logo
 
  1. Reverse Engineering >
  2. Video >
  3. New Research: Encouraging trends and emerging threats in email security


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

➤ New Research: Encouraging trends and emerging threats in email security

RSS Kategorie Pfeil Video vom | Quelle: feedproxy.google.com Direktlink öffnen Nachrichten Bewertung

Posted by Elie Bursztein, Anti-Fraud and Abuse Research and Nicolas Lidzborski, Gmail Security Engineering Lead

We’re constantly working to help make email more secure for everyone. These efforts are reflected in security protections like default HTTPS in Gmail as well as our Safer Email Transparency report, which includes information about email security beyond just Gmail.

To that end, in partnership with the University of Michigan and the University of Illinois, we’re publishing the results of a multi-year study that measured how email security has evolved since 2013. While Gmail was the foundation of this research, the study’s insights apply to email more broadly, not unlike our Safer Email Transparency report. It’s our hope that these findings not only help make Gmail more secure, but will also be used to help protect email users everywhere as well.

Email security strengthens, industry-wide

The study showed that email is more secure today than it was two years ago.

Here are some specific findings:
Newer security challenges and how we can address them

Our study identified several new security challenges as well.

First, we found regions of the Internet actively preventing message encryption by tampering with requests to initiate SSL connections. To mitigate this attack, we are working closely with partners through the industry association M3AAWG to strengthen “opportunistic TLS” using technologies that we pioneered with Chrome to protect websites against interception.

Second, we uncovered malicious DNS servers publishing bogus routing information to email servers looking for Gmail. These nefarious servers are like telephone directories that intentionally list misleading phone numbers for a given name. While this type of attack is rare, it’s very concerning as it could allow attackers to censor or alter messages before they are relayed to the email recipient.

While these threats do not affect Gmail to Gmail communication, they may affect messaging between providers. To notify our users of potential dangers, we are developing in-product warnings for Gmail users that will display when they receive a message through a non-encrypted connection. These warnings will begin to roll-out in the coming months.

All email services—Gmail included—depend on the trust of their users. Partnering with top researchers helps us make the email ecosystem as a whole safer and more secure for everyone. Security threats won’t disappear, but studies like these enable providers across the industry to fight them with better, more powerful protections today and going forward.

[This work was made possible thanks to the contribution of many Googlers including Vijay Eranti, Kurt Thomas, John Rae-Grant, and Mark Risher.]

...

➥ Externe Webseite mit kompletten Inhalt öffnen

Kommentiere zu New Research: Encouraging trends and emerging threats in email security






➤ Ähnliche Beiträge

  • 1.

    Using ML to Stop Latent Email Attacks That Dodge Early Detection

    vom 226.6 Punkte ic_school_black_18dp
    Editor's Note: This blog post was originally found on the Agari Email Security blog. https://i.redd.it/7c4i38jbupc31.png By Scot Kennedy When implemented effectively, real-world deployments of machine learning (ML)-based email security can block
  • 2.

    HPR2828: Writing Web Game in Haskell - Science, part 2

    vom 173.19 Punkte ic_school_black_18dp
    Intro Last time we looked how to model technology and research. This time we’ll do some actual research. I’m skipping over some of the details as the episode is long enough as it is. Hopefully it’s still possible to follow with the show notes.
  • 3.

    Whitelisting Won't Protect You From BEC... Here's Why

    vom 148.12 Punkte ic_school_black_18dp
    Editor's Note: This blog post was originally found on the Agari Email Security blog. https://i.redd.it/y1e9f0fjcen31.png By Armen Najarian The 250% increase in business email compromise (BEC) scams over the past year should concern every organ
  • 4.

    AA18-284A: Publicly Available Tools Seen in Cyber Incidents Worldwide

    vom 121.43 Punkte ic_school_black_18dp
    Original release date: October 11, 2018Summary This report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States.[1][2][3][4][5] In it we highlight the use of five publicly
  • 5.

    Businesses Grow More Vulnerable to Email Attacks, Even with Improved Defenses

    vom 117.78 Punkte ic_school_black_18dp
    Editor's Note: This post can originally be found on the Agari Email Security blog. ​ https://i.redd.it/lwn4jicgn3b31.png By Patrick Peterson ​ Cybercriminals increasingly use new forms of identity deception to launch an email attack to target y
  • 6.

    Azure.Source – Volume 58

    vom 115.51 Punkte ic_school_black_18dp
    Now in preview Update 18.11 for Azure Sphere in public preview This is an update to the Azure Sphere Operating System, Azure Sphere Security Service, and Visual Studio development environment. This release includes substantial investments in our s
  • 7.

    The Threat Taxonomy: A Working Framework to Describe Cyber Attacks

    vom 113.45 Punkte ic_school_black_18dp
    Editor's Note: This blog post was originally found on the Agari Email Security blog. https://i.redd.it/emc5io3b86u31.png By Crane Hassold Imagine going to the doctor and only being able to say “pain” or “sick”. You can’t say where you feel t
  • 8.

    Azure.Source – Volume 60

    vom 112.8 Punkte ic_school_black_18dp
    Now in preview Simplifying security for serverless and web apps with Azure Functions and App Service New security features for Azure App Service and Azure Functions reduce the amount of code you need to work with identities and secrets under management. Key Vault r
  • 9.

    The Malicious Use of Artificial Intelligence in Cybersecurity

    vom 109.01 Punkte ic_school_black_18dp
    Criminals and Nation-state Actors Will Use Machine Learning Capabilities to Increase the Speed and Accuracy of Attacks Scientists from leading universities, including Stanford and Yale in the U.S. and Oxford and Cambridge in the UK, together with civil socie
  • 10.

    USN-3415-2: tcpdump vulnerabilities

    vom 108.76 Punkte ic_school_black_18dp
    Ubuntu Security Notice USN-3415-2 13th September, 2017 tcpdump vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in tcpdump Software description tcpdump
  • 11.

    USN-3415-1: tcpdump vulnerabilities

    vom 108.52 Punkte ic_school_black_18dp
    Ubuntu Security Notice USN-3415-1 13th September, 2017 tcpdump vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixe
  • 12.

    BIMI Moves Forward as Google Commits to Pilot Program

    vom 106.96 Punkte ic_school_black_18dp
    Editor's Note: This blog post was originally found in the Agari Email Security blog. https://i.redd.it/1wr50acjppc31.png By Armen Najarian BIMI is going big time like never before—and brands won’t want to get left behind. In a major announ