Majority of Encrypted Email Clients Vulnerable to Signature Spoofing

Majority of Encrypted Email Clients Vulnerable to Signature Spoofing | #TpromoCom #Email #Encryption #Security | Researchers have found that encrypted emails are not always as secure as we might think. From more than two dozen popular encrypted email clients, they found that the majority are vulnerable to one or more signature spoofing attacks.

Good cryptography is nearly impossible to break with contemporary commercial computers — so attackers don’t often attempt to. Instead, they attack the implementation and use of cryptography, where the weaknesses are more often found. This is especially true for email, where the implementation of encrypted emails is particularly challenging.

Researchers from the Ruhr University Bochum and Munster University of Applied Sciences have investigated (PDF) the implementation of the two major email encryption standards, OpenPGP and S/MIME, and have found them largely wanting. While the use of encrypted emails is not widespread, wherever it is used is likely to secure valuable or particularly sensitive content. So, it is disturbing that the researchers found flaws in the design of many leading secure email clients. Fourteen out of 20 tested OpenPGP-capable clients, and 15 out of 22 clients supporting S/MIME were susceptible to digital signature spoofing.

To read the remainder of this news article, click here.

A New Consensus Is Emerging On How to Handle The Risk from China’s 5G

A New Consensus Is Emerging On How to Handle The Risk from China’s 5G | #TpromoCom #China #Spy #5G | Chinese telecom tech is invading the physical world, but Europeans and industry have strategies to contain the threat.

“No one calls it an intelligence risk, but national security agencies across the world are concerned about China’s 5G modems and other devices,” says Al Colombo, Senior Design Specialist with TpromoCom of Canton, Ohio.

Much of the Western intelligence debate around Chinese high-speed 5G technology has focused on hardware and software. Once the hardware is already out in the wild — which most think is inevitable — the future of the fight is in managing risk. It’s doable, if not yet widely advertised, according to several experts speaking at a U.S. intelligence conference this week, by quarantining Chinese equipment and deploying smarter electromagnetic spectrum management tools to better handle threats.

Bottom line: Huawei leads the world in the ability to rapidly produce cheap telecom hardware (as well as the underlying software.) Recent reports, including one from NATO, state it plainly. It’s one reason why European countries, including U.S. allies like Germany and the U.K., have been reluctant to ban tech from Huawei outright, even in the face of heavy U.S. pressure.

To read the remainder of this extremely interesting and timely news article, click here.

Keeping Your Cloud Safe in the Cloud World

Keeping Your Cloud Safe in the Cloud World: Chrome Enterprise’s unique approach to endpoint security | #TpromoCom #Cloud #Security #Chrome | It’s not just about firewalls and anti-virus. Security is becoming strategic.

82% of CIOs expect their IT and security strategy to be tightly integrated, according to our State of the CIO survey. That’s no doubt driving increases in security spending. Depending on who you ask, security consumes anywhere from 10 to 15 percent of overall IT budgets.

Interested? Click Here!

Press Release: NVT Phybridge Warns All Partners, Customers and Stakeholders Regarding Potential Fraudulent Communications, Requests and Misuse of Company Identity

NVT Phybridge Warns All Partners, Customers and Stakeholders Regarding Potential Fraudulent Communications, Requests and Misuse of Company Identity | #TpromoCom #Cyber #Fraud #Identification | In the wake of fraudulent messages concerning the IT industry, NVT Phybridge wishes to alert its partners, stakeholders, customers, suppliers, and all third parties that could be the target of such malicious solicitations.

NVT Phybridge has been made aware of instances of attempted identity theft designed to deceive current or potential company stakeholders through the use of fraudulent tactics. This notice is a reminder that valid and legitimate email addresses belonging to NVT Phybridge follow the naming conventions below:

  • firstname.lastname@nvtphybridge.com
  • firstname.lastname@phybridge.com
  • FirstnameinitialLastname@nvt.com
  • department@nvtphybridge.com
  • mailto:firstname.lastname@nvtphybridge.com
  • function@nvtphybridge.com

Any communications received appearing to be from NVT Phybridge that do not follow the above conventions are not from NVT Phybridge and should be reported immediately to support@nvtphybridge.com. NVT Phybridge will not be held responsible for any harm and/or damages that may result from the fraudulent use of its name or reputation. Accordingly, you should employ an appropriate level of caution to verify the identity of persons corresponding with you. If you suspect you have received a fraudulent message from a correspondent purporting to represent NVT Phybridge, please contact NVT Phybridge to verify its validity. NVT Phybridge is implementing preventative measures in an effort to help prevent and/or combat these malicious tactics.

NVT Phybridge is headquartered in Oakville, Ontario, Canada; with regional sales managers operating throughout the United States of America, México, Colombia, Europe and India – as well as some regions within Asia and the Middle East. Click here for a full list of sales managers in each region.

NVT Phybridge
3457 Superior Crt, Unit 3
Oakville, Ontario L6L 0C4

Researcher Reveals Multiple Flaws in Verizon Fios Routers — PoC Released

Researcher Reveals Multiple Flaws in Verizon Fios Routers — PoC Released | #TpromoCom #CyberSecurity #Router #Security | A cybersecurity researcher at Tenable has discovered multiple security vulnerabilities in Verizon Fios Quantum Gateway Wi-Fi routers that could allow remote attackers to take complete control over the affected routers, exposing every other device connected to it.

Currently used by millions of consumers in the United States, Verizon Fios Quantum Gateway Wi-Fi routers have been found vulnerable to three security vulnerabilities, identified as CVE-2019-3914, CVE-2019-3915, and CVE-2019-3916.

The flaws in question are authenticated command injection (with root privileges), login replay, and password salt disclosure vulnerabilities in the Verizon Fios Quantum Gateway router (G1100), according to technical details Chris Lyne, a senior research engineer at Tenable, shared with The Hacker News.

To read the remainder of this news article, click here.

Investigator Says Amazon Chief’s Phone Hacked by Saudis

Investigator Says Amazon Chief’s Phone Hacked by Saudis | #TpromoCom #Amazon #Hacker #CyberSecurity | Everyone’s a target sometime when it comes to cybercrime. The art of avoidance where it involves hackers is certainly of great value as we move further into the 21st Century world of digital thuggery and political terrorism.

Here we have a high official with Amazon, Jeff Bezos, who’s cellphone was allegedly hacked by a foreign entity for what could be construed as an effort to uncover the identity of the individual that murdered a Saudi journalist. Bezos owns The Washington Post which investigated the murder.

Photo: by HubSpot

“Bezos hired Gavin de Becker & Associates to find out how his intimate text messages and photos made their way into the hands of the Enquirer, which reported on the Amazon chief’s extramarital affair, leading to his divorce,” says the author of the Security Week story below. The moral of the story is to trust no one, not even your own mobile device. —Al Colombo

The investigator hired to look into the release of intimate images of Jeff Bezos said Saturday he has concluded that Saudi Arabian authorities hacked the Amazon chief’s phone to access his personal data.

Gavin de Becker linked the hack to extensive coverage by The Washington Post newspaper, which is owned by Bezos, of the murder of Saudi journalist Jamal Khashoggi at the kingdom’s consulate in Istanbul last year.

To read the remainder of this news story, click here.

[image] Security professionals in the electronic protection of commercial and residential structures are invited to join other owners and managers in The Security Coaching Forum on Facebook.
Security professionals in the electronic protection of commercial and residential structures are invited to buy and sell their surplus equipment on Facebook. Click on the banner above .

6 Things To Know About the Ransomware That Hit Norsk Hydro

6 Things To Know About the Ransomware That Hit Norsk Hydro | #TpromoCom #Ransomeware #CyberSecurity #Hackers | In just one week, ‘LockerGoga’ has cost the Norwegian aluminum maker $40 million as it struggles to recover operations across Europe and North America.

Dark Reading cybersecurity news website

LockerGoga – the malware that recently disrupted operations at Norwegian aluminum company Norsk Hydro – is the latest example of the rapidly changing nature of ransomware attacks.

CyberSecurity is becoming an extremely important element of online business. Ransomeware is one of the upcoming trends that cause many businesses to falter and fail.

The March 19 attack impacted critical operations in several of Hydro’s business areas across Europe and North America. The attack forced the aluminum maker to resort to manual operations at multiple plants. It crippled production systems belonging to Hydro’s Extruded Solution group in particular, resulting in temporary plant closures and operational slowdowns that are still getting only in the process of getting restored.

In two updates this week, Norsk Hydro described the attack as so far costing it about $40 million.

To read the remainder of this news article, click here.

Tpromo  provides the best in websites and blogs for less money.

NDSU Offers Nation’s First Ph.D. in Cybersecurity Education

NDSU Offers Nation’s First Ph.D. in Cybersecurity Education | #TpromoCom #NDSU #CyberSecurity #Education | The new program focuses on training university-level educators in cybersecurity.

The goal of the program, according to a university statement, is to produce more university-level instructors qualified to teach courses in bachelor’s and master’s degree programs. The university states, “Students get a strong background in core computing concepts – software development, databases, algorithms and artificial intelligence – as well as completing coursework in key cybersecurity areas and educational methods and research.”

To read the remainder of this news article, click here.