this post was submitted on 07 Sep 2023
17 points (100.0% liked)

Cybersecurity News

51 readers
1 users here now

Welcome to Cybersecurity News!

A community that collect news and other tidbits related to cybersecurity in all its domains.

There are no hard and fast rules regarding what to post here-- we are fine with both pop news articles and more technical pieces regarding cybersecurity.

We use a bot called flynnbot to repost some rss feed content but the majority of posts are human-curated.

New to Cybersecurity?

Here are some resources to get you started:

Related Communities

!security_cpe@infosec.pub
!cybersecurity@zerobytes.monster
!packetstorm@zerobytes.monster
!security@programming.dev
!secops@lemmy.world
!cybersecurity@sh.itjust.works
!netsec@zerobytes.monster
!securitynews@infosec.pub
!cloudsecurity@infosec.pub
!netsec@links.hackliberty.org
!cybersecurity@infosec.pub
!cybersecuritymemes@lemmy.world

founded 1 year ago
MODERATORS
videodrome@lemmy.capebreton.social
flynnbot@lemmy.capebreton.social
17
Code Vulnerabilities Put Proton Mails at Risk (www.sonarsource.com)
submitted 1 year ago by videodrome@lemmy.capebreton.social to c/cybersecurity@lemmy.capebreton.social
2 comments fedilink hide all child comments
 

Key Information

  • In June 2022, the Sonar Research team discovered critical code vulnerabilities in multiple encrypted email solutions, including Proton Mail, Skiff, and Tutanota.

  • These privacy-oriented webmail services provide end-to-end encryption, making communications safe in transit and at rest. Our findings affect their web clients, where the messages are decrypted, mobile clients were not affected.

  • The vulnerabilities would have allowed attackers to steal emails and impersonate victims if they interacted with malicious messages. Nearly 70 million users were at risk on Proton Mail alone.

  • The issue has been fixed and there are no signs of in-the-wild exploitation.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] Xyz@infosec.pub 17 points 1 year ago (1 children)

Discovered, reported and fixed shortly after. The headline is catchy but the article is more about the process of how it all went down last year.

Also found this noteworthy:

"We would like to thank the Proton Mail team for their fast and professional handling of our report. They also awarded us with a $750 USD bug bounty, which we happily donated to charity."

[โ€“] d_cent@lemm.ee 8 points 1 year ago

Well said. Not to mention the article title calls out Proton but it's basically all the noteworthy e2ee email products. Very click baity