Business users urged to switch off Internet Explorer after vulnerability exposed

It’s been a bad week for internet scams, with the country’s regulatory agencies warning against dodgy emails, while security advisors are now warning users of Microsoft’s Internet Explorer browser to log off due to a newly discovered vulnerability.

The vulnerability is a big piece of bad news for the browser, which is already widely criticised in comparison with competing browsers perceived to be more secure.

AVG security advisor Michael McKinnon has one recommendation for business users – “stop using Internet Explorer and explore some alternatives such as Google Chrome, or Firefox”.

The vulnerability was first exposed by security researcher Eric Romang earlier this week, who said on his blog the vulnerability was similar to the “zero-day” vulnerability.

Tech firm Rapid7 released its own warning earlier this week, saying “users are strongly advised to switch to other browsers, such as Chrome or Firefox, until a security update becomes available”.

“Computers can get compromised simply by visiting a malicious website, which gives the attackers the same privileges as the current user,” it warned, adding about 32% of users worldwide are at risk.

Hackers can use these browser vulnerabilities to gain access to a private computer, and thus personal information.

Microsoft has released a statement, saying that a fix is in the works. The company said just this morning that “we will release a fix it in the next few days”.

It also recommended users deploy a toolkit and change some settings so users can browse the internet safely.

But McKinnon says users would be better off bypassing Internet Explorer altogether.

“The reason why this advice is so relevant is this exploit has been discovered in the wild. It has been discovered being exploited, and that’s what makes it so serious.”

“It’s yet another example of how these serious types of software bugs can affect us all, and really reinforces how important it is to be up to date with access to this type of news.”

It is the second scam warning Australian users have received this week, after the Australian Securities and Investments Commission released a warning in conjunction with the ATO about a new scam.

The organisations warned a new email circulating claiming to be from “Barbara DuFrene”, masquerading as the chairman of ASIC and ATO, should be flagged. The email claims recipients are entitled to a tax refund.

It also said businesses are receiving phone calls from people claiming to be from ASIC, and charging for AISC fees.

“Scams can be very convincing and sometimes quote your personal information such as your address, phone number and date of birth to sound genuine,” ASIC commissioner Peter Kell said in a statement.

“Their offers can also be very attractive but don’t be lured by the false promises. Protect yourself by conducting a few basic checks before acting on an email or phone call out of the blue.”

McKinnon says businesses users should familiarise themselves with how scam emails appear by checking some examples on the ATO website, and then carefully pore over emails before handing over money.

“If we were all diligent, we’d look at an email from the ATO and think about whether it’s legit. In most cases, it’s probably not, which is the sad reality.”

“Businesses need to be careful. The days in which an email scam is obviously different from real messages are quickly diminishing.”

 

 

COMMENTS