Homeland Security warns federal agencies of hackers targeting Google Chrome, Excel spreadsheets
The Cybersecurity and Infrastructure Security Agency, or CISA, is issuing a new warning: your Google Chrome browser and Excel spreadsheets could be at risk of an attack. The agency identified two new exploits that could give hackers easy access to your computer.
Federal agencies have until January 23 to make sure they’re protected. Here are some ways to make sure you’re protected too.
Microsoft logo on keyboard (Kurt “CyberGuy” Knutsson)
Microsoft Excel’s new exploit
Hackers are targeting Microsoft Excel using a huge vulnerability in a library that reads Excel files. The bug is in a library called Spreadsheet::ParseExcel. It allows hackers to run malware remotely. Specifically, hackers can utilize a string in the library to run programs on your computer.
This exploit has popped up before. Security firm Barracuda noticed Chinese hackers using the exploit last month. They would create custom Excel attachments to exploit the bug and run any program they wanted to.
While Barracuda addressed this with a patch, they say open-source libraries could still be at risk. The company also issued a warning to anyone who uses Spreadsheet::ParseExcel, recommending they review the bug and take any necessary action.
Google Chrome browser on laptop (Kurt “CyberGuy” Knutsson)
MORE: THE 7 SIGNS YOU’VE BEEN HACKED
Google Chrome’s bug
Google’s eighth day zero attack comes in the form of an attack on an open-source project. WebRTC allows web browsers and mobile applications to communicate in real-time. However, hackers are using it to overload your browser and either cause it to crash or give them permission to do whatever they want. This exploit doesn’t just affect Google Chrome. It also affects other open-source web browsers using WebRTC to communicate. Google issued an emergency fix just last month, but there’s more you can do to protect yourself.
Four essential tips to secure your devices and data from hackers and scammers
To protect yourself from malicious hackers and scammers, we recommend you do the following four things.
