A critical windows vulnerability was announced in the Microsoft print spooler service and exploits are available in the wild. This vulnerability allows an attacker with valid domain credentials to perform local privilege escalation and/or remote code execution on any host running the RPC/print spooler service. Print spooler service should be turned off on systems that […]
News
Advisory Security Notice: Scam calls targeting international students
We have been advised by the Student Services & International Relations department of an active, sophisticated scam campaign targeting international students. There have been a number of scam calls from individuals claiming to be employees of York University, Immigration Refugees and Citizenship Canada, and the Royal Canadian Mounted Police (RCMP). Recently, a number of international […]
Information Security Notice: “UNICEF internship program offer” Phishing
A large number of phishing emails were sent to York email accounts, part of a known scam advertising a fake job opportunity i.e. UNICEF internship program. The emails are fraudulent and intended to trick recipients into providing personal information such as a personal (non-YorkU) email address and a phone number. At that point additional correspondence […]
Two-Factor authentication (2FA) enrollments to begin week of February 8, 2021
We are pleased to advise that enrollment of Duo, two-factor authentication will begin week of February 8, starting with activation of those with surname beginning with ‘A’, and proceeding alphabetically until all community members have been enrolled. We expect to complete the process by the end of April 2021. Once your account is activated, you will […]
Cyber Security Advice for Researchers During Covid-19
Following up on the Advisory Security Notice on Fraud Targeting Covid-19 Researchers, the Canadian Centre for Cyber Security (CCCS) are reminding COVID-19 researchers to remain vigilant and to stay alert to potential threats affecting their research. The CCCS has provided additional Cyber security guidance. Cyber Security Advice and Guidance for Research and Development Organizations During […]
Advisory Alert - Zoom version 5.1.3 released to address zero-day vulnerability
Zoom has released version 5.1.3 to address a critical vulnerability. If you have the Zoom client installed on a windows 7 system, please update as soon as possible. Click here to manually download the latest client version.
Phish Alert - Copy of June Bonus 22JUN2020.xlsx
The York community reported a phish scam with the subject line "Copy of June Bonus 22JUN2020.xlsx". Clicking on the green Open bar redirects users to an external site designed to steal your PY credentials. If you see it in your inbox, please delete.
Phish Alert - Mailbox Shutdown Process
This is another phish email that redirects users to a GOOGLEAPI site to steal your PY credentials. Please delete the email if you see it in your inbox.
Phish Alert - Account Update
The phishing email below redirects users to an external site designed to steal your PY credentials. If you see it in your inbox, please delete.
Advisory Notice - Check for the latest Zoom Client Update
Users should be prompted for this mandatory update upon logging into the Zoom desktop application. However, we encourage you to manually check that you have the most current version of the Zoom application installed. To ensure your application is up to date, please follow these steps - […]