As part of planned updates to York’s current Duo 2FA service, UIT will be deploying an extra layer of security through the implementation of Duo Verified Push, Time-Based One-Time Password (TOTP) codes, and the Self-Service Device Management (SSDM) portal. What’s Changing? Verified Push will ask you to enter a 3-digit code during the login process. […]
Announcement
Passport York password complexity requirements update
Passport York uses a password strength estimator to ensure that users set strong, difficult to crack passwords for their account. This is done in order to increase the security of their various accounts at the University. The estimator analyzes passwords and assigns them a score based on their complexity. We have increased the score required […]
Job Scam Alert - Store Evaluator Job Opening
Scammers are using compromised YorkU accounts to send fake job scam offering a weekly payment of $400 to $600 to be a part time store evaluator. Students are the main target of the FAKE job offer. The email asks prospective applicants to provide their Full Name, Cell number and personal email address. Following through with […]
Phish Alert - Important Message for All Staffs and Students
Scammer compromised a YorkU email account and sent over 9900 phishing emails. Following through with the fraudulent link attached in email will result in compromise of personal information and potential financial loss. The Information Security team has taken action to remove the fraudulent messages. If you receive similar messages, please report […]
Advisory Notice - Microsoft Office Remote Code Execution Vulnerability (CVE-2023-36884)
Microsoft recently disclosed a zero-day vulnerability (CVE-2023-36884) which is currently being exploited in the wild. Attackers are coercing users via social engineering phishing techniques into opening a specially-crafted Microsoft Office document that could result in remote code execution. Even though Microsoft Defender for O365 provides protection against attachments designed to exploit CVE-2023-36884, we ask the […]
Job Scam Alert - Executive Assistant/Administrative Assistant !!!
Here is another fake job scam that has been circulating today. […]
Upcoming Changes to the Phish Reporter Button
As of August 2nd, UIT is making changes to the current “Report Phishing” button in Outlook. Users will see the existing button with the “fish” icon be replaced by a new version that is integrated with new Microsoft email protection technologies. The new button has a different icon but works similarly and provides more immediate […]
Advisory Notice - OFAC sanctions and service restrictions
University Information Technology (UIT) is advising of current and upcoming changes to York-provided services Zoom and Duo (two-factor authentication) as a result of the situation in Ukraine. These services are now or will be unavailable to individuals attempting to authenticate from several countries and regions restricted by the Office of Foreign Assets Control (OFAC) — a financial intelligence […]
Cyber Security Advisory - Protecting against increased cyber threats
Russia’s invasion of Ukraine has resulted in an increase in global cyber threats. While there is no specific threat to York University, we would like to stress the importance of protecting your accounts, devices, and data. Protective steps include: Use multi-factor authentication with your accounts to help verify access. York’s Duo 2FA service is required […]
Job scam Alert - Bitcoin ATM Survey
Information Security has identified a job scam that advertises a phoney bitcoin job opportunity and encourages recipients to respond to an external email address. If you replied to the message, please: DO NOT REPLY TO ANY FURTHER MESSAGES RELATED TO THE SCAM Use the REPORT PHISHING button to report any additional messages related to the […]