http://www.purdue.edu/securepurdue/news/securePurdueRSS_5.xmlCollaborating to create the university of the future through IT. Service quality, powerful partnerships, and a great place to work.Wed, 25 Aug 2010 09:28:24 -0400Cascade Serveritap@purdue.eduhttp://www.purdue.edu/securepurdue/news/2013/advisory-phishing-email-alert-important-notification---purdue-career-account-access.cfmNew spear phishing attempt targeting Purdue students, faculty, and staff.Tue, 07 May 2013 00:00:00 -0400http://www.purdue.edu/securepurdue/7a7273d1ac1e8c3501abdd25777bd9f3http://www.purdue.edu/securepurdue/news/2013/phishing_your-mymail-account-is-on-restriction.cfmThere was recently a spear-phishing attempt that was sent out to Purdue users that attempted to trick them into logging into a fake myMail login page.Fri, 19 Apr 2013 01:00:00 -0400http://www.purdue.edu/securepurdue/22d33c47ac1e8c3600ea72119ee5b679http://www.purdue.edu/securepurdue/news/2013/phishing-email-alert-suspension-of-your-purdue.edu-account1.cfmNew spear phishing attempt targeting Purdue students, faculty, and staff.Sun, 27 Jan 2013 13:00:00 -0500http://www.purdue.edu/securepurdue/7d39a1bbac1e8c3501b1ce68da9d830bhttp://www.purdue.edu/securepurdue/news/2013/advisory - phishingemailalert-yourwebmailaccountisonrestriction.cfmA spear-phishing attempt is circulating targeting Purdue users.Thu, 24 Jan 2013 15:36:00 -0500http://www.purdue.edu/securepurdue/6e7a9f8dac1e8c36011199f02b766ce4http://www.purdue.edu/securepurdue/news/2013/java-7-zero-day-vulnerability.cfmOn January 10, 2013, security researchers reported an unpatched vulnerability in Oracle Java 1.7u10.Fri, 11 Jan 2013 01:00:00 -0500http://www.purdue.edu/securepurdue/2bba0f7eac1e8c3501ba1c47e7430cechttp://www.purdue.edu/securepurdue/news/2010/java-zero-day-patched.cfmSun Java vulnerability caused by an input handling error that can be exploited to execute Java based programs has been reported. NOTE: Patch Available Fri, 16 Apr 2010 01:00:00 -0400http://www.purdue.edu/securepurdue/5c2b0e7c80d2073500284206b1f1a44ahttp://www.purdue.edu/securepurdue/news/2009/microsoft-server-message-block-smb-vulnerability-allows-for-remote-code-execution.cfmUpdate 2: Microsoft has released a "Fix-it" tool to automatically disable the SMBv2 service, which is presently the only known mitigation technique other than implementing firewall rules to block SMB traffic.Fri, 02 Oct 2009 01:00:00 -0400http://www.purdue.edu/securepurdue/5c34e83580d207350028420640f170f9http://www.purdue.edu/securepurdue/news/2009/microsoft-office-web-components-activex-remote-code-execution-vulnerability.cfmThe Microsoft Office Web Components ActiveX control used by Internet Explorer contains a vulnerability that when exploited will allow an attacker to gain rights of the local user and allow remote code execution.Mon, 13 Jul 2009 01:00:00 -0400http://www.purdue.edu/securepurdue/5c36c66e80d2073500284206beed4933http://www.purdue.edu/securepurdue/news/2008/critical-unpatched-internet-explorer-issue.cfmAn unpatched vulnerability exists in Internet Explorer 7 which may allow an attacker to compromise a user's system simply by having the user browse to a specially crafted web page. User's should be EXTREMELY cautious while browsing the web with IE7 before a patch is released and downloaded, and it is suggested that an alternate web browser be used. This exploit has already been seen in active use in the the wild.Fri, 12 Dec 2008 01:00:00 -0500http://www.purdue.edu/securepurdue/5c39fd8a80d2073500284206976df4b5http://www.purdue.edu/securepurdue/news/2008/phishing-emails-threatening-internet-service-disconnection-carry-virus.cfmThis email has been reported by numerous users of Purdue email systems. In some cases it has been reported that the .exe file contained in the zip file attachment named "user-EA49943X-activities.zip" has propagated automatically to c:\temp\escan\user-EA49943X-activities.zip\user-EA49943X-activities.exe where a virus scanner had flagged its presence. It is unknown by what mechanism this file was unzipped as none of the users reported clicking on or opening the email.Wed, 17 Sep 2008 01:00:00 -0400http://www.purdue.edu/securepurdue/5c3bc7e480d20735002842069de662cdhttp://www.purdue.edu/securepurdue/news/2008/critical-ssh-issue-involving-education-and-research-institutions.cfmStarting in March of this year, a large number of research and education systems have been compromised using stolen SSH keys. The keys are used to gain system access as an unprivileged user, and then local kernel exploits are used to gain administrative access and install a rootkit and gather more SSH keys.Tue, 26 Aug 2008 01:00:00 -0400http://www.purdue.edu/securepurdue/5c3ca66a80d207350028420682a22d3ehttp://www.purdue.edu/securepurdue/news/2008/multiple-reports-of-attempted-and-successful-sql-injection-attacks-against-campus-web-sites..cfmMultiple reports of attempted and successful SQL injection attacks against campus web sites.Fri, 18 Jul 2008 01:00:00 -0400http://www.purdue.edu/securepurdue/5c3d9bf480d20735002842064c16e1bchttp://www.purdue.edu/securepurdue/news/2008/adobe-acrobat-and-reader-vulnerability-affects-windows-and-macs.cfmAdobe has reported a critical vulnerability in Acrobat and Reader. The vulnerability could allow a malicious user to crash an affected machine to gain full access. Most versions are affected.Mon, 30 Jun 2008 01:00:00 -0400http://www.purdue.edu/securepurdue/5c3e65e280d2073500284206b51196f8http://www.purdue.edu/securepurdue/news/2008/multiple-xserver-and-xinput-vulnerabilities.cfmMultiple vulnerabilities have been discovered in the server code of the X window system, which can cause an assortment of overflows. Local exploitation of these overflows cause the X server to crash or allow the execution of arbitrary code in certain situations.Wed, 23 Jan 2008 01:00:00 -0500http://www.purdue.edu/securepurdue/5c3f38b080d20735002842064a814065http://www.purdue.edu/securepurdue/news/2008/critical-vulnerabilities-in-adobe-flash-content-may-lead-to-cross-site-scripting-xss-attacks.cfmCritical vulnerabilities in Adobe Flash content have been found which leave potentially hundreds of thousands of websites and a considerable percentage of major Internet sites susceptible to Cross-Site Scripting (XSS) attacks that would allow malicious individuals to steal personal details of visitors.Mon, 14 Jan 2008 01:00:00 -0500http://www.purdue.edu/securepurdue/5c402bfa80d207350028420682892e52http://www.purdue.edu/securepurdue/news/2007/adobe-flash-player-multiple-vulnerabilities.cfmAdobe Flash Player and Flash Plugin have been found to have multiple vulnerabilities which could allow an attacker to remotely execute code on a vulnerable system, obtain sensitive information via browser keystrokes, and allow cross-site request forgery. These vulnerabilities affect all users of Adobe Flash Player regardless of platform (Win, Mac, Solaris, and Linux). A new version that addresses the security issues has been released by Adobe.Tue, 17 Jul 2007 01:00:00 -0400http://www.purdue.edu/securepurdue/5c41746580d2073500284206589b9ccb