Gmail Adds Easy Encryption Toggle—But It’s Not True E2EE

Google just rolled out a beta encryption feature for Gmail enterprise users that simplifies secure communication:
・Toggle encryption from the email draft window
・No S/MIME exchange required
・Third-party inbox support coming later this year

But there’s a catch:
This isn’t true end-to-end encryption
Admins still control the keys and can monitor user content
Data is more secure in transit, but not completely private

IT leaders should evaluate the trade-offs: this new system offers better usability, but still requires trust in Google’s infrastructure and policies.

https://www.theverge.com/news/640422/google-gmail-email-encryption-enterprise-beta

How can a DNS mail record be used to trick you into giving up your login credentials?

Researchers at Infoblox have identified a phishing-as-a-service (PhaaS) platform called Morphing Meerkat that’s been quietly operating for over five years. What makes it notable is its use of DNS MX (Mail Exchange) records in ways rarely reported before. Instead of the usual static phishing page setups, Morphing Meerkat queries the victim’s email provider’s MX record—using DNS-over-HTTPS via Google or Cloudflare—to tailor the phishing page dynamically. This means victims are shown spoofed login interfaces that mimic the exact service they use, complete with matching branding and pre-filled email fields.

The platform supports more than 114 brand templates and uses obfuscated JavaScript to evade detection. It also includes built-in translation capabilities based on browser profile or geolocation, making the fake login pages appear native to the user's language. Earlier versions began in 2020 targeting just five email services (Gmail, Outlook, Yahoo, AOL, Office 365). By mid-2023, they could generate phishing pages dynamically using MX records and now operate in over a dozen languages.

Morphing Meerkat campaigns rely on a set of centralized email servers, primarily hosted by UK ISP iomart and US-based HostPapa, indicating a coordinated infrastructure rather than a loose network of attackers. The phishing emails often impersonate trusted services—banks, shipping companies, etc.—and are distributed using compromised WordPress sites, open redirects from platforms like Google’s DoubleClick, and embedded links in shortened URLs.

Once a user submits credentials, the system may display a fake “Invalid Password” error to lure them into re-entering data, after which they are redirected to the real login page. This not only reduces suspicion but also increases the chance of capturing correct credentials. Stolen data is sent back via AJAX, PHP scripts, or Telegram bots, sometimes with evidence removed in real-time.

This operation shows a deep understanding of modern security blind spots—including how content delivery and DNS infrastructure can be turned against end users.

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

Free Cybersecurity Webcasts from SANS — Now Open for Registration!

SANS Institute has released its latest schedule of free, expert-led webcasts throughout 2025. Topics span the most critical areas of cybersecurity today:

Microsoft Defender for Cloud – Best practices & insights
ICS Security & Management of Change – Resilience and risk
Threat Intelligence & SOC Trends – Based on global survey data
Multicloud & GenAI Security – How organizations are adapting
Attack Surface Management – Stay ahead of hacker tactics

Flexible live or on-demand viewing
Earn CPE credits
Stay current on the latest in cyber

This is a great opportunity for pros at all levels to grow their skills and stay sharp in a fast-evolving field.

#CyberSecurity #SANS #ProfessionalDevelopment #FreeTraining #ThreatIntel #SOC #CloudSecurity
@sans_isc
@sans_isc@mastodon.social

https://view.email.sans.org/?qs=69e0423f47b163c10422e42e78f288b1ccd6a87e76506420328fda341009ee42763f21ede68cb31569b62cbbaa38aa3792a19b908f03af20cdaeca844e5fa9ec285d2bb1d239bbb0bfc583cd46493f984d8f5f21647ae6b7

Hot take, If you develop for cloud environments you need to get used to a default deny on egress and only allow dependencies to be pulled during the build phase. You should know exactly what is talking to where and why. allow all on egress is the equivalent to I chmod 777'd it and it works so whatever...

I am curating the Supply Chain Security track at #Rootconf2025!

Got stories, tools, or lessons from the trenches? Come speak — or just show up and learn.

hasgeek.com/rootconf/2025/

Spring is here – and so is our Spring Sale!

From March 20 to 31, get 25%* off #Cryptomator and Cryptomator Hub!

No subscription, no hidden fees – just one-time encryption security for your cloud files.

Now only €14.99!*

Hurry! Offer ends on World Backup Day, March 31.

Learn more: https://cryptomator.org/blog/2025/03/20/spring-sale/?utm_source=mastodon&utm_medium=social&utm_campaign=spring-sale

*Discount and final price may vary by region.

Hey everyone, does this sound familiar? You install a Python package and suddenly feel like you've been robbed blind?

Right now, there's a nasty campaign going on targeting PyPI, and it's misusing "time" utilities to swipe cloud credentials. Get this – it's already had over 14,000 downloads! The malware hides in packages that are *supposed* to just check the time. But instead, they're snatching cloud keys (AWS, Azure, the works) and sending them straight to the bad guys.

Honestly, it reminds me of a pentest we did where we *almost* missed a similar camouflage trick. Seriously creepy! So, heads up: Double-check your dependencies, run those scans, review your cloud configurations, and above all, be suspicious! And hey, just a friendly reminder: automated scans are no substitute for a manual pentest!

Have you run into anything similar? What tools are you using to beef up your security? Let's chat about it!

No More End-to-End Encryption for iCloud in the UK!

#Apple halts Advanced Data Protection under government pressure. Your iCloud files? No longer fully encrypted.

Take back control – encrypt your files before uploading! Cryptomator keeps your data private, no matter what Big Tech decides.

Read more: https://cryptomator.org/blog/2025/02/25/apple-bows-to-pressure-by-uk-government/?utm_source=mastodon&utm_medium=social&utm_campaign=apple_uk_govt

19:00 GMT tomorrow night #CloudSecurity #Cloud #VulnerabilityResearch https://www.linkedin.com/events/allyouneedisread-disclosingclou7300119354476498944/comments/

Encrypt Your Cloud Data with Cryptomator: Security 101

https://neat.tube/videos/watch/b1ff1f74-e825-4568-9acd-f29a56703439

Data Privacy Day 2025: Protect Your Data!

Cyberattacks are on the rise – now is the perfect time to secure your data. With Cryptomator, encrypt your files before uploading them to the cloud. Simple, secure, open-source.

Celebrate Data Privacy Day by taking the first step towards safeguarding your privacy!

Massive Data Breach Exposes Personal Information of Millions in Education Sector

A significant data breach at PowerSchool has compromised the personal information of millions of students and educators across North America. With sensitive data including Social Security numbers and ...

https://news.lavx.hu/article/massive-data-breach-exposes-personal-information-of-millions-in-education-sector

Big News: Introducing Stratoshark – "Wireshark for the Cloud"!

Today, we're thrilled to unveil Stratoshark, the next evolution in system visibility, designed for cloud-native environments. Built on the open-source legacy of Wireshark and Falco, Stratoshark delivers unmatched cloud observability with tools you already know and trust.

With Stratoshark, devops teams can:

• Analyze cloud system calls and logs with Wireshark-like granularity.
• Bridge the visibility gap between traditional networks and dynamic cloud workloads.
• Combine Wireshark's rich insights with Falco's real-time cloud security.

Download now and learn more: https://stratoshark.org/

#Stratoshark #Wireshark #CloudSecurity #Falco #Sysdig @sysdig

Start the new year by securing your data!

With encryption, protecting your cloud files is simple and effective. Just a password and a few clicks—it's that easy!

Learn about how encryption works, the different types, and how Cryptomator keeps your data safe.

Did you know a simple audio message could exploit your phone's security?

Here's the situation: Cybersecurity experts have uncovered a critical vulnerability in Samsung smartphones running Android 12, 13, and 14. This flaw, identified as CVE-2024-49415 with a severity score of 8.1, affects the Monkey's Audio (APE) decoder in Samsung devices. Left unpatched, it allows attackers to execute arbitrary code remotely—without any action from the user.

The issue resides in a library called `libsaped.so`, where input data was improperly validated. Attackers could send a specially crafted APE audio file via Google Messages if Rich Communication Services (RCS) is enabled. On Galaxy S23 and S24 phones (using RCS by default), this triggers a crash in the media codec process by overflowing a buffer used for audio decoding. Natalie Silvanovich from Google's Project Zero broke down how this occurs with detailed specifics about how the decoder writes out-of-bounds data, making it possible for malicious code to execute.

Samsung patched this vulnerability in its December 2024 update, adding stricter input validation measures. However, a second significant flaw in SmartSwitch (CVE-2024-49413, scoring 7.1) also came to light. This one allowed local attackers to install unauthorized apps due to weak cryptographic signature checks.

If you're using an affected Samsung device, updating to the latest December 2024 patch is essential. These technical oversights highlight the importance of regular updates to safeguard against evolving attack methods.

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

How secure are your browser extensions?

A recent attack campaign has compromised at least 16 Chrome browser extensions, potentially exposing over 600,000 users to credential theft and data breaches. The attack exploited the extensive permissions granted to these extensions, demonstrating how they can be a weak link in web security systems.

The breach was initiated through a phishing scheme targeting extension publishers on the Chrome Web Store. Once attackers gained access, they implanted malicious code into legitimate extensions, enabling them to steal cookies, user access tokens, and other sensitive data. This malicious code communicated with an external Command and Control (C&C) server, allowing hackers to download additional configurations and exfiltrate stolen data.

Cybersecurity firm Cyberhaven was one of the first known victims. Its browser extension was compromised, and its malicious version remained active for about 24 hours before being removed. However, security experts warn that removing the extension from the Chrome Web Store doesn't entirely resolve the threat. If the compromised extension remains installed on user devices, it could still exfiltrate data.

The attack was not isolated to Cyberhaven. Security researchers identified several other compromised extensions during their investigation, including popular tools like AI Assistant - ChatGPT and Gemini for Chrome, Bard AI Chat Extension, Search Copilot AI Assistant, and multiple VPN-related extensions. These extensions were found communicating with the same C&C server involved in the Cyberhaven breach, signaling a broad, targeted campaign.

Researchers have discovered that the malicious code in Cyberhaven's extension targeted identity data and access tokens associated with Facebook accounts, specifically Facebook business accounts. This highlights the potential risk these attacks pose to both individual users and organizations relying on such accounts for operations.

Security experts criticize the widespread complacency around browser extension security. Most organizations lack visibility into the extensions installed across their devices, leaving them vulnerable. Since browser extensions often require broad permissions, such as access to cookies or identity information, they represent an overlooked but significant source of risk.

While some extensions have been updated or removed, this incident underscores broader challenges in managing browser extension security. Organizations and users alike must closely monitor installed extensions, limit unnecessary permissions, and remain vigilant against similar threats. The scope and sophistication of this campaign raise serious concerns about the future integrity of browser-based tools.

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

What do UFOs and cloud security have in common? It’s all about distinguishing fact from fiction!

Join us for, “Unexplained Cloud Phenomenon: What the resurgence of UFOs can teach us about cloud security,” where experts from Corelight, AWS, and CrowdStrike share their insights on cloud SecOps.

You'll learn:
How to avoid cloud security misinformation
The role of high-quality data in securing your cloud environments
Practical tips from experts in the field

Mark your calendars for January 28, 2025 at 10 AM PT!
Register now: https://go.corelight.com/unexplained-cloud-phenomenon

★ Do you get excited or upset about AWS SCPs, or GCP Org Policies?
★ Do you have experience solving cloud security challenges to enable software engineering teams?
★ Do you downplay your cloud security knowledge but actually you know a lot of niche oddities of cloud IAM?
★ Do you like working in diverse security teams that care about your wellbeing?
★ Do you want to get paid to work on cloud security for one of the most sophisticated AWS environments in the world?

This may be the right role for you! I'm hiring a Cloud Security Engineer (L5) for Netflix Cloud Security.
https://explore.jobs.netflix.net/careers/job/790300140296
#Hiring #CloudSecurity

New series: Cloud Myths Debunked

We're busting common myths around cloud services! In our first post, we tackle the question: is cloud storage really insecure? Spoiler: With the right measures and tools like Cryptomator, your privacy is well-protected!

Stay tuned to uncover the truth behind more myths.

I'm teaming up with the folks at Sysdig, for "AI hijacked this webinar".

AI - what threat does it pose to your company's security AND how might you use AI to defend your company against cloud security threats?

Register now: https://grahamcluley.com/hijacked and join me, and Sysdig expert @zatomas for the webinar on Tuesday 5 Nov at 11 o'clock UK time (that's 12 o'clock CET)

I look forward to seeing you there.