#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

email encryption | Breaking Cybersecurity News | The Hacker News

Category — email encryption
Google Takes Gmail Security to the Next Level with Client-Side Encryption

Google Takes Gmail Security to the Next Level with Client-Side Encryption

Dec 18, 2022 Encryption / Email Security
Google on Friday announced that its client-side encryption for Gmail is in beta for Workspace and education customers as part of its efforts to secure emails sent using the web version of the platform. The development comes at a time when concerns about online privacy and data security are at an all-time high, making it a welcome change for users who value the protection of their personal data. To that end, Google Workspace Enterprise Plus, Education Plus, and Education Standard customers can apply to sign up for the beta until January 20, 2023. It's not available to personal Google Accounts. "Using client-side encryption in Gmail ensures sensitive data in the email body and attachments are indecipherable to Google servers," the company  said  in a post. "Customers retain control over encryption keys and the identity service to access those keys." It is important to know that the latest safeguards offered by Gmail is different from end-to-end encryption.
BitDam Study Exposes High Miss Rates of Leading Email Security Systems

BitDam Study Exposes High Miss Rates of Leading Email Security Systems

Jan 21, 2020
Imagine receiving an email from US VP Mike Pence's official email account asking for help because he has been stranded in the Philippines. Actually, you don't have to. This actually happened. Pence's email was hacked when he was still the governor of Indiana, and his account was used to attempt to defraud several people. How did this happen? Is it similar to how the DNC server was hacked? Email hacking is one of the most widespread cyber threats at present. It is estimated that around 8 out of 10 people who use the internet have received some form of phishing attack through their emails. Additionally, according to Avanan's 2019 Global Phish Report , 1 in 99 emails is a phishing attack. BitDam is aware of how critical emails are in modern communication. BitDam published a new study on the email threat detection weaknesses of the leading players in email security, and the findings command attention. The research team discovered how Microsoft's Office365
Cyber Story Time: The Boy Who Cried "Secure!"

Cyber Story Time: The Boy Who Cried "Secure!"

Nov 21, 2024Threat Detection / Pentesting
As a relatively new security category, many security operators and executives I've met have asked us "What are these Automated Security Validation (ASV) tools?" We've covered that pretty extensively in the past, so today, instead of covering the " What is ASV?" I wanted to address the " Why ASV?" question. In this article, we'll cover some common use cases and misconceptions of how people misuse and misunderstand ASV tools daily (because that's a lot more fun). To kick things off, there's no place to start like the beginning. Automated security validation tools are designed to provide continuous, real-time assessment of an organization's cybersecurity defenses. These tools are continuous and use exploitation to validate defenses like EDR, NDR, and WAFs. They're more in-depth than vulnerability scanners because they use tactics and techniques that you'll see in manual penetration tests. Vulnerability scanners won't relay hashes or combine vulnerabilities to further attacks, whic
Google to Encrypt Android Cloud Backups With Your Lock Screen Password

Google to Encrypt Android Cloud Backups With Your Lock Screen Password

Oct 15, 2018
In an effort to secure users' data while maintaining privacy, Google has announced a new security measure for Android Backup Service that now encrypts all your backup data stored on its cloud servers in a way that even the company can't read it. Google allows Android users to automatically backup their essential app data and settings to their Google account, allowing them to simply restore it when required, instead of re-configuring all the apps after formatting or switching to a new phone. However, until now your backup data was not encrypted and visible to Google, and now the company is going to change its storage procedure. Starting with Android Pie, Google is going to encrypt your Android device backup data in the following way: Step 1: Your Android device will generate a random secret key (not known to Google), Step 2: The secret key will then get encrypted using your lockscreen PIN/pattern/passcode (not known to Google), Step 3: This passcode-protected
cyber security

Creating, Managing and Securing Non-Human Identities

websitePermisoCybersecurity / Identity Security
A new class of identities has emerged alongside traditional human users: non-human identities (NHIs). Permiso Security's new eBook details everything you need to know about managing and securing non-human identities, and strategies to unify identity security without compromising agility.
GnuPG Flaw in Encryption Tools Lets Attackers Spoof Anyone's Signature

GnuPG Flaw in Encryption Tools Lets Attackers Spoof Anyone's Signature

Jun 15, 2018
A security researcher has discovered a critical vulnerability in some of the world's most popular and widely used email encryption clients that use OpenPGP standard and rely on GnuPG for encrypting and digitally signing messages. The disclosure comes almost a month after researchers revealed a series of flaws, dubbed eFail , in PGP and S/Mime encryption tools that could allow attackers to reveal encrypted emails in plaintext , affecting a variety of email programs, including Thunderbird, Apple Mail, and Outlook. Software developer Marcus Brinkmann discovered that an input sanitization vulnerability, which he dubbed SigSpoof , makes it possible for attackers to fake digital signatures with someone's public key or key ID, without requiring any of the private or public keys involved. The vulnerability, tracked as CVE-2018-12020 , affects popular email applications including GnuPG, Enigmail, GPGTools and python-gnupg, and have now been patched in their latest available so
Here's How eFail Attack Works Against PGP and S/MIME Encrypted Emails

Here's How eFail Attack Works Against PGP and S/MIME Encrypted Emails

May 14, 2018
With a heavy heart, security researchers have early released the details of a set of vulnerabilities discovered in email clients for two widely used email encryption standards—PGP and S/MIME—after someone leaked their paper on the Internet, which was actually scheduled for tomorrow. PGP and S/MIME are popular end-to-end encryption standards used to encrypt emails in a way that no one, not even the company, government, or cyber criminals, can spy on your communication. Before explaining how the vulnerability works, it should be noted that the flaw doesn't reside in the email encryption standards itself; instead, it affects a few email clients/plugins that incorrectly implemented the technologies. Dubbed eFail by the researchers, the vulnerabilities, as described in our previous early-warning article , could allow potential attackers to decrypt the content of your end-to-end encrypted emails in plaintext, even for messages sent in the past. According to the paper released
Critical Flaws in PGP and S/MIME Tools Can Reveal Encrypted Emails in Plaintext

Critical Flaws in PGP and S/MIME Tools Can Reveal Encrypted Emails in Plaintext

May 14, 2018
Note— the technical details of the vulnerabilities introduced in this article has now been released, so you should also read our latest article to learn how the eFail attack works and what users can do to prevent themselves. An important warning for people using widely used email encryption tools—PGP and S/MIME—for sensitive communication. A team of European security researchers has released a warning about a set of critical vulnerabilities discovered in PGP and S/Mime encryption tools that could reveal your encrypted emails in plaintext. What's worse? The vulnerabilities also impact encrypted emails you sent in the past. PGP, or Pretty Good Privacy, is an open source end-to-end encryption standard used to encrypt emails in a way that no one, not even the company, government, or cyber criminals, can spy on your communication. S/MIME, Secure/Multipurpose Internet Mail Extensions, is an asymmetric cryptography-based technology that allows users to send digitally signed
Microsoft Office 365 Gets Built-in Ransomware Protection and Enhanced Security Features

Microsoft Office 365 Gets Built-in Ransomware Protection and Enhanced Security Features

Apr 06, 2018
Ransomware has been around for a few years, but it has become an albatross around everyone's neck, targeting big businesses, hospitals, financial institutions and individuals worldwide and extorting millions of dollars. Last year, we saw some major ransomware outbreaks, including WannaCry  and  NotPetya , which wreaked havoc across the world, hitting hundreds of thousands of computers and business networks worldwide. From small to mid-range businesses, Microsoft Office 365 remains the most widely used and fastest-growing work office suite, so it's no surprise that it has become a primary target for viruses, ransomware, and phishing scams. In fact, most strains of ransomware target Microsoft productivity apps such as Word, Excel and encrypt sensitive data to hold the company hostage until the ransom is paid. Now, to combat such cyber attacks, Microsoft has announced some new security features for Office 365 that can help users mitigate the damage done by ransomware a
Serious Crypto-Flaw Lets Hackers Recover Private RSA Keys Used in Billions of Devices

Serious Crypto-Flaw Lets Hackers Recover Private RSA Keys Used in Billions of Devices

Oct 17, 2017
If you think KRACK attack for WiFi is the worst vulnerability of this year, then hold on… ...we have got another one for you which is even worse. Microsoft, Google, Lenovo, HP and Fujitsu are warning their customers of a potentially serious vulnerability in widely used RSA cryptographic library produced by German semiconductor manufacturer Infineon Technologies. It's noteworthy that this crypto-related vulnerability (CVE-2017-15361) doesn't affect elliptic-curve cryptography and the encryption standard itself, rather it resides in the implementation of RSA key pair generation by Infineon's Trusted Platform Module (TPM). Infineon's Trusted Platform Module (TPM) is a widely-used, dedicated microcontroller designed to secure hardware by integrating cryptographic keys into devices and is used for secured crypto processes. This 5-year-old algorithmic vulnerability was discovered by security researchers at Masaryk University in the Czech Republic, who have relea
Cryptography Expert Says, 'PGP Encryption is Fundamentally Broken, Time for PGP to Die'

Cryptography Expert Says, 'PGP Encryption is Fundamentally Broken, Time for PGP to Die'

Aug 19, 2014
A Senior cryptography expert has claimed multiple issues with PGP email encryption - an open source end-to-end encryption  to secure email. Before continuing, I would like to clarify that covering this topic doesn't mean you should stop using PGP encryption , instead we are bringing to you what Security researcher has argued about its fundamental implications.  PGP or Pretty Good Privacy , a program written in 1991, uses symmetric public key cryptography and hashing that allow both Privacy and Security , as well as Authenticity . Privacy and Security ensure users to exchange messages securely and Authenticity proves the origin of those messages. But PGP is a complicated multi-step process, which requires users to keep track of the public keys of other users in order to communicate. Despite clumsiness of the PGP implementation, the popular Internet giants such as Google and Yahoo! have looked forward to integrate it into their popular email services. A respected research profes
End-to-End Encryption for Yahoo Mail Coming Next Year

End-to-End Encryption for Yahoo Mail Coming Next Year

Aug 08, 2014
Today at Black Hat 2014 hacking conference, Yahoo! Chief Information Security Officer Alex Stamos announced that the company will start giving its consumers the option of end-to-end encryption in its Mail service by next year. Google showed off a PGP-based encryption plugin for Gmail back in June. The Purple-hued company will offer encryption via a modified version of the same End-to-End browser plug-in that Google uses for PGP in Gmail, Alex Stamos told the audience at his talk titled Building Safe Systems at Scale - Lessons from Six Months at Yahoo. The PGP plugin will be native in mobile apps allowing Gmail and Yahoo mail to easily exchange encrypted email. Infact, the email providers themselves won't be able to decrypt messages exchanged between its users. Only senders and recipients will be able to read the messages. In short, it means that Yahoo email users can reportedly send safe and secure messages between Yahoo users and also Gmail adherents without fear, wh
PayPal Freezes $275,000 Campaign Funds of Secure-Email Startup 'ProtonMail'

PayPal Freezes $275,000 Campaign Funds of Secure-Email Startup 'ProtonMail'

Jul 01, 2014
ProtonMail ,  an End-to-End Encrypted email service developed by MIT, Harvard and CERN researchers, who already received over $275,000 from a crowdfunding campaigns to their PayPal account, and was so much excited to launch its beta version, but just before that PayPal freezes their account without any warning. " At this time, it is not possible for ProtonMail to receive or send funds through PayPal, " ProtonMail co-founder Andy Yen announced this morning. " No attempt was made by PayPal to contact us before freezing our account, and no notice was given. " ProtonMail is a new super-secure email service that encrypts the data on the browser before it communicates with the server, this means only encrypted data is stored in the email service servers. GO HOME PAYPAL, YOU ARE DRUNK ProtonMail service is based in Switzerland, so it won't have to comply with American courts' demands to provide users data. But a representative from the American payment service, PayPal
ProtonMail: 'NSA-Proof' End-to-End Encrypted Email Service

ProtonMail: 'NSA-Proof' End-to-End Encrypted Email Service

May 26, 2014
The Edward Snowden revelations triggered a large-scale movement worldwide towards deploying encryption across the Internet for secure services, which is something the government agencies like NSA and GCHQ have targeted repeatedly, as exemplified by abruptly shutting down Lavabit , a Texas-based Encrypted Email Service. In response, a group of young developers at the European Organization for Nuclear Research (CERN) has launched a new email service which offers end-to-end encryption and securing communications that could put an end to government snooping and will keep away our personal data from prying eyes. PROTONMAIL - AN END-to-END ENCRYPTED EMAIL This new encrypted email service, called ProtonMail is a super-secure email service created in collaboration with the scientists from Harvard, the Massachusetts Institute of Technology and the European research lab CERN. ProtonMail offers a user-friendly experience with full "end-to-end" encryption . It encrypts the data on the browser
Apple iOS 7 Updates Silently Remove Encryption for Email Attachments

Apple iOS 7 Updates Silently Remove Encryption for Email Attachments

May 01, 2014
There is no question that Mobile devices have become a staple in everyday living around the world. But have you ever asked yourself, How Secure are the Android, iPhone or any other Smart devices? It is really important for us to think about the Security and Privacy of our Data stored in Smartphones. In June 2010, Apple introduced ' Data protection ' feature in iOS 4.0 devices that offer hardware encryption for  all the data stored on the devices. " Data protection enhances the built-in hardware encryption by protecting the hardware encryption keys with your passcode. This provides an additional layer of protection for your email messages attachments , and third-party applications ." Apple claimed  in an old announcement. But unexpectedly, In last few updates Apple has silently removed the email attachment encryption from  data protection mechanisms. Noticed by Security Researcher -  Andreas Kurtz , claims that  since at least version 7.0.4 and including the current
Google Working On End-to-End Encryption for Gmail Service

Google Working On End-to-End Encryption for Gmail Service

Apr 22, 2014
Constant password breaches and Snowden revelations about Government Surveillance have raised many questions that why don't cloud and email Services encrypt the data stored on their server?  Revelations forced the popular Internet Giants such as Google and Yahoo to contemplate on the privacy and security issues and in response companies started enhancing their encryption standard by enabling HTTPS by default and removed the option to turn it off. A few days back, Google admitted that their automated systems read your content, including incoming and outgoing emails to provide you personally relevant advertisements. That means Internet giants generally do encrypt your data, but they have the key so they can decrypt it any time they want. Encryption is mandatory in Modern Internet and web services should consider Encrypting and decrypting your data locally, so that no one can snoop on. Such cryptographic mechanism is called End-to-End Encryption , that means content of yo
Back off, NSA! Gmail now Encrypts every single Email

Back off, NSA! Gmail now Encrypts every single Email

Mar 21, 2014
2014 - The Year for Encryption! Good News for Security & Privacy seekers, Gmail is now more secure than ever before. Google has announced that it has enhanced encryption for its Gmail email service to protect users from government cyber-spying; by removing the option to turn off HTTPS . So from today, Gmail will always use an encrypted HTTPS connection by default when you check or send email. Furthermore, Google also assured that every single email message will now be encrypted as it moves internally between the company's data centers. " Today's change means that no one can listen in on your messages as they go back and forth between you and Gmail's servers—no matter if you're using public WiFi or logging in from your computer, phone or tablet. " Nicolas Lidzborski, Gmail Security Engineering Lead said in a blog post . It was previously disclosed by Edward Snowden that the National Security Agency (NSA) is intercepting email messages as they
Twitter enables StartTLS for Secure Emails to prevent Snooping

Twitter enables StartTLS for Secure Emails to prevent Snooping

Mar 14, 2014
TWITTER is taking users' privacy and security very seriously and in an effort to prevent Government snooping, the company has secured your Twitter emails with with TLS (Transport Layer Security). Twitter emails were previously using a plain text communication protocol, that now has been upgraded to an encrypted (TLS or SSL) connection using STARTTLS . In a blog post, Twitter announced : " Since mid-January, we have been protecting your emails from Twitter using TLS in the form of StartTLS. StartTLS encrypts emails as they transit between sender and receiver and is designed to prevent snooping. It also ensures that emails you receive from Twitter haven't been read by other parties on the way to your inbox if your email provider supports TLS. " " These email security protocols are part of our commitment to continuous improvement in privacy protections and complement improvements like our securing of web traffic with forward secrecy and always-on HTT
Expert Insights / Articles Videos
Cybersecurity Resources