The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new alert regarding potential vulnerabilities in your Google Chrome browser and Microsoft Excel spreadsheets.
The agency has identified two recent exploits that could enable hackers to gain unauthorized access to your computer.
Federal agencies have been given until January 23 to ensure they are protected. Here are some steps you can take to safeguard yourself as well:
Microsoft Excel’s New Exploit
Hackers are targeting Microsoft Excel through a significant vulnerability in the Spreadsheet::ParseExcel library. This flaw allows malicious actors to run malware remotely by exploiting a string within the library to execute programs on your computer.
This issue was previously detected by security firm Barracuda, which observed Chinese hackers creating custom Excel attachments to exploit this bug.
Although Barracuda has addressed the issue with a patch, open-source libraries might still be vulnerable. The company has advised users of Spreadsheet::ParseExcel to review the vulnerability and take appropriate measures.
Google Chrome’s Bug
The latest vulnerability in Google Chrome, part of Google’s eighth day zero attack, affects the WebRTC open-source project.
This technology enables real-time communication in web browsers and mobile applications but is being exploited by hackers to overload browsers, causing crashes or unauthorized access.
This flaw impacts not only Google Chrome but also other open-source browsers using WebRTC. Google released an emergency fix last month, but additional measures can further protect users.
Four Essential Tips for Securing Your Devices and Data
1. Be Cautious with Open-Source Applications
Open-source applications can be modified by anyone, potentially introducing malicious code. Only use open-source programs from trusted sources and be careful about what you download.
2. Update Your Applications Regularly
Keeping your applications up-to-date is one of the simplest ways to protect yourself. Updates often include patches for vulnerabilities that hackers can exploit in outdated software.
3. Avoid Opening Suspicious Attachments or Links
Hackers often use malicious attachments or links disguised as legitimate communications. Always verify the sender and content of any attachments or links before opening them. If unsure, do not click on or open them.
4. Use Antivirus Protection
Antivirus software is crucial for detecting and preventing malware attacks. Ensure you have antivirus protection installed and running on all your devices to detect any threats and protect against potential attacks. Find my review of the best antivirus protection here.
What to Do If You’ve Been Hacked
If you discover that you have been hacked, take these immediate steps to mitigate the damage and secure your device:
1. Change Your Passwords
Use a different device to update passwords for all important accounts, such as email, banking, and social media. Use strong, unique passwords and consider using a password manager.
2. Monitor Your Accounts and Transactions
Regularly check your accounts and transactions for any unauthorized activity. Report any suspicious findings to the service provider or authorities and review your credit reports for signs of identity theft.
3. Use Identity Theft Protection
Identity theft protection services can monitor your personal information and alert you to any misuse.
They can assist with freezing accounts and handling identity theft issues. See my tips and recommendations for protecting against identity theft.
4. Contact Your Bank and Credit Card Companies
Inform your bank and credit card companies if your financial information has been compromised. They can help you freeze or cancel cards, dispute fraudulent charges, and issue new cards.
5. Alert Your Contacts
Notify your contacts if hackers have accessed your email or social media accounts. Warn them not to open suspicious messages from you.
6. Restore Your Device to Factory Settings
To ensure your device is free from malware, restore it to factory settings. Be sure to back up your important data first and restore it only from trusted sources.
Key Takeaways
The recent vulnerabilities affecting Google Chrome and Microsoft Excel highlight the importance of staying vigilant against cyberattacks.
By following these protective measures, you can reduce the risk of falling victim to such exploits and keep your data secure. Remember, prevention is crucial, and proactive steps are the best defense against potential threats.
