#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

email security | Breaking Cybersecurity News | The Hacker News

Category — email security
What is SMTP STS? How It improves Email Security for StartTLS?

What is SMTP STS? How It improves Email Security for StartTLS?

Mar 24, 2016
Despite so many messaging apps, Email is still one of the widely used and popular ways to communicate in this digital age. But are your Emails secure? We are using email services for decades, but the underlying 1980s transport protocol used to send emails, Simple Mail Transfer Protocol (SMTP), is ancient and lacks the ability to secure your email communication entirely. However, to overcome this problem, SMTP STARTTLS was invented in 2002 as a way to upgrade an insecure connection to a secure connection using TLS. But, STARTTLS was susceptible to man-in-the-middle attacks and encryption downgrades. But worry not. A new security feature is on its way!!! SMTP STS: An Effort to Make Email More Secure Top email providers, namely Google, Microsoft, Yahoo!, Comcast, LinkedIn, and 1&1 Mail & Media Development, have joined forces to develop a new email standard that makes sure the emails you send are going through an encrypted channel and cannot be sniffed. Dubbed SMT
Deleting WhatsApp Messages Before 90 Days Could Land you in Jail

Deleting WhatsApp Messages Before 90 Days Could Land you in Jail

Sep 22, 2015
While the Indian people continue to struggle for Net Neutrality, a new problem surrounded them with the release of the latest policy for ' National Encryption Policy ' by the Indian Government. If you delete your WhatsApp Messages or Emails that you receive or send before 90 days, it might be a crime and you can End-up In Jail. If the new National Encryption Policy implements that come up with weird suggestions — one should not delete WhatsApp conversation, Gmail or any email for 90 days, it would be an Internet Disaster. With the aim to 'provide confidentiality of information' and ensure 'protection of sensitive or proprietary information', the draft policy, proposed by an so-called ' expert panel ' from the Department of Electronics and Information Technology ( DeitY ) , requires: Access to your Private Data The government wants to have access to all your encrypted information including your personal emails, text and voice messages, and data stored in a privat
The Secret Weakness Execs Are Overlooking: Non-Human Identities

The Secret Weakness Execs Are Overlooking: Non-Human Identities

Oct 03, 2024Enterprise Security / Cloud Security
For years, securing a company's systems was synonymous with securing its "perimeter." There was what was safe "inside" and the unsafe outside world. We built sturdy firewalls and deployed sophisticated detection systems, confident that keeping the barbarians outside the walls kept our data and systems safe. The problem is that we no longer operate within the confines of physical on-prem installations and controlled networks. Data and applications now reside in distributed cloud environments and data centers, accessed by users and devices connecting from anywhere on the planet. The walls have crumbled, and the perimeter has dissolved, opening the door to a new battlefield: identity . Identity is at the center of what the industry has praised as the new gold standard of enterprise security: "zero trust." In this paradigm, explicit trust becomes mandatory for any interactions between systems, and no implicit trust shall subsist. Every access request, regardless of its origin,
'Undo Send' — How to Unsend Emails in Gmail

'Undo Send' — How to Unsend Emails in Gmail

Jun 24, 2015
Sending an important and confidential email to one of my friends and mistakenly clicked send to someone else. Holy crap! This is something experienced by everyone of us at some point. When we accidentally hit the reply-all button, send an email to the wrong person, or sometimes forget to attach a file, and then left only with an instant pain of regret. It feels like there is no going back. Isn't it? But to make you go back and rectify your mistakes, Google has rolled out a new feature that delays sending your email for 30 seconds after you hit Send, so that you can recall it if you want to make some changes. You Have 30 Seconds to Unsend an Email After the feature remained in public beta for six years, Google has finally brought this life-saving " Undo Send " feature to the main settings on the Web version of Google's Gmail service. Once enabled, the Undo Send feature offers you up to 30-second window to "undo" sending an outgoing ema
cyber security

The State of SaaS Security 2024 Report

websiteAppOmniSaaS Security / Data Security
Learn the latest SaaS security trends and discover how to boost your cyber resilience. Get your free…
Tor-Based Dark Web Email Service Targeted by Government Spies

Tor-Based Dark Web Email Service Targeted by Government Spies

Apr 25, 2015
The administrator of the popular Darknet email service , SIGAINT , is warning its users that the email service has become a target of a suspected law enforcement agency who tried to compromise it. About a week ago, SIGAINT has been targeted by an attacker who tried to hack the service by using nearly 70 bad Tor exit nodes , one of the service's administrator informed its users via the tor-talk mailing list on Thursday. Before jumping on the news, Let's first understand what are Exit Nodes? As I said, SIGAINT uses TOR anonymization network which means when an email sent from one user to any destination, the email routed through multiple relays/nodes that actually aren't aware of the sender's identity. The last machine that processes the email known as a Tor exit relay or Tor exit node. The end user who receives that email can see the IP of the exit node instead of the IP address of the original sender. And this is how, SIGAINT allows you to send
Complete Google Security Checkup, Get 2GB Extra Google Drive Space

Complete Google Security Checkup, Get 2GB Extra Google Drive Space

Feb 11, 2015
Google has found an excellent idea to celebrate Safer Internet Day . The search engine giant is offering a nice perk for its users who complete a quick Security Checkup by February 17th. No doubt, its willing to bribe us, , but you probably should review your security settings anyway, and I loved the idea. Now, what's the perk?? Google is providing you 2GB of extra space in your Google Drive account and there's an easy way to fetch the offer. You just have to check your account security, and for that, simply follow the steps given below: In the next week, head to Google's security checkup page Then, follow some simple instructions given on the page Under the Security Checkup process, a user will go through simple confirmations, like: Your backup email address Ensures your account recovery information is current Lets you review recent sign-in activity Confirms the list of apps that access your account information. The process will hardly take 5 minutes or so t
Google Releases Chrome Extension for End-To-End Email Encryption

Google Releases Chrome Extension for End-To-End Email Encryption

Dec 18, 2014
Back in june this year, Google announced an alpha Google Chrome extension called " End-to-End " for sending and receiving emails securely, in wake of former NSA contractor Edward Snowden's revelations about the global surveillance conducted by the government law-enforcements. Finally, the company has announced that it made the source code for its End-to-End Chrome extension open source via GitHub . Google is developing a user-friendly tool for individuals to implement the tough encryption standard known as Pretty Good Privacy (PGP) in an attempt to fully encrypt people's Gmail messages that can't even be read by Google itself, nor anyone else other than the users exchanging the emails. PGP is an open source end-to-end encryption standard for almost 20 years, used to encrypt e-mail over the Internet providing cryptographic privacy and authentication for data communication, which makes it very difficult to break. But implementing PGP is too complicated for m
PayPal Freezes $275,000 Campaign Funds of Secure-Email Startup 'ProtonMail'

PayPal Freezes $275,000 Campaign Funds of Secure-Email Startup 'ProtonMail'

Jul 01, 2014
ProtonMail ,  an End-to-End Encrypted email service developed by MIT, Harvard and CERN researchers, who already received over $275,000 from a crowdfunding campaigns to their PayPal account, and was so much excited to launch its beta version, but just before that PayPal freezes their account without any warning. " At this time, it is not possible for ProtonMail to receive or send funds through PayPal, " ProtonMail co-founder Andy Yen announced this morning. " No attempt was made by PayPal to contact us before freezing our account, and no notice was given. " ProtonMail is a new super-secure email service that encrypts the data on the browser before it communicates with the server, this means only encrypted data is stored in the email service servers. GO HOME PAYPAL, YOU ARE DRUNK ProtonMail service is based in Switzerland, so it won't have to comply with American courts' demands to provide users data. But a representative from the American payment service, PayPal
Google Admits that It Reads your Emails

Google Admits that It Reads your Emails

Apr 16, 2014
Google has updated its privacy terms and conditions on Monday to offer more transparency regarding its email-scanning practices. One of the world's biggest Web internet giant, Google, made it clear that the information its users submit and share with its systems is all analyzed. Last year, Google was accused of its illegal interception of all electronic communications sent to Gmail account holders and using the gathering data to sell and place advertisements in order to serve related ads to its users. Practically, the more information you let Google collect about you, the more accurate its adverts become. But Google has long insisted that its scanning practices are outlined in its terms of service. So, finally admitting the accusation, Google has made some changes in its terms of service res a new paragraph that explains the manner in which its software automatically scans and analyzes the content of Gmail messages when they are sent, received, and stored. " Our
Yahoo Mail turns on HTTPS encryption by default to protect users

Yahoo Mail turns on HTTPS encryption by default to protect users

Jan 09, 2014
After the release of NSA Secret spying over Internet communications, I am expecting from all tech companies to make surveillance significantly harder. Yahoo has HTTPS encryption support since late 2012, but users had to opt in to use the feature. Documents revealed by the Edward Snowden shows that the NSA secretly accessed data from several tech giants, including Yahoo, by intercepting unencrypted Internet traffic in a program called Muscular. As promised back in October 2013,  Yahoo  has finally enabled the HTTPS connections by default for their users, that will now automatically encrypts the connections between users and its email service. Jeff Bonforte , senior vice-president of communication products at Yahoo announced  in a blog post: It is 100% encrypted by default and protected with 2,048 bit certificates. This encryption extends to your emails, attachments, contacts, as well as Calendar and Messenger in Mail. HTTPS by default is really a good news for Yahoo users, that will
Former UCM Students Charged with Hacking and Data Theft

Former UCM Students Charged with Hacking and Data Theft

Dec 02, 2010
Two former University of Central Missouri students have been charged with hacking university databases, stealing confidential information, and attempting to sell it for profit. Joseph Camp and Daniel Fowler were indicted by a federal grand jury. They allegedly created a computer virus and spread it through email attachments and USB flash drives. They breached the personal data of about 90,000 UCM students, faculty, staff, and alumni. Camp and Fowler then tried to sell the information for $35,000. The seven-count indictment also charges them with attempting to steal university funds and using Facebook accounts to threaten potential witnesses. The charges could result in prison sentences of between two and ten years. According to a Computerworld report, "The duo used Fowler's room as their base and, over a three-month period between October and December 2009, broke into numerous university databases and computers, including one belonging to a university administrator."
Legitimate-Looking Ads Used to Recruit Money Mules for Criminal Operations

Legitimate-Looking Ads Used to Recruit Money Mules for Criminal Operations

Nov 01, 2010 Cybersecurity / Financial Crime
Money mules have been aggressively recruited this year to help cybercriminals launder money, according to Fortinet. A recent example of this is the worldwide prosecution of a Zeus criminal operation, which included 37 charges against alleged money mules. Recent Zeus stories illustrate how prevalent money mules have become and how they are being used to filter, disguise, and spread money transfers. Today, mules are typically recruited into criminal organizations through legitimate-looking advertisements. A suspect ad may suggest a client is looking for a "payment processing agent," "money transfer agent," or something as vague as an "administrative representative." These recruitment ads can be found anywhere from print and online job sites to direct points of contact. While many mules likely enter into the business relationship knowing the full criminal implications of what they are doing, a surprising number do not. One of the most recent money mule rec
Expert Insights / Articles Videos
Cybersecurity Resources