Newly Discovered Zero-Day Exploit Threatens All Versions of Internet Explorer
Cadence's Internet and Mobile Banking Applications Not Directly Impacted
On April 26, 2014, Microsoft notified customers of a vulnerability, dubbed CVE-2014-1776, impacting all versions of its Internet Explorer web browser (IE 6 through 11) that has the potential to give hackers the same user rights as the current user.
This means an attacker who successfully infects a computer and gains administrative rights could conduct a variety of attacks, such as installing new programs, changing and deleting data, or creating new user accounts.
The issue impacts the use of Internet Explorer to access and browse the Internet. It is not a web server issue and does not directly impact Cadence's Internet or Mobile applications, including Online and Mobile Banking, Allegro!℠ and Fluent.
How do I become vulnerable to an attack?
To be vulnerable, an attacker would have to convince users to take action, typically by getting them to click a link in an email, text or IM message that takes users to the attacker's website. Importantly, a computer is not vulnerable without action by the user.
What can I do to protect myself?
Microsoft states they will take the appropriate action to protect their customers, which may include providing a solution through their monthly security update release process, or an out-of-cycle security update.
- Until a fix is released, the Department of Homeland Security's U.S. Computer Emergency Response Team is urging online users to avoid using Internet Explorer and employ an alternative Web browser.
- At Cadence Bank, we are encouraging our customers to use best practices when it comes to computer safety, such as enabling a firewall, applying all software updates, and installing antivirus and antispyware software.
- Additionally, we urge everyone to exercise caution when visiting websites, and avoid clicking suspicious links or opening email messages from unfamiliar senders. For additional information on phishing scams, visit: http://cadencebank.com/resource-center/reporting-phishing-scams.
- If IE must be used, Microsoft is advising users to download and install its Enhanced Mitigation Experience Toolkit (version 4.1), a free tool that boosts security on Windows. The software can be downloaded here: http://www.microsoft.com/en-us/download/details.aspx?id=41138. Always consult your IT specialists before installing any software at work.
- Recently, Microsoft stopped supporting Windows XP and will not be releasing updates for future security issues, including this exploit. It is strongly recommended that Windows XP consumers use an alternate browser until they upgrade their operating system.
- For further information on protecting your computer, visit Microsoft’s Safety and Security Center at http://www.microsoft.com/security/default.aspx.
Cadence Bank is committed to protecting our customers’ private information, and in doing so, employs the highest security standards. We continue to proactively monitor and secure our network to ensure the services that our customers depend on remain safe.