An unpatched exploit in Internet Explorer’s handling of MHT files is putting its users at risk. Hackers are using this flaw to their advantage by spying on Windows users to steal their information. Unfortunately, the way Internet Explorer opens MHT files leaves people at risk of this attack even if they don’t have the browser running. This attack can take place simply when an attachment is opened in a chat or email message. This issue can affect Windows 7, 10, and Server 2012 R2 users. Microsoft has acknowledged the issue but has declined to address it as an “urgent security” matter. They claimed that they would consider a fix in a future update.
A recent data breach has affected millions of students and faculty at Georgia Tech (Georgia Institute of Technology). This college is world-renowned for its computer technology programs, hence the surprise of its second data breach in less than one year. A central database at the school was accessed by an outside entity, leaving social security numbers, addresses and more vulnerable to exposure. Officials from Georgia Tech say they have corrected the issue, but the information still might have been exposed. Academic institutions are actually a big target for hackers, given the high volume of personal data stored in one place. This data breach is a great lesson for many people and businesses – even the strongest in cybersecurity can be vulnerable to attacks.
An unknown group of hackers has gained access to some Outlook email accounts after a breach in Microsoft’s customer support portal. Luckily, the content of the user’s emails was not made visible, only subject lines, email addresses, and folder names. Microsoft claims that they were unable to determine why this data was viewed, or for what purpose, but that they have addressed the scheme. They notified all affected customers of Outlook, disabled the compromised credentials and blocked access from the hacker group. Microsoft has noted that although passwords were not compromised in the attack, it is best to reset yours to be safe.
Many people download apps to track their finances, but not all of them are safe. A hacker recently uncovered flaws in 30 different financial apps available on Android devices only. This security flaw allows for sensitive information to be accessed through the API keys within the apps. These financial apps ranged from retail banking to auto insurance, and featured companies ranked in Fortune magazine’s top 100 companies. Some were shocked to find that these app developers were storing their data in subdirectories of the app, making them an easy bait for hackers. Out of the 30 apps tested for research, 83% of them were insecurely storing their data. This is why it is always important to do your research on any company you share your personal information with, especially in the app store.
If having your data stolen and held for ransom wasn’t bad enough – there is now a higher price to pay to get it back. With a recent increase in hands-on ransomware, attackers are hitting their victim’s closer to home. Instead of sending out mass phishing emails in hopes of gaining a few clicks, they are able to use vulnerabilities within someone’s remote desktop protocols and attack multiple PC’s at once. What was once a $6,700 average ransom has now risen to an average of $13,000. Most companies will pay the price with no hesitation, out of fear, not knowing that this can actually make them a target for more attacks. Having a data backup plan in place is crucial for the security of your business, as well as ensuring that you aren’t the next victim of a ransomware attack.