A Bochum research group today published a vulnerability in encrypted PDF files. The BSI had published a preliminary information on this subject prior to the publication. It is to be expected that users will be highly unsettled. NoSpamProxy clarifies for whom which risks actually exist and who is affected. For special safety requirements, alternatives are shown.
Every email is vulnerable, theoretically. The path of an email through the Internet is long, even if the speed of transmission often makes you forget. Emails can be intercepted, read or even modified during transport. At least if they are sent unencrypted. The consequences can be devastating: financial damage, data loss or loss of image threaten all those who exchange unencrypted emails. In addition, unencrypted emails are already no longer compatible with data protection – also with regard to the GDPR.
One way to enable secure email communication and send information confidentially and securely is PKI-based email encryption and signature. PKI stands for Public Key Infrastructure, and the most common standard for such encryption used by government agencies and companies is S/MIME (Secure/Multipurpose Internet Mail Extensions).
Since 7 June 2019, a warning about fake emails can be read on the website of the Federal Fiscal Court in Germany. According to the warning, previously unknown perpetrators send emails with malicious attachments and use the email domain of the Federal Fiscal Court in the sender. It goes without saying that the emails also look deceptively real. Although the Federal Fiscal Court’s warning is shared in the social media, the actual range is likely to be limited. The majority of the victims are informed – if at all – much too late. And this despite the fact that the DMARC specification is a freely available technology that could prevent this.
The new “No Spam Area” offers information and assistance on the topics of spam, malware and email security. It raises awareness of threats such as phishing, CxO fraud or Trojans, highlights effective countermeasures and assists in their concrete implementation.
For months we have been reading about increasingly sophisticated attacks on companies. With every new wave, we are amazed to discover that a particular virus or trojan is especially dangerous and clever. The programmer of the malware may even award himself or herself a medal if the German BSI issues a report or a news report mentions the attack.
Criminals have recently launched a wave of email attacks targeting industrial AutoCAD files. The focus is on companies in the renewable energy and automotive sectors. Industrial espionage thus reaches an unprecedented scale.
The #Efail debate has caused great uncertainty among users and IT departments regarding the effectiveness of email encryption. Headlines such as S/MIME and PGP hacked were not only factually incorrect, but also led some self-proclaimed experts to advise against the use email encryption in general. The fact that the problem is not S/MIME or PGP itself was completely ignored. In reality, encryption is bypassed by getting the email client to send the plain text of the email to the attacker.
NoSpamProxy is a must at CeBIT 2018. This year CeBIT takes place for the first time in summer, from June 12 to 15 in Hannover. In cooperation with our partner Bundesdruckerei we will use practical examples to show you how easy it is to transmit DSGVO-compliant and encrypted emails containing personal data.