2013 01:00:00 -0400

Red Hat has issued a critical update for java-1.7.0-oracle and java-1.7.0-openjdk.



VMware Multiple Products Java Multiple Vulnerabilities

Mon, 21 Oct 2013 01:00:00 -0400

VMware has acknowledged multiple vulnerabilities in multiple products.



Advisory Phishing Email Important Notice 10/10/2013

Thu, 10 Oct 2013 01:00:00 -0400

Phishing email spoofing "Purdue Security Team" targeting myPurdue users.



Advisory: Annual Form - Authorization to Use Privately Owned Vehicle on State Business

Tue, 08 Oct 2013 01:00:00 -0400

Phishing email with an attached form is asking Purdue users to fill out if using a personal vehicles while on state business.



ColdFusion 10 Vulnerability

Tue, 08 Oct 2013 01:00:00 -0400

Adobe Source Code Breach - ColdFusion 10 Vulnerability



Phishing Email Alert: "Webmail upgrade notification" - 9/11/2013

Wed, 11 Sep 2013 01:00:00 -0400

Phishing Email Alert: "Webmail upgrade notification" - 9/11/2013



DNS Amplification attacks

Mon, 26 Aug 2013 01:00:00 -0400

We have received several external notices of open DNS servers that answer recursive requests on the Purdue network. These servers can be used to attack other organizations through Distributed Denial of Service attacks (DDoS). This type of attack is known as DNS Amplification. To prevent the Purdue network from being a launch point for devastating attacks across the internet, we ask that you review your DNS configuration and disable recursive requests.



Advisory: Phishing Email Alert: "New Message" - 7/8/2013

Mon, 08 Jul 2013 16:00:00 -0400

New spear phishing attempt targeting Purdue students, faculty, and staff.



Phishing Email Alert: Important Notification - Purdue Career Account Access

Tue, 07 May 2013 00:00:00 -0400

New spear phishing attempt targeting Purdue students, faculty, and staff.



Phishing Email - "Your myMail Account is on Restriction"

Fri, 19 Apr 2013 01:00:00 -0400

There was recently a spear-phishing attempt that was sent out to Purdue users that attempted to trick them into logging into a fake myMail login page.



Phishing Email Alert: **{Suspension Of Your purdue.edu Account}**

Sun, 27 Jan 2013 13:00:00 -0500

New spear phishing attempt targeting Purdue students, faculty, and staff.



Phishing Email Alert: [Your Webmail Account is on Restriction]

Thu, 24 Jan 2013 15:36:00 -0500

A spear-phishing attempt is circulating targeting Purdue users.



(UPDATED 1/14) Java 7 Zero Day Vulnerability

Fri, 11 Jan 2013 01:00:00 -0500

On January 10, 2013, security researchers reported an unpatched vulnerability in Oracle Java 1.7u10.



Java Zero-Day Patched

Fri, 16 Apr 2010 01:00:00 -0400

Sun Java vulnerability caused by an input handling error that can be exploited to execute Java based programs has been reported. NOTE: Patch Available



Microsoft Server Message Block (SMB) Vulnerability allows for Remote Code Execution

Fri, 02 Oct 2009 01:00:00 -0400

Update 2: Microsoft has released a "Fix-it" tool to automatically disable the SMBv2 service, which is presently the only known mitigation technique other than implementing firewall rules to block SMB traffic.



Microsoft Office Web Components ActiveX Remote Code Execution Vulnerability

Mon, 13 Jul 2009 01:00:00 -0400

The Microsoft Office Web Components ActiveX control used by Internet Explorer contains a vulnerability that when exploited will allow an attacker to gain rights of the local user and allow remote code execution.



Critical Unpatched Internet Explorer Issue

Fri, 12 Dec 2008 01:00:00 -0500

An unpatched vulnerability exists in Internet Explorer 7 which may allow an attacker to compromise a user's system simply by having the user browse to a specially crafted web page. User's should be EXTREMELY cautious while browsing the web with IE7 before a patch is released and downloaded, and it is suggested that an alternate web browser be used. This exploit has already been seen in active use in the the wild.



Phishing Emails Threatening Internet Service Disconnection Carry Virus

Wed, 17 Sep 2008 01:00:00 -0400

This email has been reported by numerous users of Purdue email systems. In some cases it has been reported that the .exe file contained in the zip file attachment named "user-EA49943X-activities.zip" has propagated automatically to c:\temp\escan\user-EA49943X-activities.zip\user-EA49943X-activities.exe where a virus scanner had flagged its presence. It is unknown by what mechanism this file was unzipped as none of the users reported clicking on or opening the email.



Critical SSH Issue Involving Education and Research Institutions

Tue, 26 Aug 2008 01:00:00 -0400

Starting in March of this year, a large number of research and education systems have been compromised using stolen SSH keys. The keys are used to gain system access as an unprivileged user, and then local kernel exploits are used to gain administrative access and install a rootkit and gather more SSH keys.



Multiple reports of attempted and successful SQL injection attacks against campus web sites.

Fri, 18 Jul 2008 01:00:00 -0400

Multiple reports of attempted and successful SQL injection attacks against campus web sites.



Adobe Acrobat and Reader Vulnerability affects Windows and Macs

Mon, 30 Jun 2008 01:00:00 -0400

Adobe has reported a critical vulnerability in Acrobat and Reader. The vulnerability could allow a malicious user to crash an affected machine to gain full access. Most versions are affected.



Multiple Xserver and XInput Vulnerabilities

Wed, 23 Jan 2008 01:00:00 -0500

Multiple vulnerabilities have been discovered in the server code of the X window system, which can cause an assortment of overflows. Local exploitation of these overflows cause the X server to crash or allow the execution of arbitrary code in certain situations.



Critical Vulnerabilities In Adobe Flash Content May Lead to Cross-Site Scripting (XSS) Attacks

Mon, 14 Jan 2008 01:00:00 -0500

Critical vulnerabilities in Adobe Flash content have been found which leave potentially hundreds of thousands of websites and a considerable percentage of major Internet sites susceptible to Cross-Site Scripting (XSS) attacks that would allow malicious individuals to steal personal details of visitors.



Adobe Flash Player: Multiple Vulnerabilities

Tue, 17 Jul 2007 01:00:00 -0400

Adobe Flash Player and Flash Plugin have been found to have multiple vulnerabilities which could allow an attacker to remotely execute code on a vulnerable system, obtain sensitive information via browser keystrokes, and allow cross-site request forgery. These vulnerabilities affect all users of Adobe Flash Player regardless of platform (Win, Mac, Solaris, and Linux). A new version that addresses the security issues has been released by Adobe.