this post was submitted on 07 Sep 2023
1 points (100.0% liked)

Cybersecurity News

1326 readers
1 users here now

Welcome to Cybersecurity News!

A community that collect news and other tidbits related to cybersecurity in all its domains.

There are no hard and fast rules regarding what to post here-- we are fine with both pop news articles and more technical pieces regarding cybersecurity.

We use a bot called flynnbot to repost some rss feed content but the majority of posts are human-curated.

New to Cybersecurity?

Here are some resources to get you started:

Related Communities

!security_cpe@infosec.pub
!cybersecurity@zerobytes.monster
!packetstorm@zerobytes.monster
!security@programming.dev
!secops@lemmy.world
!cybersecurity@sh.itjust.works
!netsec@zerobytes.monster
!securitynews@infosec.pub
!cloudsecurity@infosec.pub
!netsec@links.hackliberty.org
!cybersecurity@infosec.pub
!cybersecuritymemes@lemmy.world

founded 1 year ago
MODERATORS
videodrome@lemmy.capebreton.social
flynnbot@lemmy.capebreton.social
1
Code Vulnerabilities Put Proton Mails at Risk (www.sonarsource.com)
submitted 1 year ago by videodrome@lemmy.capebreton.social to c/cybersecurity@lemmy.capebreton.social
2 comments fedilink hide all child comments
 

Key Information

  • In June 2022, the Sonar Research team discovered critical code vulnerabilities in multiple encrypted email solutions, including Proton Mail, Skiff, and Tutanota.

  • These privacy-oriented webmail services provide end-to-end encryption, making communications safe in transit and at rest. Our findings affect their web clients, where the messages are decrypted, mobile clients were not affected.

  • The vulnerabilities would have allowed attackers to steal emails and impersonate victims if they interacted with malicious messages. Nearly 70 million users were at risk on Proton Mail alone.

  • The issue has been fixed and there are no signs of in-the-wild exploitation.

you are viewing a single comment's thread
view the rest of the comments
[–] d_cent@lemm.ee 1 points 1 year ago

Well said. Not to mention the article title calls out Proton but it's basically all the noteworthy e2ee email products. Very click baity