Alert Archives - Information Security /uit/infosec/category/alerts/ Fri, 15 May 2026 15:15:19 +0000 en-CA hourly 1 https://wordpress.org/?v=6.9.4 A New Phish Reporting Solution for Students - 91亚色 Phish Alert /uit/infosec/2026/05/14/upcoming-change-a-new-phish-reporting-solution-york-phish-alert/ Thu, 14 May 2026 13:57:04 +0000 /uit/infosec/?p=2723 What鈥檚 Happening On May 21st, we鈥檙e introducing the new, home-grown, 91亚色 Phish Alert button for undergraduate students in Gmail. This button lets you report suspicious or unwanted phishing messages with one quick click. It will replace the previous Cofense Reporter, but the reporting process stays just as simple. Why We鈥檙e Making This Change Phishing emails […]

The post A New Phish Reporting Solution for Students - 91亚色 Phish Alert appeared first on Information Security.

]]>
What鈥檚 Happening

On May 21st, we鈥檙e introducing the new, home-grown, 91亚色 Phish Alert button for undergraduate students in Gmail. This button lets you report suspicious or unwanted phishing messages with one quick click. It will replace the previous Cofense Reporter, but the reporting process stays just as simple.

Why We鈥檙e Making This Change

Phishing emails are one of the most common ways attackers try to steal personal information. By moving to a home鈥慻rown reporting tool, we can improve service reliability and capture additional email artifacts, improving our team鈥檚 response capabilities.

How This Benefits You

  • Faster protection: Your reports go directly to 91亚色鈥檚 Information Security Team for quick review.
  • Stronger security: Better reporting helps us spot and stop phishing campaigns earlier.
  • Same simple experience: One click, and you鈥檙e done.

How to Use It

When you see a suspicious email:

  1. Open the message.
  2. Click the 91亚色 Phish Alert button in your email toolbar.
  3. The phishing report will be sent to the Information Security team for further investigation.

Where to Find More Information

If you鈥檇 like to learn more about phishing, how to spot it, or how the new reporting tool works, visit our website here.

The post A New Phish Reporting Solution for Students - 91亚色 Phish Alert appeared first on Information Security.

]]>
Canvas by Instructure: Important Notice /uit/infosec/2026/05/08/canvas-by-instructure-important-notice/ Fri, 08 May 2026 23:20:03 +0000 /uit/infosec/?p=2711 Instructure, the company that operates Canvas (the learning management system used at Schulich to manage coursework, assignments, grades, and course communications), has reported a cybersecurity incident that appears to have affected Canvas at thousands of educational institutions worldwide. Canvas remains available and University teaching and learning activities can continue as usual. We will share any changes if Instructure鈥檚 […]

The post Canvas by Instructure: Important Notice appeared first on Information Security.

]]>
Instructure, the company that operates Canvas (the learning management system used at Schulich to manage coursework, assignments, grades, and course communications), has reported a cybersecurity incident that appears to have affected Canvas at thousands of educational institutions worldwide.

Canvas remains available and University teaching and learning activities can continue as usual. We will share any changes if Instructure鈥檚 guidance or system status changes.

No action is required at this time, other than remaining alert for phishing or other suspicious messages.

Instructure has posted the following .

91亚色/Schulich is prioritizing assessing this incident and will update this message and share relevant updates and guidance through our usual communications channels as information becomes available.

Canvas is an externally-hosted platform. 91亚色 and Schulich School of Business systems were not affected.

The University is monitoring the incident response and will provide additional information and guidance as more details become available.

91亚色 is committed to protecting privacy and maintaining the trust of our students and community. We are working with Instructure to understand how this happened and what actions Instructure are taking to prevent future incidents.

We encourage all students, faculty, and staff to remain vigilant:

Questions: For questions about this notice or Canvas use at Schulich, please contact canvasincident@schulich.yorku.ca

Beware of Phishing: Cybercriminals often use stolen contact information to send convincing 鈥減hishing鈥 emails. Be wary of any message, even those appearing to come from Schulich, 91亚色, or Canvas that asks you to click a link, provide a password, or share personal details. A reminder: 91亚色 will never ask for your password by email, text, or phone.

Verify Communications: If you receive a suspicious message regarding this incident, do not click any links. Report it directly to infosec@yorku.ca.

The post Canvas by Instructure: Important Notice appeared first on Information Security.

]]>
Fake CAPTCHA, Real Threat: ClickFix Social Engineering Attacks /uit/infosec/2026/04/22/fake-captcha-real-threat-clickfix-social-engineering-attacks/ Wed, 22 Apr 2026 19:36:36 +0000 /uit/infosec/?p=2678 ClickFix attacks are a rapidly evolving threat that use fake CAPTCHA pages to trick people into running malicious commands (often PowerShell) on their own devices. In every ClickFix case, the attacker relies on one thing: your participation. Most traditional phishing attempts and malicious sites are filtered or blocked long before they reach you. That鈥檚 why […]

The post Fake CAPTCHA, Real Threat: ClickFix Social Engineering Attacks appeared first on Information Security.

]]>
ClickFix attacks are a rapidly evolving threat that use fake CAPTCHA pages to trick people into running malicious commands (often PowerShell) on their own devices. In every ClickFix case, the attacker relies on one thing: your participation. Most traditional phishing attempts and malicious sites are filtered or blocked long before they reach you. That鈥檚 why ClickFix pushes you to take extra steps yourself. By convincing you to run a command, the attacker gets past the protections already set in place and installs malware that would otherwise be detected.

What is ClickFix?

ClickFix is a social engineering technique where attackers compromise legitimate websites and replace normal verification steps such as CAPTCHAs with fake prompts, and instruct users to run malicious commands on their computers. These commands often involve opening the Windows Run dialog or PowerShell and pasting in a script that appears to 鈥渇ix鈥 a problem or 鈥渧erify鈥 the user. In reality, the script is being used to download malware that compromises your device.

This technique has been observed across higher鈥慹ducation institutions and is increasingly used to deploy malware families such as , a backdoor capable of downloading additional payloads, collecting system information, and maintaining persistence on the device.

How does it Work?

ClickFix attacks follow a simple pattern:

  1. You click on a link from a search result or ad, and as the page loads, a strange-looking CAPTCHA or pop鈥憉p appears unexpectedly.
  2. Instead of asking you to click images or check a box, it tells you there鈥檚 a 鈥減roblem鈥 and you need to run a command to continue.
  3. The page instructs you to open Windows + R, PowerShell, or Terminal and paste in a line of text.
  4. That command silently downloads malware onto your device. In many cases, it installs a backdoor such as CORNFLAKE.V3, which can download additional malicious files onto your system, collect system information, and stay hidden on your machine.

Because the attacker convinces you to run the command, your device treats it as a trusted action, making it much harder for security tools to block.

How Can I Spot a ClickFix Attempt?

Exercise caution towards any unfamiliar website, email, or popup that:

  • Asks you to open Windows Run (Windows + R)
  • Tells you to paste a command into PowerShell or Terminal
  • Claims you must run a script to 鈥渇ix,鈥 鈥渧erify,鈥 or 鈥渃ontinue鈥
  • Appears immediately after clicking a search result or ad
  • Displays a CAPTCHA that looks unusual, low鈥憅uality, or out of place

If you encounter instructions like:

鈥淧ress Windows + R and paste the following command鈥︹

鈥t is almost certainly malicious.

If you suspect you may have interacted with a ClickFix prompt, please report it to the Information Security Team immediately (infosec@yorku.ca).

References:

  • https://unit42.paloaltonetworks.com/preventing-clickfix-attack-vector/
  • https://www.microsoft.com/en-us/security/blog/2025/08/21/think-before-you-clickfix-analyzing-the-clickfix-social-engineering-technique/
  • https://cloud.google.com/blog/topics/threat-intelligence/analyzing-cornflake-v3-backdoor/

The post Fake CAPTCHA, Real Threat: ClickFix Social Engineering Attacks appeared first on Information Security.

]]>
Phish Alert - Malicious Website Impersonating 91亚色 /uit/infosec/2026/03/17/phish-alert-malicious-website-impersonating-york-university/ Tue, 17 Mar 2026 14:19:21 +0000 /uit/infosec/?p=2647 The Information Security team has identified a fraudulent website impersonating 91亚色 that is actively attempting to harvest community members' login credentials. This malicious site closely mimics the appearance of official 91亚色 web properties and may be encountered when users attempt to access University services through search engines. The impersonation site is NOT affiliated […]

The post Phish Alert - Malicious Website Impersonating 91亚色 appeared first on Information Security.

]]>
The Information Security team has identified a fraudulent website impersonating 91亚色 that is actively attempting to harvest community members' login credentials. This malicious site closely mimics the appearance of official 91亚色 web properties and may be encountered when users attempt to access University services through search engines.

The impersonation site is NOT affiliated with 91亚色 and should be considered malicious. Do NOT enter your username, credentials, Duo 2FA codes, or any other personal information on this site as this may result in unauthorized access to your accounts.

The fraudulent site uses the URL <www.yorkuonline.com>, an image is shown below for reference:

Red Flags to Watch Out For

Unsolicited messages directing you to log in:
Messages claiming your account will be disabled, your mailbox is full, or your access is expiring are common tactics used to lure users to fake login pages.

Suspicious URL:
Official 91亚色 login pages always use domains ending in yorku.ca. Any variation such as extra characters, misspellings, unfamiliar subdomains should be treated as suspicious.

Unexpected login prompts:
If you are asked to 鈥渧erify your account鈥, 鈥渦pdate your credentials鈥 or 鈥渞estore access鈥 after clicking a link you did not expect, this is a strong indicator of a phishing attempt.

Requests for Duo/MFA passcodes:
91亚色 will never ask you to enter Duo 2FA codes outside of the official login process. Any site requesting your passcode directly should be considered malicious.

If you encounter any emails or messages directing you to this site, please report it using the Report Phishing button or forward the message to phishing@yorku.ca.

If you have already entered your credentials into the malicious site, change your password immediately by visiting . If you have any questions or concerns, please contact infosec@yorku.ca.

The post Phish Alert - Malicious Website Impersonating 91亚色 appeared first on Information Security.

]]>
Phish Alert - Winter 2026 Term Commencement 鈥 Important Information /uit/infosec/2026/01/05/phish-alert-winter-2026-term-commencement-important-information/ Mon, 05 Jan 2026 16:02:29 +0000 /uit/infosec/?p=2527 The Information Security team has identified a targeted phishing email sent on January 5, 2026 (today) that is being circulated among the 91亚色 community. The email used the subject line equal or similar to "Winter 2026 Term Commencement 鈥 Important Information" and falsely advertises monetary compensation in the form of a "Student Engagement Bonus" […]

The post Phish Alert - Winter 2026 Term Commencement 鈥 Important Information appeared first on Information Security.

]]>
The Information Security team has identified a targeted phishing email sent on January 5, 2026 (today) that is being circulated among the 91亚色 community. The email used the subject line equal or similar to "Winter 2026 Term Commencement 鈥 Important Information" and falsely advertises monetary compensation in the form of a "Student Engagement Bonus" to recipients. Recipients are directed to submit their sensitive personal and financial information to an external address that is NOT affiliated with 91亚色 and is to be considered malicious.

Key details of the phishing email:

Subject: "Winter 2026 Term Commencement 鈥 Important Information"
Date: January 5, 2026
Sender: admin@gpaindustria.onmicrosoft.com

Red Flags to Watch Out For:

Suspicious sender email: The sender's email address is not associated with 91亚色鈥檚 official IT services (email was NOT sent from an @yorku.ca address).
Urgency and financial motivation: The email pressures you to act quickly, using the false promise of disclosing details pertaining to a fake Fall Bonus in exchange for submitting personal information.
Request for personal details: 91亚色 would NEVER ask for passwords, Duo/MFA passcodes, or other sensitive information via email.

What to Do:
Do not respond to this email or provide any personal information.
Do not click any links or open attachments that may be included.
Report the email: If you received this phishing attempt, please report it using the Report Phishing button or forward it to phishing@yorku.ca

The post Phish Alert - Winter 2026 Term Commencement 鈥 Important Information appeared first on Information Security.

]]>
Remote Code Execution Vulnerability in React and Next.js Frameworks /uit/infosec/2025/12/05/remote-code-execution-vulnerability-in-react-and-next-js-frameworks/ Sat, 06 Dec 2025 03:37:25 +0000 /uit/infosec/?p=2516 The React team released a security advisory regarding a critical vulnerability, CVE-2025-55182, in the React server that could allow an unauthenticated, remote attacker to perform remote code execution on an affected device or system. Severity level:- CVSS Score: 10.0 / Critical. Description:- The vulnerability has been identified in React Server Components (also known as React.js […]

The post Remote Code Execution Vulnerability in React and Next.js Frameworks appeared first on Information Security.

]]>
The React team released a security advisory regarding a critical vulnerability, CVE-2025-55182, in the React server that could allow an unauthenticated, remote attacker to perform remote code execution on an affected device or system.

Severity level:-

CVSS Score: 10.0 / Critical.

Description:- The vulnerability has been identified in React Server Components (also known as React.js or ReactJS) 鈥淔light鈥 protocol affecting React 19 ecosystems and frameworks that implement it, most notably Next.js. The issue arises from insecure deserialization that allows unauthenticated remote code execution (RCE). When a malicious actor crafts a specific HTTP request, the flaw in React's deserialization process can enable them to execute arbitrary code on an unpatched server.

Affected Versions :-   

  • React Server Components versions 19.0, 19.1.0, 19.1.1, and 19.2.0
  • Next.js version 14.3.0-canary.77, 15.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7 and 16.0.7

Impact:-

An unauthenticated attacker could craft a malicious HTTP request to any Server Function endpoint that, when deserialized by React, achieves remote code execution on the server. Exploit code is publicly available and exploitation is actively occurring.

Resolution:-

Administrators should upgrade to the latest patched version in their release line.

Reference:-

UIT Information Security

The post Remote Code Execution Vulnerability in React and Next.js Frameworks appeared first on Information Security.

]]>
Phish Alert - Notification of Eligibility: Fall 2025 Bonus at 91亚色 /uit/infosec/2025/12/03/phish-alert-notification-of-eligibility-fall-2025-bonus-at-york-university/ Wed, 03 Dec 2025 18:50:44 +0000 /uit/infosec/?p=2510 The Information Security team has identified a targeted phishing email sent between December 2nd - 3rd, 2025听that is being circulated among the 91亚色 community. The email used the subject line equal or similar to听"Notification of Eligibility: Fall 2025 Bonus at 91亚色"听and falsely advertises a "Fall Bonus" to recipients. Recipients are directed to submit […]

The post Phish Alert - Notification of Eligibility: Fall 2025 Bonus at 91亚色 appeared first on Information Security.

]]>
The Information Security team has identified a targeted phishing email sent between December 2nd - 3rd, 2025听that is being circulated among the 91亚色 community. The email used the subject line equal or similar to听"Notification of Eligibility: Fall 2025 Bonus at 91亚色"听and falsely advertises a "Fall Bonus" to recipients. Recipients are directed to submit their sensitive personal and financial information to an external address that is听NOT听affiliated with 91亚色 and is to be considered malicious.


Key details of the phishing email:

Subject: "Notification of Eligibility: Fall 2025 Bonus at 91亚色"
Date:听December 2 - 3, 2025
厂别苍诲别谤:听admin@gpaindustria.onmicrosoft.com



Red Flags to Watch Out For:

Suspicious sender email: The sender's email address is not associated with 91亚色鈥檚 official IT services (email was NOT sent from an @yorku.ca address).
Urgency and financial motivation: The email pressures you to act quickly, using the false promise of disclosing details pertaining to a fake Fall Bonus in exchange for submitting personal information.
Request for personal details: 91亚色 would NEVER ask for passwords, Duo/MFA passcodes, or other sensitive information via email.

What to Do:
Do not respond to this email or provide any personal information.
Do not click any links or open attachments that may be included.
Report the email: If you received this phishing attempt, please report it using the  or forward it to phishing@yorku.ca

The post Phish Alert - Notification of Eligibility: Fall 2025 Bonus at 91亚色 appeared first on Information Security.

]]>
Microsoft Defender False Positive Detections on PowerShell and svchost: Win32/AMSI_Patch.A /uit/infosec/2025/11/28/microsoft-defender-false-positive-detections-on-powershell-and-svchost-win32-amsi_patch-a/ Fri, 28 Nov 2025 16:19:55 +0000 /uit/infosec/?p=2477 91亚色's Information Security team is aware of a spike in false positive antivirus detections by Windows Defender against benign activity in the powershell.exe and svchost.exe processes. The issue is believed to have begun around the evening of November 26th, 2025, and had widespread impact on November 27th, 2025. Impacted computers displayed periodic desktop notifications […]

The post Microsoft Defender False Positive Detections on PowerShell and svchost: Win32/AMSI_Patch.A appeared first on Information Security.

]]>

91亚色's Information Security team is aware of a spike in false positive antivirus detections by Windows Defender against benign activity in the powershell.exe and svchost.exe processes. The issue is believed to have begun around the evening of November 26th, 2025, and had widespread impact on November 27th, 2025. Impacted computers displayed periodic desktop notifications and may have prevented webcams from functioning. A sample false positive detection is pictured below:

The cause of the issue appears to have been an issue in a recent version of Microsoft Defender's security intelligence (cloud-based updates). The issue is believed to have impacted other organizations, not just 91亚色. Microsoft has acknowledged the issue and confirmed that it was fixed in security intelligence version 1.441.548.0.

Most computers should have received a patched security intelligence update by the time of writing as they are generally updated automatically. However, users still experiencing this issue can update their security intelligence manually. To do so, open the Windows Security app, go to Virus & threat protection, click on Protection updates, and click on Check for updates.

The post Microsoft Defender False Positive Detections on PowerShell and svchost: Win32/AMSI_Patch.A appeared first on Information Security.

]]>
Phish Alert - Important: Your Eligibility for the Fall 2025 Bonus Payment / Notification of Eligibility: Fall 2025 Bonus at 91亚色 /uit/infosec/2025/11/17/phish-alert-important-your-eligibility-for-the-fall-2025-bonus-payment-notification-of-eligibility-fall-2025-bonus-at-york-university/ Mon, 17 Nov 2025 17:30:15 +0000 /uit/infosec/?p=2403 The Information Security team has identified a targeted phishing email sent on November 17th, 2025听that is being circulated among the 91亚色 community. The email used the subject line equal or similar to "Important: Your Eligibility for the Fall 2025 Bonus Payment" OR "Notification of Eligibility: Fall 2025 Bonus at 91亚色", and claims to […]

The post Phish Alert - Important: Your Eligibility for the Fall 2025 Bonus Payment / Notification of Eligibility: Fall 2025 Bonus at 91亚色 appeared first on Information Security.

]]>
The Information Security team has identified a targeted phishing email sent on November 17th, 2025听that is being circulated among the 91亚色 community. The email used the subject line equal or similar to "Important: Your Eligibility for the Fall 2025 Bonus Payment" OR "Notification of Eligibility: Fall 2025 Bonus at 91亚色", and claims to be sent from听91亚色 Office of the Registrar.

The phish prompts recipients to submit personal information to an external address that is NOT affiliated with 91亚色.

Key details of the phishing email:

Subject: "Important: Your Eligibility for the Fall 2025 Bonus Payment" OR "Notification of Eligibility: Fall 2025 Bonus at 91亚色"
Sent:听November 17th, 2025
厂别苍诲别谤:听admin@gpaindustria.onmicrosoft.com

The email falsely advertises a "Fall Bonus" to recipients and directs them to submit their personal information to an external address (registrar.yorku2025@aol.com). This external address is NOT affiliated with 91亚色's Registrar Office and is to be considered malicious.

Red Flags to Watch Out For:
Suspicious sender email:听The sender's email address is not associated with 91亚色鈥檚 official IT services (email was听NOT听sent from an @yorku.ca address).
Urgency and financial motivation:听The email pressures you to act quickly, using the false promise of disclosing details pertaining to a fake Fall Bonus in exchange for submitting personal information.
Request for personal details:听91亚色 would听NEVER听ask for passwords, Duo/MFA passcodes, or other sensitive information via email.

What to Do:
Do not respond听to this email or provide any personal information.
Do not click听any links or open attachments that may be included.
Report the email:听If you received this phishing attempt, please report it using the听听or forward it to听phishing@yorku.ca

The post Phish Alert - Important: Your Eligibility for the Fall 2025 Bonus Payment / Notification of Eligibility: Fall 2025 Bonus at 91亚色 appeared first on Information Security.

]]>
Phish Alert - 16.89 % Salary Increase Letter Wednesday, November 5, 2025 /uit/infosec/2025/11/05/phish-alert-16-89-salary-increase-letter-wednesday-november-5-2025/ Wed, 05 Nov 2025 15:30:39 +0000 /uit/infosec/?p=2384 The Information Security team has identified a targeted phishing email听being circulated among the 91亚色 community. The email, titled听"16.89 % Salary Increase Letter Wednesday, November 5, 2025", claims to be sent from听91亚色 Payroll & Employee Relations,听and prompts recipients to submit personal information. The email was sent from a compromised external account that is not […]

The post Phish Alert - 16.89 % Salary Increase Letter Wednesday, November 5, 2025 appeared first on Information Security.

]]>
The Information Security team has identified a targeted phishing email听being circulated among the 91亚色 community. The email, titled听"16.89 % Salary Increase Letter Wednesday, November 5, 2025", claims to be sent from听91亚色 Payroll & Employee Relations,and prompts recipients to submit personal information. The email was sent from a compromised external account that is not affiliated with 91亚色.

Key details of the phishing email:

  • Subject:听16.89 % Salary Increase Letter Wednesday, November 5, 2025
  • Sent:听November 5th, 2025
  • Sender: harry.ruda@utoronto.ca

The email falsely claims to provide salary increase information enclosed in an attached PDF file titled "91亚色 (1).pdf", which later directs users to submit their credentials and personal information into a malicious webpage.

Red Flags to Watch Out For:

  1. Suspicious sender email:听The sender's email address is not associated with 91亚色鈥檚 official IT services (email was听NOT听sent from an @yorku.ca address).
  2. Urgency and financial motivation:听The email pressures you to act quickly, using the false promise of disclosing details pertaining to a salary increase.
  3. Request for personal details:听91亚色 would听NEVER听ask for passwords, Duo/MFA passcodes, or other sensitive information via email.

What to Do:

  • Do not respond听to this email or provide any personal information.
  • Do not click听any links or open attachments that may be included.
  • Report the email:听If you received this phishing attempt, please report it using the听听or forward it to听phishing@yorku.ca

The post Phish Alert - 16.89 % Salary Increase Letter Wednesday, November 5, 2025 appeared first on Information Security.

]]>