The National Information Technology Board (NITB) announced that critical vulnerabilities have been found in some products of Mozilla i.e. Mozilla Firefox, Firefox ESR, and Mozilla Thunderbird. These vulnerabilities can allow attackers to execute code on the user’s browser enabling phishing attacks on these products.
Critical vulnerabilities have been found in Mozilla Firefox, Firefox ESR, & Mozilla Thunderbird allowing the attacker to execute malicious code in users' browsers, enabling website cloning for phishing attacks on services.
Upgrade the latest versions of these products #Security pic.twitter.com/4ELCIbsbzn— National Information Technology Board (NITB) (@NationalITBoard) October 6, 2020
Phishing is usually done by cloning certain websites so they look identical to the original ones and whenever a user tries to log in to the website or provides any sort of information on the website, it is recorded by the hackers and used later or sold on the black market.
NITB has also recently warned users about malicious emails. These emails are said to contain PDF/LNK files that can steal sensitive information like passwords and other documents upon clicking.
One particular document identified that is used in phishing emails is “Protocol.doc”.
NITB has been sending out tweets since September 21 which include products like Safari, tvOS, watchOS, Xcode so that people are aware of such attacks and do not lose their private data. So far they have only advised to be vigilant and update their products to the latest software version.
If you are using any of the above-mentioned products we suggest that you update to the latest versions immediately and beware of any suspicious emails as well.
Image Source: Malwarebytes
