Dubai: The UAE’s Computer Emergency Response Team (CERT) – an initiative of the Telecommunications Regulatory Authority (TRA) – has cautioned internet users against vulnerabilities found in web browsers Google Chrome and Firefox.
CERT was established to promote, build and ensure a safer and secure cyber environment and culture in the UAE.
The response team CERT issued a warning on April 5, encouraging users to upgrade their Firefox browser after vulnerabilities were also discovered in the app.
Vulnerabilities are software errors in the systems that can be exploited by criminals to interfere with the systems and influence them, according to the TRA.
“Mozilla released a security update for Firefox and Firefox ESR to patch vulnerabilities currently being exploited by attackers, which may lead to controlling target devices remotely,” it said.
CERT recommended users to update to the latest Firefox 74.0.1 and Firefox ESR 68.6.1 to avoid risks posed by these vulnerabilities.
In another advisory dated April 2, the authority urged internet users to update the app Google Chrome to version 81 after high-rated security vulnerabilities were found in the older version.
In its warning, CERT said: “Google has released version 80.0.3987.162 of the Chrome browser on Windows, Linux and Mac, [has] vulnerabilities, some of which allow attackers to take control of the system.”
It went on to "advise" users and administrators to update the browser to the latest version.
Cyber attacks
The TRA recently published its monthly report on cybersecurity developments for the month of March 2020, which were flagged by UAE federal entities. The team responded to 34,936 cyber-attacks during March, varying between malware (59 per cent), vulnerabilities (34 per cent) and phishing attacks (6 per cent).
The number of attempted attacks increased by 11 per cent since last February by 3,449 incidents.
Malware was described as “software created for the purpose of destroying, influencing, or illegally obtaining systems and programs. Malware includes viruses, ransomware, spyware, and others.”
Phishing, according to the TRA, is a process in which the criminal impersonates reliable companies or entities to trick the users into submitting their private data such as the password and bank information, through fake messages or websites.
