The Cybersecurity and Infrastructure Security Agency, or CISA, is issuing a new warning: your Google Chrome browser and Excel spreadsheets could be at risk of an attack. The agency identified two new exploits that could give hackers easy access to your computer.
Federal agencies have until January 23 to make sure they’re protected. Here are some ways to make sure you’re protected too.
CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK VIDEO TIPS, TECH REVIEWS, AND EASY HOW-TO’S TO MAKE YOU SMARTER
Microsoft logo on keyboard (Kurt "CyberGuy" Knutsson)
Microsoft Excel’s new exploit
Hackers are targeting Microsoft Excel using a huge vulnerability in a library that reads Excel files. The bug is in a library called Spreadsheet::ParseExcel. It allows hackers to run malware remotely. Specifically, hackers can utilize a string in the library to run programs on your computer.
This exploit has popped up before. Security firm Barracuda noticed Chinese hackers using the exploit last month. They would create custom Excel attachments to exploit the bug and run any program they wanted to.
While Barracuda addressed this with a patch, they say open-source libraries could still be at risk. The company also issued a warning to anyone who uses Spreadsheet::ParseExcel, recommending they review the bug and take any necessary action.
Google Chrome browser on laptop (Kurt "CyberGuy" Knutsson)
MORE: THE 7 SIGNS YOU’VE BEEN HACKED
Google Chrome’s bug
Google’s eighth day zero attack comes in the form of an attack on an open-source project. WebRTC allows web browsers and mobile applications to communicate in real-time. However, hackers are using it to overload your browser and either cause it to crash or give them permission to do whatever they want. This exploit doesn’t just affect Google Chrome. It also affects other open-source web browsers using WebRTC to communicate. Google issued an emergency fix just last month, but there’s more you can do to protect yourself.
Four essential tips to secure your devices and data from hackers and scammers
To protect yourself from malicious hackers and scammers, we recommend you do the following four things.
1) Be cautious about using open-source applications
When you use open-source applications or programs, it’s always wise to remember that anyone has the ability to change the application or program’s code. They have the ability to do something malicious if they want to. Only use open-source applications that you trust, and be careful about what you download.
2) Update your applications regularly
One of the easiest ways to protect yourself from hackers and scammers is to keep your applications up to date. Hackers often exploit vulnerabilities in outdated software to gain access to your devices or data. By updating your applications regularly, you can patch these security holes and prevent hackers from exploiting them.
3) Avoid opening suspicious attachments or links
Another common way that hackers and scammers try to infect your devices or steal your information is by sending you malicious attachments or links. These can be disguised as legitimate emails, messages, or websites, but they can contain malware, phishing or ransomware. To avoid falling for these traps, you should always check the sender, the subject, and the content of any attachment or link before opening it. If you are not sure, do not open it or click on it.
4) Use antivirus protection
Antivirus protection is essential for keeping your computer and data safe from malicious attacks. The recent exploits allow hackers to run malware remotely by sending custom Excel attachments and allow hackers to overload your browser and gain access to your system.
So, the best way to protect yourself is to have antivirus protection installed and actively running on all your devices. It will alert you of any malware in your system, warn you against clicking on any malicious links in phishing emails, and ultimately protect you from being hacked. Find my review of Best Antivirus Protection here.
The best way to protect yourself is to have antivirus protection installed and actively running on all your devices. (Kurt "CyberGuy" Knutsson)
MORE: THE NEW IPHONE SECURITY THREAT THAT ALLOWS HACKERS TO SPY ON YOUR PHONE
What to do if you’ve been hacked
If it has already happened and you’ve been hacked, then you should take immediate action to minimize the damage and secure your device. Here are some steps that you can follow:
Change your passwords
If hackers have recorded your passwords using a keylogger, they could access your online accounts and steal your data or money. ON ANOTHER DEVICE (i.e., your laptop or desktop), you should change your passwords for all your important accounts, such as email, banking, social media, etc. You want to do this on another device so the hacker isn’t’ recording you setting up your new password on your hacked device. And you should also use strong and unique passwords that are hard to guess or crack. You can also use a password manager to generate and store your passwords securely.
Monitor your accounts and transactions
You should check your online accounts and transactions regularly for any suspicious or unauthorized activity. If you notice anything unusual, report it to the service provider or the authorities as soon as possible. You should also review your credit reports and scores to see if there are any signs of identity theft or fraud.
Use identity theft protection
Identity Theft protection companies can monitor personal information like your home title, Social Security Number (SSN), phone number, and email address and alert you if it is being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. See my tips and best picks on how to protect yourself from identity theft.
Contact your bank and credit card companies
If hackers have obtained your bank or credit card information, they could use it to make purchases or withdrawals without your consent. You should contact your bank and credit card companies and inform them of the situation. They can help you freeze or cancel your cards, dispute any fraudulent charges, and issue new cards for you.
Alert your contacts
If hackers have accessed your email or social media accounts, they could use them to send spam or phishing messages to your contacts. They could also impersonate you and ask for money or personal information. You should alert your contacts and warn them not to open or respond to any messages from you that seem suspicious or unusual.
Restore your device to factory settings
If you want to make sure that your device is completely free of any malware or spyware, you can restore it to factory settings. This will erase all your data and settings and reinstall the original iOS version. But, you should back up your important data before doing this, and only restore it from a trusted source.
MORE: GOT A CREDIT CARD FRAUD ALERT? HOW CROOKS SWIPE YOUR PAYMENT CARD DETAILS
Kurt’s key takeaways
The recent exploits targeting Google Chrome and Microsoft Excel are a reminder of how vulnerable our devices and data can be to cyberattacks. Hackers are always looking for new ways to exploit the software we use every day, and we need to be vigilant and proactive in protecting ourselves. By following the steps we outlined above, you can reduce the risk of falling victim to these attacks and keep your computer and data safe. Remember, prevention is better than cure, and the best defense is a good offense.
Which aspect of the cyberthreats discussed in the article concerns you the most, and why? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips & security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover.
Answers to the most asked CyberGuy questions:
- What is the best way to protect your Mac, Windows, iPhone and Android devices from getting hacked?
- What is the best way to stay private, secure and anonymous while browsing the web?
- How can I get rid of robocalls with apps and data-removal services?
Copyright 2024 CyberGuy.com. All rights reserved.