Advisories

Critical Apache Struts 2.x Vulnerability

Summary A critical vulnerability has been discovered and released in the Apache Struts 2 framework. Impact This vulnerability allows for unauthenticated, remote code execution on the server. Further, there are at least two known public exploits for this vulnerability [2] and ISP has already started to see scanning and exploit attempts against campus systems. Vulnerable Apache Struts 2.3.5 - […]

Notice on University of Calgary cyber-attacks

Notice on University of Calgary cyber-attacks You may be aware the University of Calgary is in the process of recovery from a severe cyber-attack which resulted in widespread IT service disruptions for a week or longer. York University IT and Information Security have been closely monitoring the situation along with colleagues at many other Canadian […]

Email Ransomware Alert (Locky)

A new variant of a crypto-ransomware, dubbed as "Locky", has recently been discovered and is spreading via email in the form of a Word document attachment with malicious macros. The ransomware encrypts files on a victim's computer, adds a ".locky" file extension to them and demands that the victim pay a ransom for the decryption […]

StageFright Bug Affecting Android Devices

A vulnerability has been discovered in the Android operating system that allows an attacker to access data stored on your device or remotely install software by just having your mobile phone number. This vulnerability is being referred to as “StageFright”. All Android based phones after and including versions 2.2 are vulnerable. An attacker can use […]

CSE webmail phishing attempt. Do NOT respond!

Sample fraudulent email --------------------------------------------------------------------------------------------------- Dear Yorku account user. Please be informed that we want to improve our webmail in a couple of days from now, and your account must be reactivated to finish activating your account, you must login to your account again by clicking on the link below; http://***/imp/login5085.htm Failure to upgrade your webmail […]