This posting is here to collect cyber security news in August 2020.
I post links to security vulnerability news with short descriptions to comments section of this article.
If you are interested in cyber security trends, read my Cyber security trends 2020 posting.
You are also free to post related links to comments.
240 Comments
Tomi Engdahl says:
Australia to spend $1.2 billion on cyber security for private sector
after rise in attacks
https://www.reuters.com/article/us-australia-cyber/australia-to-spend-1-2-billion-on-cyber-security-for-private-sector-after-rise-in-attacks-idUSKCN25204O
Australia will spend A$1.66 billion ($1.19 billion) over the next 10
years to strengthen the cyber defences of companies and households
after a rise in cyber attacks, Prime Minister Scott Morrison said on
Thursday. Cyber attacks on businesses and households are costing about
A$29 billion $20.83 billion) or 1.5% of Australia’s gross domestic
product (GDP), Morrison told reporters in Canberra.
Tomi Engdahl says:
Scanning Activity Include Netcat Listener
https://isc.sans.edu/forums/diary/Scanning+Activity+Include+Netcat+Listener/26442/
This activity started on the 5 July 2020 and has been active to this
day only scanning against TCP port 81. The GET command is always the
same except for the Netcat IP which has changed a few times since it
started. If you have a webserver or a honeypot listening on TCP 81,
this activity might be contained in your logs. I have included the URL
to the IPDetails reported to ISC that shows similar activity from the
same source IP address listed in this diary.
Tomi Engdahl says:
China is now blocking all encrypted HTTPS traffic that uses TLS 1.3
and ESNI
https://www.zdnet.com/article/china-is-now-blocking-all-encrypted-https-traffic-using-tls-1-3-and-esni/
The block was put in place at the end of July and is enforced via
China’s Great Firewall. The Chinese government has deployed an update
to its national censorship tool, known as the Great Firewall (GFW), to
block encrypted HTTPS connections that are being set up using modern,
interception-proof protocols and technologies. The ban has been in
place for at least a week, since the end of July, according to a joint
report published this week by three organizations tracking Chinese
censorship — iYouPort, the University of Maryland, and the Great
Firewall Report.
Tomi Engdahl says:
Onko Android-puhelimessasi haittaohjelma? Nämä oireet enteilevät pahaa
https://www.is.fi/digitoday/tietoturva/art-2000006594928.html
Haittaohjelmat uhkaavat Android-käyttäjiä jopa virallisessa Google
Play -latauskaupassa. Niiden aiheuttamat vahingot voivat näkyä
esimerkiksi puhelinlaskussa, mutta haittaohjelman voi usein tunnistaa
jo ennen sitä tarkkailemalla puhelimen käytöstä.
Tomi Engdahl says:
A Vulnerability in GNU C Library Could Allow for Remote Code Execution
https://www.cisecurity.org/advisory/a-vulnerability-in-gnu-c-library-could-allow-for-remote-code-execution_2020-105/
A vulnerability has been discovered in the GNU C Library (glibc), which could allow for remote code execution. This library is required in all modern distributions of Linux as it defines the system calls and other basic facilities used in the Linux kernel. Successful exploitation of this vulnerability could allow an attacker to execute remote code in the context of the affected application. Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploitation could result in a denial-of-service condition.
Tomi Engdahl says:
https://www.nytimes.com/2020/08/12/world/middleeast/north-korea-hackers-israel.html
… Israel claimed Wednesday that it had thwarted a cyberattack by a North Korea-linked hacking group on its classified defense industry.
The Defense Ministry said the attack was deflected “in real time” and that there was no “harm or disruption” to its computer systems.
However, security researchers at ClearSky, the international cybersecurity firm that first exposed the attack, said the North Korean hackers penetrated the computer systems and were likely to have stolen a large amount of classified data. Israeli officials fear the data could be shared with North Korea’s ally, Iran.
Tomi Engdahl says:
Musk’s Neuralink Could Lead To Hackers Erasing Memories, Researchers Warn
Researchers worry about the potential impacts of Neuralink and other brain-computer interfaces, speculating that memory hacking might be possible.
https://screenrant.com/elon-musk-neuralink-hackers-erasing-memories-warning/
Tomi Engdahl says:
If you thought deleting your photos and direct messages on Instagram meant something, you were wrong. https://tcrn.ch/3fRAGXT
Tomi Engdahl says:
Nikhilesh De / CoinDesk:
US says it has seized 300+ “cryptocurrency accounts”, worth around $2M, four websites, and four Facebook pages used by al-Qaeda, Hamas’ military wing, and ISIS — The U.S. Department of Justice (DOJ) announced the “largest ever seizure of terrorist organizations’ cryptocurrency accounts” …
https://www.coindesk.com/us-prosecutors-attempt-to-seize-bitcoin-allegedly-tied-to-al-qaeda
Tomi Engdahl says:
Richard Nieva / CNET:
YouTube bans videos containing info obtained through hacking that could interfere with the election and will remove content that encourages meddling in voting
YouTube bans videos containing hacked information that could interfere with the election
https://www.cnet.com/news/ahead-of-dnc-and-rnc-conventions-youtube-bans-videos-containing-hacked-information/
The Google-owned video site will also take down content that encourages meddling in the voting process.
Tomi Engdahl says:
Charlie Osborne / ZDNet:
Researchers say a now-patched Alexa vulnerability could have been exploited to hand over users’ personal data, voice recordings, banking data history, and more
In one click: Amazon Alexa could be exploited for theft of voice history, PII, skill tampering
Subdomains belonging to the service were found to be harboring CORS errors and vulnerable to XSS attacks.
https://www.zdnet.com/article/in-one-click-amazon-alexa-could-be-exploited-for-theft-of-voice-history-pii-skill-tampering/
Tomi Engdahl says:
An Alexa Bug Could Have Exposed Your Voice History to Hackers
Amazon has patched the flaw, but its discovery underscores the importance of locking down your voice assistant interactions.
https://www.wired.com/story/amazon-alexa-bug-exposed-voice-history-hackers/
Tomi Engdahl says:
Samsung paikkaa puhelimien kriittisiä aukkoja – päivitys kannattaa asentaa pian
https://www.is.fi/digitoday/mobiili/art-2000006597573.html?ref=rss
Samsung on alkanut jakaa puhelimiinsa päivitystä, joka sisältää muiden ominaisuuksien lisäksi tärkeitä parannuksia laitteen tietoturvaan, kertoo Bleeping Computer -verkkolehti.
Lehden mukaan päivitystä on jaettu viime lauantaista 8. elokuuta lähtien.
Ehkä tärkein paikkauksista korjaa aukon, jonka kautta hyökkääjä on voinut saada Samsung-puhelimen kokonaan hallintaansa.
Samsung rolls out Android updates fixing critical vulnerabilities
https://www.bleepingcomputer.com/news/security/samsung-rolls-out-android-updates-fixing-critical-vulnerabilities/
Tomi Engdahl says:
UK court says face recognition violates human rights
https://apnews.com/424f063d7fcb0c270bf4f52ce4b8f81b
The use of facial recognition technology by British police has violated human rights and data protection laws, a court said Tuesday, in a decision praised as a victory against invasive practices by the authorities.
In a case trumpeted as the first of its kind, Britain’s Court of Appeal ruled Tuesday in the case of civil rights campaigner Ed Bridges, who argued that South Wales Police caused him “distress” by scanning his face as he shopped in 2017 and as he attended a peaceful anti-arms protest in 2018.
The appeals judges ruled that the way the system was being used during tests was unlawful. The decision does not necessarily mean that facial recognition cannot be used at all, but that authorities should take greater care in how they deploy it.
Tomi Engdahl says:
https://www.securityweek.com/google-run-experiment-fight-against-url-spoofing-chrome
Tomi Engdahl says:
Intel Patches Many Privilege Escalation Vulnerabilities in Server Boards
https://www.securityweek.com/intel-patches-many-privilege-escalation-vulnerabilities-server-boards
One advisory published by the tech giant describes over 20 vulnerabilities affecting Intel Server Boards,
Server Systems and Compute Modules. A majority of the flaws can be exploited for privilege escalation, and
a few of them can allow an attacker — one of them can be exploited without authentication — to launch DoS
attacks via local access.
The most serious of the security holes is CVE-2020-8708, a critical improper authentication issue that
allows an unauthenticated attacker to elevate privileges via adjacent access. Server Boards, Server
Systems and Compute Modules prior to version 1.59 are impacted.
Ten of the other flaws have been classified as high severity. They can be exploited for privilege
escalation via local or adjacent access, and they are caused by buffer overflows, improper input
validation, improper access control, and incorrect execution-assigned permissions in the file system.
Tomi Engdahl says:
A simple telephony honeypot received 1.5 million robocalls across 11 months
https://www.zdnet.com/google-amp/article/a-simple-telephony-honeypot-received-1-5-million-robocalls-across-11-months/
Researchers say that most campaigns take place in short-burst storms and that answering a robocall doesn’t mean you’ll be targeted more often in the future.
Tomi Engdahl says:
For six months, security researchers have secretly distributed an Emotet vaccine across the world
https://www.zdnet.com/article/for-six-months-security-researchers-have-secretly-distributed-an-emotet-vaccine-across-the-world/
Binary Defense researchers have identified a bug in the Emotet malware and have been using it to prevent the malware from making new victims.
Most of the time, fighting malware is a losing game. Malware authors create their code, distribute payloads to victims via various methods, and by the time security firms catch up, attackers make small changes in their code to quickly regain their advantage in secrecy.
It has been like this since the late 80s, when malware first appeared on the scene, and despite the claims of most security firms, it will remain like this for the foreseeable future.
Once in a while, we do get good news from security researchers or law enforcement authorities. Malware authors can slip up and get arrested, or large-scale coordinated efforts manage to bring down larger botnets.
However, not all malware operations can be hurt this way.
Today, Emotet scares IT departments at companies all over the world and has given massive headaches to the entire cyber-security industry.
As such, Emotet also has bugs.
In the cyber-security industry, there’s a very dangerous moral line when it comes to exploiting bugs in malware, a line many security companies won’t cross, fearing they might end up harming the infected computers by accident.
However, a rare bug can sometimes appear that is both safe to exploit and has devastating consequences for the malware itself.
One such bug came to light earlier this year
Quinn noticed Emotet was creating a Windows registry key and saving an XOR cipher key inside it.
Quinn was able to put together a tiny PowerShell script that exploited the registry key mechanism to crash Emotet itself.
The script, cleverly named EmoCrash, effectively scanned a user’s computer and generated a correct — but malformed — Emotet registry key.
Effectively, Quinn had created both an Emotet vaccine and killswitch at the same time. But the researcher said the best part happened after the crashes.
“Two crash logs would appear with event ID 1000 and 1001, which could be used to identify endpoints with disabled and dead Emotet binaries,” Quinn said.
Working behind the scenes, Team CYMRU made sure that EmoCrash made its way into the hands of national Computer Emergency Response Teams (CERTs), which then spread it to the companies in their respective jurisdictions.
This broad and well-orchestrated effort has helped EmoCrash make its way around the globe over the course of the past six months.
Binary Defense doesn’t believe the Emotet gang ever found out about their tool, but the gang most likely knew something was wrong. Since February and through the subsequent months, Emotet iterated through several new versions and changes in its code. None fixed the issue.
Emotet gang did, eventually, changed its entire persistence mechanism on Aug. 6
EmoCrash may not be useful to anyone anymore, but for six months, this tiny PowerShell script helped organizations stay ahead of malware operations — a truly rare sight in today’s cyber-security field.
Tomi Engdahl says:
Looking at active Cyber Threats with LeakIX
https://pentestmag.com/looking-at-active-cyber-threats-with-leakix/
#pentest #magazine #pentestmag #pentestblog #PTblog #LeakIX #OSINT #tool #cyber #threat #searching #cybersecurity #infosecurity #infosec
Tomi Engdahl says:
U.S. seizes $2 million from more than 300 cryptocurrency accounts used by terror groups
https://www.cnbc.com/2020/08/13/us-seizes-2-million-dollars-from-crypto-accounts-used-by-terror-groups.html
The Justice Department said it seized $2 million from more than 300 cryptocurrency accounts in what it described as the largest-ever seizure of its kind.
The agency said three overseas terrorist groups used cryptocurrencies and social media to raise funds for their terror campaigns.
Tomi Engdahl says:
NSA and FBI Cybersecurity Advisory – Russian GRU 85th GTsSS Deploys
Previously Undisclosed Drovorub Malware
https://media.defense.gov/2020/Aug/13/2002476465/-1/-1/0/CSA_DROVORUB_RUSSIAN_GRU_MALWARE_AUG_2020.PDF
Drovorub is a Linux malware toolset consisting of an implant coupled
with a kernel module rootkit, a file transfer and port forwarding
tool, and a Command and Control (C2) server. When deployed on a victim
machine, the Drovorub implant (client) provides the capability for
direct communications with actorcontrolled C2 infrastructure; file
download and upload capabilities; execution of arbitrary commands as
“root”; and port forwarding of network traffic to other hosts on the
network.
Tomi Engdahl says:
USA:n vaatimus huolestuttaa perustelee koronavirusta vastaan
taistelemisella
https://www.tivi.fi/uutiset/tv/0c589aa6-82d6-48c5-bd03-d3640338f858
Yhdysvallat toivoo pääsevänsä käsiksi ihmisten paikkatietoihin,
nimettömät lähteet paljastavat.
Tomi Engdahl says:
Critical Flaws in WordPress Quiz Plugin Allow Site Takeover
https://threatpost.com/critical-flaws-wordpress-quiz-plugin-site-takeover/158379/
The recently patched flaws could be abused by an unauthenticated,
remote attackers to take over vulnerable websites.
Tomi Engdahl says:
Instagram Retained Deleted User Data Despite GDPR Rules
https://threatpost.com/instagram-retained-deleted-user-data-despite-gdpr-rules/158366/
The photo-sharing app retained peoples photos and private direct
messages on its servers even after users removed them.
Tomi Engdahl says:
Elisalla poikkeuksellinen häiriötilanne: Viihde-palvelun ongelmat
kestäneet jo päiviä
https://www.is.fi/digitoday/art-2000006603504.html
Elisan Viihde-palvelun häiriöt alkoivat torstaina. Vielä
lauantai-iltana vian korjaustoimenpiteet olivat kesken.
Tomi Engdahl says:
PoC Exploit Targeting Apache Struts Surfaces on GitHub
https://threatpost.com/poc-exploit-github-apache-struts/158393/
Researchers have discovered freely available PoC code and exploit that
can be used to attack unpatched security holes in Apache Struts 2.
Tomi Engdahl says:
For six months, security researchers have secretly distributed an
Emotet vaccine across the world
https://www.zdnet.com/article/for-six-months-security-researchers-have-secretly-distributed-an-emotet-vaccine-across-the-world/
Binary Defense researchers have identified a bug in the Emotet malware
and have been using it to prevent the malware from making new victims.
Tomi Engdahl says:
Elon Musk Confirms Overdue Move To Make Tesla Cars Harder To Hack
https://www.forbes.com/sites/daveywinder/2020/08/15/elon-musk-confirms-overdue-move-to-make-tesla-cars-harder-to-hack/
Tomi Engdahl says:
Tokmannin sivut alhaalla koko viikonlopun syynä kömmähdys
verkkotunnuksen kanssa: Tapahtui vielä perjantaina
https://www.is.fi/taloussanomat/art-2000006603134.html
Tokmannin sijoittajasuhde- ja viestintäpäällikkö Maarit Mikkonen
kertoo, että sivut ovat todennäköisesti alhaalla maanantaihin saakka..
toim. huom. sivut palautuivat lauantai-illalla käyttöön
Tomi Engdahl says:
CRA shuts down online service after accounts breached
https://m.youtube.com/watch?feature=youtu.be&v=eV9_FO3HtX0
The Canada Revenue Agency says it will be reaching out to those affected by letter.
Read more: https://www.cbc.ca/1.5688163
CRA shuts down online services after thousands of accounts breached in cyberattacks
Temporary measure blocks Canadians from applying for some emergency COVID-19 benefits
The Canada Revenue Agency has temporarily shut down its online services after the agency confirmed it was recently hit by two cyberattacks that compromised thousands of accounts linked to its services.
While the breaches have been contained, services connected to My Account, My Business Account and Represent a Client on the CRA website have been disabled as an additional safety measure.
The agency said Saturday that as of Aug. 14, about 5,500 accounts had been affected by the separate attacks.
“The CRA quickly identified the impacted accounts and disabled access to these accounts to ensure the safety and security of the taxpayer’s information,”
Tomi Engdahl says:
Popular Notepad++ text editor banned in China
https://www.bleepingcomputer.com/news/software/popular-notepad-plus-plus-text-editor-banned-in-china/
China has banned the popular Notepad replacement software called Notepad++ due to the developer’s protests against the political unrest in Hong Kong and China’s human rights violations of the Uyghur people.
The Notepad++ twitter account states that this block is likely being done due to the release of their ‘Stand with Hong Kong’ and ‘Free Uyghur’ editions
Tomi Engdahl says:
Properly crowdsourced, you don’t even need to hack the application. Just spoof GPS coordinates (easy to do on Android, you don’t even need to root the device) to a particular location and the app itself will do the hard work.
[https://www.wired.com/story/hacking-traffic-lights-netherlands/](https://www.wired.com/story/hacking-traffic-lights-netherlands/)
Tomi Engdahl says:
Ex-CIA agent arrested, charged with spying for China for years
https://trib.al/6CwJCEk
Tomi Engdahl says:
Tea at the Ritz soured by credit card scammers
https://www.bbc.co.uk/news/technology-53793922
Diners at the luxury Ritz hotel in London have been targeted by
“extremely convincing” scammers who posed as hotel staff to steal
payment card details.
Tomi Engdahl says:
Operation Dream Job Widespread North Korean Espionage Campaign
https://www.clearskysec.com/operation-dream-job/
During June-August of 2020, ClearSkys analysis team had investigated
an offensive campaign attributed with high probability to North Korea,
which we call Dream Job. This campaign has been active since the
beginning of the year and it succeeded, in our assessment, to infect
several dozens of companies and organizations in Israel and globally.
full report
https://www.clearskysec.com/wp-content/uploads/2020/08/Dream-Job-Campaign.pdf
Tomi Engdahl says:
XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on
Safari, Other Browsers, Leverages Zero-day Exploits
https://blog.trendmicro.com/trendlabs-security-intelligence/xcsset-mac-malware-infects-xcode-projects-performs-uxss-attack-on-safari-other-browsers-leverages-zero-day-exploits/
We have discovered an unusual infection related to Xcode developer
projects. Upon further investigation, we discovered that a developers
Xcode project at large contained the source malware, which leads to a
rabbit hole of malicious payloads.
Tomi Engdahl says:
This surprise Linux malware warning shows that hackers are changing
their targets
https://www.zdnet.com/article/this-surprise-linux-malware-warning-shows-that-hackers-are-changing-their-targets/
The revelation from the FBI and National Security Agency that Russian
military intelligence has built malware to target Linux systems is the
latest dramatic twist in the unrelenting cybersecurity battle.
Tomi Engdahl says:
Microsoft Put Off Fixing Zero Day for 2 Years
https://krebsonsecurity.com/2020/08/microsoft-put-off-fixing-zero-day-for-2-years/
A security flaw in the way Microsoft Windows guards users against
malicious files was actively exploited in malware attacks for two
years before last week, when Microsoft finally issued a software
update to correct the problem.
Tomi Engdahl says:
Crypto-mining worm steal AWS credentials
https://www.zdnet.com/article/crypto-mining-worm-steal-aws-credentials/
TeamTNT has become the first crypto-minining botnet to include a
feature that scans and steal AWS credentials.
Tomi Engdahl says:
Ruotsin televisio ja radio kielsivät työntekijöiltään Tiktokin
https://www.is.fi/digitoday/tietoturva/art-2000006605128.html
SVT:n mukaan Tiktok kerää enemmän tietoa kuin on tarpeellista
kiinalaiselle omistajayhtiölleen Bytedancelle.
Tomi Engdahl says:
Cloud Threat Hunting: Attack & Investigation Series Privilege
Escalation via EC2
https://blog.checkpoint.com/2020/08/17/cloud-threat-hunting-attack-investigation-series-privilege-escalation-via-ec2/
Tomi Engdahl says:
ISIS allegedly used Facebook in bid to scam people desperate for face masks
https://mashable.com/article/doj-isis-facebook-coronavirus-face-masks/?europe=true
In mid-March, as the first shelter-in-place orders were issued across the U.S. and desperate public health officials scrounged for medical grade face masks, an online store by the name of FaceMaskCenter.com offered hope. Despite the global shortage, it claimed to have hundreds of thousands of FDA-approved N95 masks, and would be delighted to sell them to businesses in need.
Unfortunately, as the Department of Justice alleged on Thursday, FaceMaskCenter.com was in fact a scam. Not only were the masks it listed for sale not FDA approved, but according to the DOJ the entire operation was run by a known “ISIS facilitator” by the name of Murat Cakar. That’s right, ISIS got in on the face mask grift.
Tomi Engdahl says:
Thousands of Canadian Government Accounts Hacked
https://www.securityweek.com/thousands-canadian-government-accounts-hacked
Thousands of user accounts for online government services in Canada were recently hacked during cyber attacks, authorities said Saturday.
The attacks targeted the GCKey service, used by some 30 federal departments and Canada Revenue Agency accounts, the Treasury Board of Canada Secretariat explained in a press release.
The passwords and usernames of 9,041 GCKey account holders “were acquired fraudulently and used to try and access government services,” the authorities said.
All affected accounts have been cancelled.
About 5,500 Canada Revenue Agency accounts were targeted in this and another attack, the authorities said, adding that access to these accounts has been suspended to protect taxpayer information.
Tomi Engdahl says:
Mary Jo Foley / ZDNet:
Microsoft says Teams support for IE 11 will end on Nov 30 and 365 apps on Aug 17, 2021; legacy Edge browser will not receive security updates after Mar 9, 2021 — Microsoft will begin the gradual phase-out of IE11 by ending Teams support for it this fall. Microsoft will stop providing security updates …
Microsoft outlines its IE, legacy Edge phase-out timetable
https://www.zdnet.com/article/microsoft-outlines-its-ie-legacy-edge-phase-out-timetable/
Microsoft will begin the gradual phase-out of IE11 by ending Teams support for it this fall. Microsoft will stop providing security updates for the desktop version of legacy Edge after next March.
Tomi Engdahl says:
Dealing with a Hole in Secure Boot
What happens when UEFI secure boot isn’t secure? A vulnerability in GRUB2 code has the open-source community hard at work.
https://www.electronicdesign.com/altembedded/article/21138054/dealing-with-a-hole-in-secure-boot
Tomi Engdahl says:
Cyberattack shuts down Canadian government accounts
https://amp.cnn.com/cnn/2020/08/17/tech/cyberattack-canada-government-accounts/index.html
The Canadian government said it was forced to shut down most of its online portals on the weekend after a sustained cyberattack over the last several days.
At one point over the weekend, Canadian officials disclosed they detected as many as 300,000 attempted attacks to access accounts on at least 24 government systems.
“Early on Saturday morning a CRA (Canadian Revenue Agency) portal was directly targeted with a large amount of traffic using a botnet to attempt to attack the services through credential stuffing,” said Marc Brouillard, acting Chief Information Officer for the government of Canada. “Out of an abundance of caution the CRA portal was shut down to contain the attack and implement measures to protect CRA services.”
A “credential stuffing” attack is one in which stolen usernames and passwords are mined to fraudulently access personal accounts.
In total, more than 11,000 out of 12 million personal accounts were compromised, including tax accounts and online portals accessing Covid-19 relief programs. Government officials say they hope to have online services restored by Wednesday.
Tomi Engdahl says:
https://www.hackread.com/dark-web-hitman-hire-child-victim-of-sexual-abuse/
Tomi Engdahl says:
Securus sued for ‘recording attorney-client jail calls, handing them to cops’ – months after settling similar lawsuit
Gonna blame a software bug again?
https://www.theregister.com/2020/08/19/securus_lawsuit_attorney_client_calls/
Jail phone telco Securus provided recordings of protected attorney-client conversations to cops and prosecutors, it is claimed, just three months after it settled a near-identical lawsuit.
The corporate giant controls all telecommunications between the outside world and prisoners in American jails that contract with it. It charges far above market rate, often more than 100 times, while doing so.
Tomi Engdahl says:
Node.js community finally prodded to patch Chromium XHR bug after developer refuses to let flaw stand
If at first you don’t succeed, try, try… try, try, try… try again
https://www.theregister.com/2020/08/18/nodejs_chromium_patch/
Tomi Engdahl says:
Trusting OpenPGP and S/Mime with your email secrets? Depending on your mail client, you might want to rethink that
Encryption’s solid yet that’s not the whole story by a long chalk
https://www.theregister.com/2020/08/19/openpgp_smime_email_client_flaws/
Boffins testing the security of OpenPGP and S/MIME, two end-to-end encryption schemes for email, recently found multiple vulnerabilities in the way email client software deals with certificates and key exchange mechanisms.
They found that five out of 18 OpenPGP-capable email clients and six out of 18 S/MIME-capable clients are vulnerable to at least one attack.
These flaws are not due to cryptographic weaknesses. Rather they arise from the complexity of email infrastructure, based on dozens of standards documents, as it has evolved over time, and the impact that’s had on the way affected email clients handle certificates and digital signatures.
In a paper [PDF] titled “Mailto: Me Your Secrets. On Bugs and Features in Email End-to-End Encryption,”