Every week there are new attacks emerging that threaten industries throughout the world. At CyberSynergies, we monitor these developments closely and stand ready with strategies to help you protect yourself. Here’s what we’re seeing this week:
Malicious Excel File Unleashes Information-Stealing Malware Called FormBook
These attackers are sending e-mails containing malicious Excel files that exploit a vulnerability in Microsoft Office. If someone at your company opens one of these Excel files, your system will download a file that executes an .exe file, leading to the delivery of the FormBook malware. Formware can capture your keystrokes, steal your clipboard contents, harvest your credentials and steal a great deal of your data – all while cleverly evading detection.
What can you do? Teach your people not to open these emails. Usually they are sent to large numbers of people and the hackers only need one open to get into your system. They need to look for the signs – like mismatched URLs, grammatical errors and so forth – to spot these phishing attacks. And of course, no one should open an attachment unless they are sure they know who it was from and know that it was sent for a legitimate reason.
NordVPN Issues Warning: Cybercriminals Are Using 1.2 Billion Stolen Cookies to Access Corporate Systems and More
NordVPN has issued a warning that cybercriminals are in possession of an astonishing 93.7 billion stolen cookies. The good news is that most of them are useless. The bad news is that 1.2 billion of them – which is an awful lot – are very potent in allowing them to access email accounts, banking apps and corporate systems. Many people just accept whatever cookies a web site wants to give them, but that can leave you and your enterprise vulnerable to just such an attack.
What can you do? 1. Don’t accept all cookies, especially those creepy third-party ones that track everything you do. 2. Keep all your devices updated with the latest security stuff. 3. Clean your browser regularly to get rid of old cookies. 4. Double-check your privacy settings on all your online accounts, so you can make sure you’re only sharing your information with services you trust.
Fake HTML Pages Threaten Memory for Chrome Users
Google has alerted Chrome users that hackers are exploiting a zero-day flaw in its V8 JavaScript and WebAssembly engines. Hackers are creating malicious HTML pages to exploit this flaw, and this allows them to corrupt your memory and execute arbitrary code in your browser. This can seriously compromise your entire system.
What can you do? If you use Chrome, update to version 137.0.7151.68/.69 on Windows and macOS, and version 137.0.7151.68 on Linux. If you use Chromium-based browsers such as Microsoft Edge, Brave, Opera and Vivaldi – download the latest updates.