Security News

"The LNK file triggered the first element of the novel technique used in this infection chain for distributing IDAT Loader. The LNK file was using mshta.exe to execute what appeared to be a 'PGP Secret Key,' hosted again on Bunny CDN," Kroll's threat analysts found. Static analysis of that file showed that it was not a PGP key, but a combination of junk bytes, an embedded HTA file and an embedded EXE file.

Two researchers are being singled out in what are called PGP poisoning or flood attacks that render the authentication tool unusable for victims.

Encryption should be the go-to standard for securing communications, such as email. Unfortunately, the user-facing technology that works with PGP is flawed. Jack Wallen explains.

EFAIL furore not over yet, even though it's easy to fix ProtonMail has weighed into 2018's worst branded-bug PR disaster, EFAIL with a simple statement: “PGP is not broken”.…

If a hacker can get into your inbox of ciphered messages, they may be able to read the content Security researchers have gone public with vulnerabilities in some secure mail apps that can be...

Researchers punch hole in encryption classics Security researchers are going public with a vulnerability that is leaving some secure mail apps vulnerable to decryption.…

A new PGP vulnerability was announced today. Basically, the vulnerability makes use of the fact that modern e-mail programs allow for embedded HTML objects. Essentially, if an attacker can...

With a heavy heart, security researchers have early released the details of a set of vulnerabilities discovered in email clients for two widely used email encryption standards—PGP and S/MIME—after...

EFF is reporting that a critical vulnerability has been discovered in PGP and S/MIME. No details have been published yet, but one of the researchers wrote: We'll publish critical vulnerabilities...

The vulnerability, called EFAIL, is exploitable against encrypted email, including previously transmitted mail, according to researchers.