Homeland Security warns federal agencies of hackers targeting Google Chrome and Excel Spreadsheets

The Cybersecurity and Infrastructure Security Agency, or CISA, is issuing a new warning: your Google Chrome browser and Excel spreadsheets could be at risk of an attack. The agency identified two new exploits that could give hackers easy access to your computer.

Federal agencies have until January 23 to make sure they’re protected. Here are some ways to make sure you’re protected too.

Microsoft Excel’s new exploit

Hackers are targeting Microsoft Excel using a huge vulnerability in a library that reads Excel files. The bug is in a library called Spreadsheet::ParseExcel. It allows hackers to run malware remotely. Specifically, hackers can utilize a string in the library to run programs on your computer.

This exploit has popped up before. Security firm Barracuda noticed Chinese hackers using the exploit last month. They would create custom Excel attachments to exploit the bug and run any program they wanted to.

While Barracuda addressed this with a patch, they say open-source libraries could still be at risk. The company also issued a warning to anyone who uses Spreadsheet::ParseExcel, recommending they review the bug and take any necessary action.

MORE: THE 7 SIGNS YOU’VE BEEN HACKED

 

Google Chrome’s bug

Google’s eighth day zero attack comes in the form of an attack on an open-source project. WebRTC allows web browsers and mobile applications to communicate in real-time. However, hackers are using it to overload your browser and either cause it to crash or give them permission to do whatever they want. This exploit doesn’t just affect Google Chrome. It also affects other open-source web browsers using WebRTC to communicate. Google issued an emergency fix just last month, but there’s more you can do to protect yourself.

 

Four essential tips to secure your devices and data from hackers and scammers

To protect yourself from malicious hackers and scammers, we recommend you do the following 4 things.

1) Be cautious about using open-source applications

When you use open-source applications or programs, it’s always wise to remember that anyone has the ability to change the application or program’s code. They have the ability to do something malicious if they want to. Only use open-source applications that you trust, and be careful about what you download.

2) Update your applications regularly

One of the easiest ways to protect yourself from hackers and scammers is to keep your applications up to date. Hackers often exploit vulnerabilities in outdated software to gain access to your devices or data. By updating your applications regularly, you can patch these security holes and prevent hackers from exploiting them.

3) Avoid opening suspicious attachments or links.

Another common way that hackers and scammers try to infect your devices or steal your information is by sending you malicious attachments or links. These can be disguised as legitimate emails, messages, or websites, but they can contain malware, phishing, or ransomware. To avoid falling for these traps, you should always check the sender, the subject, and the content of any attachment or link before opening it. If you are not sure, do not open it or click on it.

4) Use antivirus protection

Antivirus protection is essential for keeping your computer and data safe from malicious attacks. The recent exploits allow hackers to run malware remotely by sending custom Excel attachments and allow hackers to overload your browser and gain access to your system.

So, the best way to protect yourself is to have antivirus protection installed and actively running on all your devices. It will alert you of any malware in your system, warn you against clicking on any malicious links in phishing emails, and ultimately protect you from being hacked.

Special for CyberGuy Readers:  My #1 pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package.  

Find my review of Best Antivirus Protection here

Best Antivirus Protection 2024

 

MORE: THE NEW IPHONE SECURITY THREAT THAT ALLOWS HACKERS TO SPY ON YOUR PHONE

 

What to do if you’ve been hacked

If it has already happened and you’ve been hacked, then you should take immediate action to minimize the damage and secure your device. Here are some steps that you can follow:

Change your passwords

If hackers have recorded your passwords using a keylogger, they could access your online accounts and steal your data or money. ON ANOTHER DEVICE (i.e., your laptop or desktop), you should change your passwords for all your important accounts, such as email, banking, social media, etc. You want to do this on another device so the hacker isn’t’ recording you setting up your new password on your hacked device. And you should also use strong and unique passwords that are hard to guess or crack. You can also use a password manager to generate and store your passwords securely.

Monitor your accounts and transactions

You should check your online accounts and transactions regularly for any suspicious or unauthorized activity. If you notice anything unusual, report it to the service provider or the authorities as soon as possible. You should also review your credit reports and scores to see if there are any signs of identity theft or fraud.

Use identity theft protection

Identity Theft protection companies can monitor personal information like your home title, Social Security Number (SSN), phone number, and email address and alert you if it is being used to open an account.  They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

One of the best parts of using Identity Guard includes identity theft insurance of up to 1 million dollars to cover losses and legal fees and a white glove fraud resolution team where a US-based case manager helps you recover any losses.

Special for CyberGuy Readers:  Save up to 51% with my top recommendation is Identity Guard.

See my tips and best picks on how to protect yourself from identity theft.

Best identity theft protection services 2024

Contact your bank and credit card companies

If hackers have obtained your bank or credit card information, they could use it to make purchases or withdrawals without your consent. You should contact your bank and credit card companies and inform them of the situation. They can help you freeze or cancel your cards, dispute any fraudulent charges, and issue new cards for you.

Alert your contacts

If hackers have accessed your email or social media accounts, they could use them to send spam or phishing messages to your contacts. They could also impersonate you and ask for money or personal information. You should alert your contacts and warn them not to open or respond to any messages from you that seem suspicious or unusual.

Restore your device to factory settings 

If you want to make sure that your device is completely free of any malware or spyware, you can restore it to factory settings. This will erase all your data and settings and reinstall the original iOS version. But, you should back up your important data before doing this, and only restore it from a trusted source.

MORE: GOT A CREDIT CARD FRAUD ALERT? HOW CROOKS SWIPE YOUR PAYMENT CARD DETAILS

 

Kurt’s key takeaways

The recent exploits targeting Google Chrome and Microsoft Excel are a reminder of how vulnerable our devices and data can be to cyberattacks. Hackers are always looking for new ways to exploit the software we use every day, and we need to be vigilant and proactive in protecting ourselves. By following the steps we outlined above, you can reduce the risk of falling victim to these attacks and keep your computer and data safe. Remember, prevention is better than cure, and the best defense is a good offense.

Which aspect of the cyber threats discussed in the article concerns you the most, and why? Let us know in the comments below.

FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

Related posts

Best last minute holiday gifts

Understanding brushing scams and how to protect yourself

From TikTok to trouble: How your online data can be weaponized against you