In IT Finanzmagazin, the specialist magazine for IT and organisation at banks, savings banks and insurance companies, Metehan Manap, head of the IT Operational Services department at WWK, looks back on a great project in the field of e-mail encryption. Together with GlobalSign, NoSpamProxy secures the data protection compliant communication of the insurance group with […]
A Bochum research group today published a vulnerability in encrypted PDF files The BSI had published a preliminary information on this subject. It is to be expected that users will be highly unsettled. NoSpamProxy clarifies for whom which risks actually exist and who is affected. For special safety requirements, alternatives are shown.
Jede E-Mail ist angreifbar – theoretisch. Der Weg einer E-Mail durch das Internet ist lang, auch wenn die Schnelligkeit der Übertragung dies oft vergessen lässt. E-Mails können während des Transports abgefangen, gelesen oder sogar verändert werden. Zumindest, wenn sie unverschlüsselt versendet werden. Die Folgen sind unter Umständen verheerend: Finanzielle Schäden, Datenverlust oder Imageeinbußen drohen all denjenigen, die E-Mails unverschlüsselt austauschen. Zudem sind unverschlüsselte E-Mails schon heute nicht mehr mit dem Datenschutz vereinbar – auch im Hinblick auf die Datenschutz-Grundverordnung (DSGVO)
Ein Weg, sichere E-Mail-Kommunikation zu ermöglichen und Informationen vertraulich und geschützt zu versenden, ist die PKI-basierte E-Mail-Verschlüsselung und -Signatur. PKI steht für Public Key Infrastructure, und der bei Behörden und Firmen gebräuchlichste Standard für eine solche Verschlüsselung ist S/MIME (Secure/Multipurpose Internet Mail Extensions).
Since 7 June 2019, a warning about fake emails can be read on the website of the Federal Fiscal Court in Germany. According to the warning, previously unknown perpetrators send emails with malicious attachments and use the email domain of the Federal Fiscal Court in the sender. It goes without saying that the emails also look deceptively real. Although the Federal Fiscal Court’s warning is shared in the social media, the actual range is likely to be limited. The majority of the victims are informed – if at all – much too late. And this despite the fact that the DMARC specification is a freely available technology that could prevent this.
The new “No Spam Area” offers information and assistance on the topics of spam, malware and email security. It raises awareness of threats such as phishing, CxO fraud or Trojans, highlights effective countermeasures and assists in their concrete implementation.
For months we have been reading about increasingly sophisticated attacks on companies. With every new wave, we are amazed to discover that a particular virus or trojan is especially dangerous and clever. The programmer of the malware may even award himself or herself a medal if the German BSI issues a report or a news report mentions the attack.
Criminals have recently launched a wave of email attacks targeting industrial AutoCAD files. The focus is on companies in the renewable energy and automotive sectors. Industrial espionage thus reaches an unprecedented scale.
The #Efail debate has caused great uncertainty among users and IT departments regarding the effectiveness of email encryption. Headlines such as S/MIME and PGP hacked were not only factually incorrect, but also led some self-proclaimed experts to advise against the use email encryption in general. The fact that the problem is not S/MIME or PGP itself was completely ignored. In reality, encryption is bypassed by getting the email client to send the plain text of the email to the attacker.