Hacker Breaks Into French Government's New Secure Messaging App

Hacker Breaks Into French Government's New Secure Messaging App

Dubbed " Tchap ," the end-to-end encrypted, open source messaging app has been created by the French government with an aim to keep their officials, parliamentarians and ministers data on servers inside the country over concerns that foreign agencies could use other services to spy on their communications.

Unsecured Databases Leak 60 Million Records of Scraped LinkedIn Data

Unsecured Databases Leak 60 Million Records of Scraped LinkedIn Data

Between all eight databases, there was a combined total of approximately 60 million records that contained what appeared to be scraped public information of LinkedIn users.

Facebook accidentally scraped the email contacts of 1.5 million users

Facebook accidentally scraped the email contacts of 1.5 million users

"Last month we stopped offering email password verification as an option for people verifying their account when signing up for Facebook for the first time," a Facebook spokesperson said an a statement to Mashable.

Google’s Infinite Reach – How Google Builds a Profile on Everyone

Google’s Infinite Reach – How Google Builds a Profile on Everyone

This article breaks down some of the services that Google uses to build profiles about users, and discusses how these servers threaten the privacy of users without their consent .

How To Stop Using Free Email

How To Stop Using Free Email

So for most free services like Gmail, Yahoo, or Hotmail, you're not going to be able to use your existing email address with a different email provider. The next thing you want to do is update all your online accounts that use your old address to contact you.

Hackers Could Read Your Hotmail, MSN, and Outlook Emails by Abusing Microsoft Support

Hackers Could Read Your Hotmail, MSN, and Outlook Emails by Abusing Microsoft Support

But the issue is much worse than previously reported, with the hackers able to access email content from a large number of Outlook, MSN, and Hotmail email accounts, according to a source who witnessed the attack in action and described it before Microsoft’s statement, as well as screenshots provided to Motherboard.

Microsoft discloses security breach that impacted some Outlook accounts

Microsoft discloses security breach that impacted some Outlook accounts

Chinese companies have leaked over 590 million resumes via open databases Over 540 million Facebook records found on exposed AWS servers According to Microsoft, between January 1, 2019, and March 29, 2019, a hacker, or group of hackers, compromised the account of a Microsoft support agent, one of the company's customer support representatives that handles technical complaints.

Two in Three Hotel Websites Leak Guest Booking Details and Allow Access to Personal Data

Two in Three Hotel Websites Leak Guest Booking Details and Allow Access to Personal Data

Since the email requires a static link, HTTP POST web requests are not really an option, meaning the booking reference code and the email are passed as arguments in the URL itself.

Avoiding consumer lock-in with the decentralised web

Avoiding consumer lock-in with the decentralised web

Because Weavemail lives on Arweave’s permaweb, you can be confident that as long as you know the address of this transaction, and there is an available Arweave node to serve it to you, your access to this mail client as it currently exists simply cannot be denied, or changed.

Another scandal: Facebook user data reportedly at risk again

Another scandal: Facebook user data reportedly at risk again

Though At The Pool shut down in 2014, UpGuard wrote that, “this should offer little consolation to the app’s end users whose names, passwords, email addresses, Facebook IDs and other details were openly exposed for an unknown period of time.”.

Want a Facebook account? Just hand over your private email password

Want a Facebook account? Just hand over your private email password

After all, it was Facebook that stored half a billion users’ passwords on its servers in unencrypted plaintext for seven years - then told users not to worry, because its employees were trustworthy (those employees who weren’t calling the users “dumb f**ks,” that is).

Losing Face: Two More Cases of Third-Party Facebook App Data Exposure

Losing Face: Two More Cases of Third-Party Facebook App Data Exposure

A separate backup from a Facebook-integrated app titled “At the Pool” was also found exposed to the public internet via an Amazon S3 bucket. The At the Pool discovery is not as large as the Cultura Colectiva dataset, but it contains plaintext (i.e. unprotected) Facebook passwords for 22,000 users.

Facebook Caught Asking Some Users Passwords for Their Email Accounts

Facebook Caught Asking Some Users Passwords for Their Email Accounts

However, Facebook has been found asking some newly-registered users to provide the social network with the passwords to their email accounts, which according to security experts is a terrible idea that could threaten privacy and security of its users.

‘Beyond Sketchy’: Facebook Demanding Some New Users’ Email Passwords

‘Beyond Sketchy’: Facebook Demanding Some New Users’ Email Passwords

Just two weeks after admitting it stored hundreds of millions of its users’ own passwords insecurely, Facebook is demanding some users fork over the password for their outside email account as the price of admission to the social network.

Email Trackers Are Watching Your Inbox. Here's How To Block Them.

Email Trackers Are Watching Your Inbox. Here's How To Block Them.

It was under this mounting frustration and anxiety that, on the recommendation of a fellow freelancer, I downloaded a tool originally meant for marketers but increasingly used by people who want to know if and when someone had actually seen their casually desperate “just following up” message: an email tracker.

This Spyware Data Leak Is So Bad We Can't Even Tell You About It

This Spyware Data Leak Is So Bad We Can't Even Tell You About It

A company that sells consumer-grade software that lets customers spy on other people’s calls, messages, and anything they do on their cell phones left more than 95,000 images and more than 25,000 audio recordings on a database exposed and publicly accessible to anyone on the internet.

Gmail's end-to-end encryption project is dead. Start using end-to-end encryption!

Gmail's end-to-end encryption project is dead. Start using end-to-end encryption!

Two years ago, Google has silently handed the project E2EMail which was started to enable easy end-to-end encryption in Gmail via a browser extension to "the open source community". Three years earlier, Google had announced that they are building an end-to-end encrypted Chrome plugin to automatically encrypt emails between Gmail users.

Sandboxing and DMARC Authentication Added to SpamTitan Email Security Solution

Sandboxing and DMARC Authentication Added to SpamTitan Email Security Solution

This week, TitanHQ has rolled out two new features for its award-winning email security solution SpamTitan: Sandboxing and DMARC email authentication. SpamTitan now incorporates DMARC authentication to provide even greater protection against email spoofing attacks.

Why Phone Numbers Stink As Identity Proof — Krebs on Security

Why Phone Numbers Stink As Identity Proof — Krebs on Security

Nixon said countless companies have essentially built their customer authentication around the phone number, and that a great many sites still let users reset their passwords with nothing more than a one-time code texted to a phone number on the account.

EM Client

EM Client

Most folks usually write something when they want to complain - I do as well (LOL) - but I also like to say Thank You when you get a real good and well supported piece of software. Neil Martin Just a note to say thanks for building a damn good email client to replace Outlook.

The Ten Commandments of crypto security – By Panama Crypto

The Ten Commandments of crypto security – By Panama Crypto

Two-factor authentication (2FA), keeps hackers, phishing, attempts at bay because once it is enabled on your email account, anybody that tries to break into your email would need to have physical or remote access to the device you have the 2FA app installed (either Google Authenticator or Authy) in order to produce the Time-based One-Time Passcode (TOTP) directly within the app.

Russia blocks encrypted email provider ProtonMail

Russia blocks encrypted email provider ProtonMail

Russia’s crackdown on the internet intensified in 2014 when it ratified a law ordering tech companies operating in the country to store Russian data within its borders.

A Deep Dive on the Recent Widespread DNS Hijacking Attacks — Krebs on Security

A Deep Dive on the Recent Widespread DNS Hijacking Attacks — Krebs on Security

Talos said the perpetrators of DNSpionage were able to steal email and other login credentials from a number of government and private sector entities in Lebanon and the United Arab Emirates by hijacking the DNS servers for these targets, so that all email and virtual private networking (VPN) traffic was redirected to an Internet address controlled by the attackers.

An email marketing company left 809 million records exposed online

An email marketing company left 809 million records exposed online

Last week, security researchers Bob Diachenko and Vinny Troia discovered an unprotected, publicly accessible MongoDB database containing 150 gigabytes of detailed, plaintext marketing data—including 763 million unique email addresses.

An Email Marketing Company Left 809 Million Records Exposed Online

An Email Marketing Company Left 809 Million Records Exposed Online

Last week, security researchers Bob Diachenko and Vinny Troia discovered an unprotected, publicly accessible MongoDB database containing 150 gigabytes-worth of detailed, plaintext marketing data—including 763 million unique email addresses. The database, owned by the "email validation" firm Verifications.io, was taken offline the same day Diachenko reported it to the company.

ProtonMail vs Mailbox.org comparison

ProtonMail vs Mailbox.org comparison

It’s the method you can use with Mailbox.org’s webmail and with any standard PGP capable email client. To enable inbox encryption, you’ll need to set a public PGP key which Mailbox.org will use to encrypt all incoming emails before storing them in your inbox.

Facebook Still Wants Your Friends to Engage When You’re Dead

Facebook Still Wants Your Friends to Engage When You’re Dead

The platform offers the option to your family members to either delete or archive your account as a “memorial page.” (Family members will need to provide documentation to Facebook in order to make any changes to your account.) Now, Facebook is adding a new feature that will allow people to continue posting on your memorialized page in tribute.

Microsoft Describes How Government Hackers Stole ‘Large Sums’ From Financial Firms

Microsoft Describes How Government Hackers Stole ‘Large Sums’ From Financial Firms

LISTEN TO ARTICLE 1:35 SHARE THIS ARTICLE Share Tweet Post Email Email Photographer: SeongJoon Cho/Bloomberg Photographer: SeongJoon Cho/Bloomberg It’s a short -- but startling -- passage tucked inside Microsoft Corp.’s periodic cybersecurity report: State-sponsored hackers attacked several financial services firms and stole “large sums of cash.” The account provides another reminder that hackers are successfully preying on parts of an industry where customer confidence is paramount, and that’s sometimes reluctant to disclose serious attacks.

Data breach at UConn Health affects 326k patients

Data breach at UConn Health affects 326k patients

Healthcare Data Breach Hack Sensitive data accessed after employee email accounts hacked A security incident at US medical center UConn Health may have exposed the sensitive details of more than 326,000 patients.

Facebook planned to spy on Android phone users, internal emails reveal

Facebook planned to spy on Android phone users, internal emails reveal

According to internal emails published on Github, Facebook planned to use its Android app to match users’ location data with mobile phone base station IDs to deliver “location-aware” products.

More