Search results for secure email communication | Breaking Cybersecurity News | The Hacker News

Despite so many messaging apps, Email is still one of the widely used and popular ways to communicate in this digital age. But are your Emails secure? We are using email services for decades, but the underlying 1980s transport protocol used to send emails, Simple Mail Transfer Protocol (SMTP), is ancient and lacks the ability to secure your email communication entirely. However, to overcome this problem, SMTP STARTTLS was invented in 2002 as a way to upgrade an insecure connection to a secure connection using TLS. But, STARTTLS was susceptible to man-in-the-middle attacks and encryption downgrades. But worry not. A new security feature is on its way!!! SMTP STS: An Effort to Make Email More Secure Top email providers, namely Google, Microsoft, Yahoo!, Comcast, LinkedIn, and 1&1 Mail & Media Development, have joined forces to develop a new email standard that makes sure the emails you send are going through an encrypted channel and cannot be sniffed. Dubbed SMT...

In 1982, when SMTP was first specified, it did not contain any mechanism for providing security at the transport level to secure communications between mail transfer agents. Later, in 1999, the STARTTLS command was added to SMTP that in turn supported the encryption of emails in between the servers, providing the ability to convert a non-secure connection into a secure one that is encrypted using TLS protocol. However, encryption is optional in SMTP, which implies that emails can be sent in plaintext.  Mail Transfer Agent-Strict Transport Security (MTA-STS)  is a relatively new standard that enables mail service providers the ability to enforce Transport Layer Security (TLS) to secure SMTP connections and to specify whether the sending SMTP servers should refuse to deliver emails to MX hosts that that does not offer TLS with a reliable server certificate. It has been proven to successfully mitigate TLS downgrade attacks and Man-in-the-Middle (MitM) attacks. SMTP TLS Report...

How many of you know the fact that your daily e-mails are passaged through a deep espionage filter? This was unknown until the whistleblower Edward Snowden broke all the surveillance secrets, which made privacy and security important for all Internet users than ever before. I often get asked "How to send encrypted email?", "How can I protect my emails from prying eyes?" and "Which is the best encrypted email service?". Although, there are a number of encryption tools that offers encrypted email service to ensure that no one can see what you are sending to someone else. One such tool to send encrypted emails is PGP ( Pretty Good Privacy ), an encryption tool designed to protect users' emails from snooping. However, setting up a PGP Environment for non-tech users is quite a difficult task, so more than 97% of the Internet users, including government officials, are still communicating via unencrypted email services i.e. Gmail, Ya...

In my last article, we have learnt that how to encrypt our Emails using Gnu Privacy Guard . Previously we used Microsoft Outlook as a desktop mail client and a GpgOL plugin to handle encryption decryption of our communication. Since Microsoft is a US-based company, that has to follow all the laws of that contingent. Should we trust Microsoft product to save our e-mail password and data? Obviously NO!  This made me write a new article on the same topic is that today we are going to use an open source mail client i.e.  Mozilla Thunderbird , available for Windows, Mac OS X and Linux. Thunderbird Installation: Initially you need to download the Thunderbird mail client, and install it to make your email communication more secure and private. Open Thunderbird tool and configure your mail account, as shown: Installing and Configuring ENIGMAIL:  In the next step you need to install an Add-on in Thunderbird, called  ENIGMAIL . You can search and install add-on using...

Are you aware of how secure your domain is? In most organizations, there is an assumption that their domains are secure and within a few months, but the truth soon dawns on them that it isn't. Spotting someone spoofing your domain name is one way to determine if your security is unsatisfactory - this means that someone is impersonating you (or confusing some of your recipients) and releasing false information. You may ask, "But why should I care?" Because these spoofing activities can potentially endanger your reputation. With so many companies being targeted by domain impersonators, email domain spoofing shouldn't be taken lightly. By doing so, they could put themselves, as well as their clients, at risk.  Your domain's security rating can make a huge difference in whether or not you get targeted by phishers looking to make money quickly or to use your domain and brand to spread ransomware without you knowing it! Check your domain's security rating with ...

A Senior cryptography expert has claimed multiple issues with PGP email encryption - an open source end-to-end encryption  to secure email. Before continuing, I would like to clarify that covering this topic doesn't mean you should stop using PGP encryption , instead we are bringing to you what Security researcher has argued about its fundamental implications.  PGP or Pretty Good Privacy , a program written in 1991, uses symmetric public key cryptography and hashing that allow both Privacy and Security , as well as Authenticity . Privacy and Security ensure users to exchange messages securely and Authenticity proves the origin of those messages. But PGP is a complicated multi-step process, which requires users to keep track of the public keys of other users in order to communicate. Despite clumsiness of the PGP implementation, the popular Internet giants such as Google and Yahoo! have looked forward to integrate it into their popular email services. A respected research p...

Constant password breaches and Snowden revelations about Government Surveillance have raised many questions that why don't cloud and email Services encrypt the data stored on their server?  Revelations forced the popular Internet Giants such as Google and Yahoo to contemplate on the privacy and security issues and in response companies started enhancing their encryption standard by enabling HTTPS by default and removed the option to turn it off. A few days back, Google admitted that their automated systems read your content, including incoming and outgoing emails to provide you personally relevant advertisements. That means Internet giants generally do encrypt your data, but they have the key so they can decrypt it any time they want. Encryption is mandatory in Modern Internet and web services should consider Encrypting and decrypting your data locally, so that no one can snoop on. Such cryptographic mechanism is called End-to-End Encryption , ...

Werner Koch , the man who authored the free email encryption software , is running out of funding to continue the development of his crucial open-source GNU Privacy Guard (GnuPG) encryption tools.The code works on plenty of operating systems from Linux and FreeBSD to Windows and OS X. The popular Gnu Privacy Guard (GnuPG or GPG) email encryption software is the same used by the former United States National Security Agency (NSA) contractor and whistleblower Edward Snowden to keep his communication secure from law enforcement authorities. GPG uses the OpenPGP standard to safeguard the communications of millions of people, including journalists, dissidents and security-minded people, around the world from eavesdroppers and other miscreants. GPG EMAIL ENCRYPTION RELIES ON THIS GUY ONLY Werner Koch has been maintaining and improving the code of his own secure email software since its initial development in 1997, and since then he has worked at very low wages, but is now...

Everything we do online, whether chatting on phone, talking via video or audio, sending messages on phones or emails are being watched by Governments and Intelligence agencies. However, many Internet giants offer encrypted environment in an effort to protect our online data from prying eyes, but still those companies can read our data stored into their servers. But, there is a great news for Gmail users. On Tuesday, Google has announced two major privacy enhancements in its Gmail and this new push for its email service will even protect our data and communication from Google itself. With the ongoing concerns about privacy and the pervasiveness of email communications, Google already provides encryption for its Gmail called Transit encryption (HTTPS). In which only the transmission of emails sending or receiving is protected by the transit encryption but not the content of the email. Few Months back, Google itself admitted that their automated systems read our email c...

Security researchers have disclosed as many as 40 different vulnerabilities associated with an opportunistic encryption mechanism in mail clients and servers that could open the door to targeted man-in-the-middle (MitM) attacks, permitting an intruder to forge mailbox content and steal credentials. The now-patched flaws, identified in various STARTTLS implementations, were  detailed  by a group of researchers Damian Poddebniak, Fabian Ising, Hanno Böck, and Sebastian Schinzel at the 30th USENIX Security Symposium. In an Internet-wide scan conducted during the study, 320,000 email servers were found vulnerable to what's called a command injection attack. Some of the popular clients affected by the bugs include Apple Mail, Gmail, Mozilla Thunderbird, Claws Mail, Mutt, Evolution, Exim, Mail.ru, Samsung Email, Yandex, and KMail. The attacks require that the malicious party can tamper connections established between an email client and the email server of a provider and has log...

Note— the technical details of the vulnerabilities introduced in this article has now been released, so you should also read our latest article to learn how the eFail attack works and what users can do to prevent themselves. An important warning for people using widely used email encryption tools—PGP and S/MIME—for sensitive communication. A team of European security researchers has released a warning about a set of critical vulnerabilities discovered in PGP and S/Mime encryption tools that could reveal your encrypted emails in plaintext. What's worse? The vulnerabilities also impact encrypted emails you sent in the past. PGP, or Pretty Good Privacy, is an open source end-to-end encryption standard used to encrypt emails in a way that no one, not even the company, government, or cyber criminals, can spy on your communication. S/MIME, Secure/Multipurpose Internet Mail Extensions, is an asymmetric cryptography-based technology that allows users to send digitally signed ...

Looking for a Secure Smartphone? World's biggest Aerospace company - Boeing is finally close to the launch of its high-security Android Smartphone, called " Boeing Black (H8V-BLK1) ", primarily designed for secure communication between Governmental agencies and their contractors. Encrypted email, Secure Instant Messaging and Other privacy services and tools are booming in the wake of the National Security Agency's recently revealed surveillance programs. Encryption isn't meant to keep hackers out, but when it's designed and implemented correctly, it alters the way messages look. Boeing is the company which is already providing secure communications for US Government officials, including the president. Don't mess with it, It can  Self-Destruct:  Boeing Black Smartphone can Self-Destruct  if it is tampered with, destroying all the data on it. The device is delivered in complete sealed form, any attempt to open the seal of the device will dest...

In this era of Global surveillance, we all are worried about the privacy of our communication and sensitive data. There is no guarantee that our data is not being snooped on, but there is a solution — PGP (Pretty Good Privacy). PGP (Pretty Good Privacy) is more than 20 years old technology but is yet not widely adopted. PGP is an open source end-to-end encryption standard to encrypt e-mails, protecting you against companies, governments, or criminals spying on your Internet connection. But... ...the tool is too complicated for most of the people to implement and use. However, Facebook is now encouraging its users to use PGP and communicate by sending encrypted emails, adding the popular OpenPGP email encryption standard as an extra layer of security for the cautious. According to the latest announcement , you can now upload your Public PGP key to your Facebook profile so that anyone with your public key can send you encrypted emails. By giving such option to...

For decades, Microsoft Exchange has been the backbone of business communications, powering emailing, scheduling and collaboration for organizations worldwide. Whether deployed on-premises or in hybrid environments, companies of all sizes rely on Exchange for seamless internal and external communication, often integrating it deeply with their workflows, compliance policies and security frameworks. However, Microsoft has officially announced that support for Exchange Server 2016 and Exchange Server 2019 will end on October 14, 2025. While this may seem like a distant concern, businesses and IT teams must start preparing now. The end of support means that Microsoft will no longer provide security patches, bug fixes or technical support, leaving organizations running on these versions exposed to security vulnerabilities, compliance risks and potential operational disruptions. So, what should businesses do now? In this article, we'll explore the impact of Microsoft's decision, the risks...