News of a potentially serious S/MIME and PGP vulnerability was released today. The proposed attack works by modifying an encrypted email in a very specific way, either while in transit, or in the victim’s email account. The victim’s email client then decrypts the message and attempts to load an external link...
We’re now entering the final “25 Days of GDPR” countdown; and by May 25th your organization must be compliant with all of the General Data Protections Regulations (“the GDPR”) or face stiff penalties for non-compliance. Although the regulation is technically only applicable to data of EU residents, because of the...
Traditional certificate-based S/MIME email encryption is “end-to-end.” Encryption and Decryption is done at the mail client level. This technique provides excellent confidentiality and authenticity since the emails are stored encrypted on the email server and clients. However, there are significant difficulties to S/MIME implemented at the mail client level. Private...
The landscape of email security is set to radically change in the next few years. The entire industry of email encryption and DLP was driven almost exclusively by privacy regulations enacted in the late 90’s and early 2000’s. It’s hard to believe we are almost 20 years removed, but are...
UPDATE 1/22/2018: Due to instabilities found in some Intel based servers operating with microcode patches, multiple vendors including VMware and Redhat Enterprise Linux have reverted their microcode patches. As a result, many servers will still be vulnerable to one version of the Spectre attack (CVE-2017-5715), even after updating their hypervisors...
According to a press release today, the North Carolina Department of Health and Human services (DHHS) is notifying affected individuals of a security incident where a spreadsheet containing personal information of about 6,000 people was accidentally sent via an unencrypted email. The spreadsheet contained names, social security numbers and drug...
One of the biggest vulnerabilities to a user’s private data is weak authentication mechanisms, most commonly weak passwords and poor password management requirements. Even when the traditional ‘strict’ password policies are enforced (8+ characters, alpha-numeric requirements, special character requirement, and password lifetimes), users often choose predictable and therefore easily crack-able...
On September 7th, Equifax announced that one of its web applications had a vulnerability that exposed the records of approximately 143 million American consumers from a period of mid-May through July 2017. The exposed information included extremely sensitive personally identifiable information (PII) such as “Social Security numbers, birth dates, addresses...
New York state has made history as the first state to enact a set of cybersecurity regulations for all entities who do business with the state. The regulations that first took effect in March this year (23 NYCRR Part 500) are now mandatory starting August 28th. These regulations now require...
The news of law firm giant DLA Piper being nearly crippled by the latest ‘Petya’ Ransomware attack is sending shock waves through the legal community. Historically slow to adopt new technologies especially in the arena of internet security, this may be the wake-up call the community needs to evaluate the...
Copyright © 2022 GlobalCerts LLC, All Rights Reserved Site Map | Privacy Policy | Legal Disclaimer