It’s the digital security training team at Freedom of the Press Foundation (FPF), with security news that keeps you, your sources, and your devices safe. If someone shared this newsletter with you, please subscribe here.

Firefox add-on developers targeted in phishing attacks

If you use Firefox, you might be interested to know that Mozilla issued a warning to add-on developers of a phishing campaign. Add-ons such as browser extensions used to customize browsers often have wide-reaching access to users’ browsing activity, so it’s especially important that developers maintain control over these accounts to protect the users of their browser extensions. Attackers are targeting developer accounts through AMO (addons.mozilla.org). According to Mozilla, these emails are variants on the message, “Your Mozilla Add-ons account requires an update to continue accessing developer features.” Mozilla has not yet shared details about the scale of the attacks, nor how many developers may have been compromised. Read more.

What you can do

  • Remove unneeded extensions. This is a good reminder to review your browser extensions and to minimize risk by uninstalling any that you don’t need. Firefox users can access extensions by navigating to the hamburger (three-line) menu at the top right corner of the screen, navigating to “Extensions and themes” and then “Extensions.” Similarly, at the top right of the screen, Chrome users can click on the three-dot menu and navigate to “Extensions.”
  • Make an exception for privacy-preserving extensions. We do sometimes recommend a few browser extensions for boosting your safety when browsing. The Electronic Frontier Foundation’s Privacy Badger will help block many trackers embedded in the websites you browse. Likewise, uBlock Origin will help block ads that may also be embedded with tracking code. You can always disable uBlock Origin on websites you’d like to support — or even better, become a paid subscriber!

Updates from our team

  • If you’re a journalist regularly recording interviews and have questions about the security and property issues related to recording apps, my colleague Evan Summers wrote something you’re going to love. Depending on your reporting needs (e.g., do you need transcription?), you may want specific features, each with their own safety implications. Check out his write-up.
  • In our newest “Ask a security trainer” column, someone wonders if we use a password for our password manager. Yes, and we also have backups for our authentication methods. Read all about it!

Our team is always ready to assist journalists with digital security concerns. Reach out here, and stay safe and secure out there.

Best,
Martin

Martin Shelton
Deputy Director of Digital Security
Freedom of the Press Foundation