Somewhat unnoticed in the midst of tax-season fraud and other cybersecurity headlines is the factthat the U.S. business sector has seen a 54% jump in the number oftotal breaches reported so far.

As of April 11, the total number of breaches captured in the2017 ITRC Breach Report from the San Diego-based Identity TheftResource Center now totals 431, an increase of 37.3% over lastyear's record pace (314) for the same time period. The total numberof reported records exposed totals almost eight million, with thebusiness category representing more than half of the breachesand more than six million records.

With 21 breaches added in just the last week reported, the fiveindustry sectors are broken down by number of breaches as follows:Business = 54.1%, Medical/Healthcare= 24.1%, Educational = 14.4%,Government = 5.6% and Banking/Credit/Financial = 1.9%. The totalnumber of reported records by category were:Banking/Credit/Financial = 20,000, Business = 6,194,367,Educational = 41,448, Government/Military = 170,683 andMedical/Healthcare = 1,499,258.

The business category encompasses retail services, hospitalityand tourism, professional, trade, transportation, utilities,payment processors and other entities not included in the otherfour sectors. It also includes nonprofit organizations, industryassociations and non-government social service providers, as wellas life insurance companies and insurance brokers(non-medical).

In other cybersecurity news, McAfee reported attackers areexploiting a previously unidentified vulnerability in MicrosoftWord, which security researchers said can install malware, even onfully-patched computers. Because the HTML application isexecutable, the attacker can run code on the affected computerwhile evading memory-based mitigations designed to prevent thesekinds of attacks.

Activation of the vulnerability takes place when a mark opens afake Word document, which downloads a malicious HTML applicationfrom a server, masked as a rich text document file. The HTMLapplication meanwhile downloads and runs a malicious script thatcan stealthily install malware. The exploit connects to a remoteserver (controlled by the attacker), downloads a file that containsHTML application content and executes it as an .hta file. Because.hta is executable, the attacker gains full code execution on thevictim's machine.

“Thus, this is a logical bug and gives the attackers the powerto bypass any memory-based mitigations developed by Microsoft,”McAfee said in a blog post. “At McAfee, we have put significantefforts in hunting attacks such as advanced persistent threats andzero days. Yesterday, we observed suspicious activities from somesamples. After quick but in-depth research, we have confirmed thesesamples are exploiting a vulnerability in Microsoft Windows andOffice that is not yet patched.”

The samples detected are organized as Word files (morespecially, RTF files with “.doc” extension name). The exploit workson all Microsoft Office versions, including the latest Office 2016running on Windows 10. The earliest attack McAfee detected datesback to late January.