Categories Topics
Description
Electronic Messaging Security

Overview
Information pertaining to Electronic Messaging should be protected.  Forms of electronic messaging include, but not limited to e-mail, instant messaging, and social networking forums.

Guidelines
General guidelines and considerations should include the following controls as needed for proper security of electronic messages (or "messages") to include:
  • Messages should be protected from unauthorized modification.  Methods of controls include encryption of sensitive information contained in messages (e.g., TLS or AES256 encryption); see topic "Encryption" for more details.
  • Messages are protected from unauthorized access
  • Ensure messages are transported to the correct address or destination
  • Ensure availability of the service (e.g. redundant e-mail servers, mail relays, etc.)
  • Messaging must meet legal and regulatory requirements
  • Ensure individuals use approved messaging solutions for conducting company business
  • Appropriate approval prior to using external public services (e.g. social networking, file sharing, or instant messaging)
  • Strong authentication (e.g. two-factor tokens) controlling access from remote locations or public accessible networks.


Topic Category
Operations and Communications Management
 
News Articles
FBI announces arrest of 74 email fraudsterswww.zdnet.com6/11/2018
Hackers continue to exploit hijacked MailChimp accounts in cybercrime campaignshotforsecurity.bitdefender.com3/15/2018
Adobe accidentally releases private PGP keywww.zdnet.com9/25/2017
711 million email addresses ensnared in 'largest' spambotwww.zdnet.com8/29/2017
Malware Using Facebook Messenger to Serve up Multi-Platform Threatswww.tripwire.com8/25/2017
Zerodium Offers $500K for Secure Messaging App Zero Daysthreatpost.com8/24/2017
DMARC anti-phishing standard adoption is lagging even in big firmswww.theregister.co.uk8/24/2017
Google wants iOS Gmail users to think twice about following suspicious linkswww.helpnetsecurity.com8/14/2017
Hundreds of companies expose PII, private emails through Google Groups errorwww.zdnet.com7/24/2017
UK Parliament hack: Really, a brute-force attack? Really?www.theregister.co.uk6/26/2017
Verizon Messages App Allowed XSS Attacks Over SMSwww.securityweek.com5/22/2017
Malspam Campaign Personalizes Emails with Recipient’s Name and Addresswww.tripwire.com3/30/2017
UK official wants police access to WhatsApp messageswww.computerworld.com3/27/2017
Germans, Czechs served with banking malware through SMSwww.helpnetsecurity.com2/28/2017
Google to Block .js Attachments in Gmailthreatpost.com1/26/2017
Email Slip-Up Exposes 60,000 Bank Customers’ Account Detailswww.tripwire.com1/10/2017
Critical flaw in PHPMailer library puts millions of websites at riskwww.computerworld.com12/28/2016
Apple gives iOS app developers more time to encrypt communicationswww.networkworld.com12/23/2016
New Wave of Hailstorm Spam Pelts Inboxesthreatpost.com12/21/2016
Hackers reportedly use Punycode to bypass Office 365 phishing filters; Microsoft denies storywww.scmagazine.com12/19/2016
Clever Gmail Hack Let Attackers Take Over Accountsthreatpost.com11/8/2016
Encrypted communications could have an undetectable backdoorwww.computerworld.com10/11/2016
MarsJoke ransomware distributed via Kelihos, targets U.S. state, fed gov't agencieswww.scmagazine.com9/26/2016
Spam is once again on the risewww.helpnetsecurity.com9/22/2016
Bill Clinton Staffer’s Email Was Breached on Hillary’s Private Server, FBI Sayswww.wired.com9/2/2016
ACSC Releases Risk Mitigation Strategies Against Malicious Emailwww.us-cert.gov8/1/2016
Active iOS Smishing Campaign Stealing Apple Credentialsblogs.mcafee.com7/28/2016
69% of email attacks with malicious attachments in Q2 contained Lockywww.scmagazine.com7/27/2016
SMS-based two-factor authentication may be headed out the doorwww.computerworld.com7/26/2016
Google drops support for old crypto on Gmail, SMTP serverswww.helpnetsecurity.com5/18/2016
Google denies email injection flaw can bypass filters and pwn userswww.scmagazine.com5/4/2016
Brazilian companies receive more than 40,000 spam emails in infostealer campaignwww.symantec.com2/4/2016
WhatsApp Phishing Email Campaign Spreading Nivdort Malware Variantwww.tripwire.com1/13/2016
The Father of Online Anonymity Has a Plan to End the Crypto Warwww.wired.com1/6/2016
New TeslaCrypt Ransomware Arrives via Spamblogs.mcafee.com1/5/2016
Calls grow for government back doors to encryptionwww.cnbc.com11/16/2015
Gmail to Warn When Messages Take Unencrypted Routeswww.securityweek.com11/13/2015
Google Moving Gmail to Strict DMARC Implementationthreatpost.com10/21/2015
Potent OWA backdoor scores 11,000 corporate creds from single bizwww.theregister.co.uk10/6/2015
Cisco applies plaster to email, Web security applianceswww.theregister.co.uk9/10/2015
Bug in iOS Mail app is a dream come true for phisherswww.net-security.org6/11/2015
Yahoo Previews End-To-End Email Encryption Plug-Inthreatpost.com3/16/2015
A New, Simple Way to Log Inyahoo.tumblr.com3/15/2015
Email spoofing security hole discovered in Google Admin consolewww.zdnet.com3/9/2015
Outlook for iOS app "breaks" corporate security, developer sayswww.zdnet.com1/30/2015
Microsoft's Outlook smacked by 'man-in-the-middle' attack in China – Greatfire.orgwww.theregister.co.uk1/19/2015
Vulnerability in Verizon My FIOS App Allowed Users to Compromise Others’ Email Accountswww.tripwire.com1/19/2015
And now for some good news... Facebook sets up hidden service in privacy pushwww.zdnet.com12/1/2014
Apple doubles-down on security, shuts out law enforcement from accessing iPhones, iPadswww.zdnet.com9/18/2014
'Backwards' writing is spammers' new mail filter avoidance trickwww.theregister.co.uk9/12/2014
IM services start to block unencrypted chatswww.theregister.co.uk5/20/2014
iOS 7 reportedly not encrypting email attachmentswww.cnet.com5/5/2014
Status Update: Encryption at Yahooyahoo.tumblr.com4/2/2014
Ethical hacker backer hacked, warns of email ransackwww.theregister.co.uk3/13/2014
Yahoo, ICQ chats still vulnerable to government snoopsnews.cnet.com2/28/2014
Spam drops as legit biz dumps mass email ads: Only the dodgy remainwww.theregister.co.uk1/24/2014
WhatsApp Spam Spreads New Banking Trojanthreatpost.com1/21/2014
Critics Cut Deep on Yahoo Mail Encryption Rolloutthreatpost.com1/9/2014
Yahoo enables default HTTPS encryption for Yahoo Mailnews.cnet.com1/7/2014
Skype's Twitter account, blog hacked to spread anti-Microsoft messageswww.theregister.co.uk1/2/2014
Quadrillion-dollar finance house spams Reg reader with bankers' private datawww.theregister.co.uk12/11/2013
Microsoft to Roll Out Encrypted Message Service for Office 365threatpost.com11/22/2013
Apple's iMessage encryption claims refuted (again)www.zdnet.com10/18/2013
Apple reasserts claim it doesn't want to spy on your iMessagesnews.cnet.com10/18/2013
Yahoo Should Consider SSL a Minimal Security, Privacy Standard for Emailthreatpost.com10/17/2013
Apple iMessage Open to Man in the Middle, Spoofing Attacksthreatpost.com10/17/2013
Yahoo Mail finally turns on SSLnews.cnet.com10/14/2013
BitTorrent trialling P2P secure messagingwww.theregister.co.uk10/1/2013
Yahoo recycled ID users warn of security risknews.cnet.com9/24/2013
Secure SMS app Wickr finally hits Androidnews.cnet.com9/16/2013
Breaking news, literally: Syrians joyride New York Post tweets, Facebookwww.theregister.co.uk8/14/2013
Deutsche Telekom and United Internet launch 'made in Germany' email in response to PRISMwww.zdnet.com8/12/2013
Syrian Electronic Army hijacks Thomson Reuters' Twitter feednews.cnet.com7/29/2013
EncryptFree and Other Tools to Help Consumers Dodge Web Snoopingblogs.mcafee.com7/1/2013
Connecting the Dots–How Your Digital Life Affects Identity Theft and Financial Lossblogs.mcafee.com6/23/2013
New NSA Leak Sheds Light on Encrypted Data Retentionthreatpost.com6/21/2013
Yahoo: Don't fret about hack attacks on recycled user IDsnews.cnet.com6/20/2013
Android trojan attempts to spread via Bluetoothwww.zdnet.com6/10/2013
US National Intelligence Council boss gets personal email hackedwww.theregister.co.uk5/29/2013
Sky's Android apps, Twitter account hackednews.cnet.com5/26/2013
Twitter locks down logins by adding two-factor authenticationwww.theregister.co.uk5/22/2013
Twitter 'rolling out two-factor authentication soon'www.zdnet.com4/24/2013
Fake AP tweet says Obama injured in White House explosionwww.scmagazine.com4/23/2013
Hackers send bogus tweets from '60 Minutes' accountnews.cnet.com4/20/2013
Silent Circle aims for email that's as secure as it getswww.theregister.co.uk4/6/2013
Some iMessage Accounts Hit Hard by Mass Messaging, DoS Attacksthreatpost.com4/1/2013
Privacy 101: Skype Leaks Your Locationkrebsonsecurity.com3/21/2013
Twitter aiming to slash phishing e-mails sent from 'Twitter.com'news.cnet.com2/21/2013
Google Says Gmail Security Measures Have Reduced Account Hijacks By 99 Percentthreatpost.com2/19/2013
Gmail of journalists in Myanmar said to be hackednews.cnet.com2/11/2013
George Bush's family emails, pics ransacked - and spewed onlinewww.theregister.co.uk2/8/2013
Wickr turns iOS message self-destruct up to 11news.cnet.com1/28/2013
10,000 Indian government and military emails hackedwww.theregister.co.uk12/21/2012
SMS stealing apps uploaded to Google Play by Carberp banking malware gangwww.computerworld.com12/14/2012
Petraeus affair reveals risks of emailwww.computerworld.com12/3/2012
Taliban official's email blunder leaks 400+ contactswww.theregister.co.uk11/16/2012
Skype Restores Password Resets, Repairs Flaw that Allows Account Hijackingthreatpost.com11/14/2012
Cisco recommends McAfee switch for IronPort customers hit by Sophos flawswww.csoonline.com11/9/2012
Cyberheists ‘A Helluva Wake-up Call’ to Small Bizkrebsonsecurity.com11/6/2012
Oops: E-Mail Marketer Left Walmart, US Bank and Others Open to Easy Spoofingwww.wired.com10/30/2012
How a Google Headhunter’s E-Mail Unraveled a Massive Net Security Holewww.wired.com10/24/2012
Localized Dorkbot malware variant spreading across Skypewww.zdnet.com10/19/2012
Middle East cyberattacks on Google users increasingnews.cnet.com10/3/2012
iPhone SMS vulnerable, according to researchernews.cnet.com8/17/2012
A Closer Look: Email-Based Malware Attackskrebsonsecurity.com6/21/2012
Plans to migrate LAPD to Google's cloud apps droppedwww.computerworld.com12/22/2011
DARPA to start checking your email for threatswww.navytimes.com12/21/2011
Google Ratchets Up Security Of HTTPSwww.darkreading.com11/22/2011
Joint Commission: Text Messages Should Not Be Used in Patient Orderswww.ihealthbeat.org11/21/2011
Arrest made in Hollywood hacking probewww.bbc.co.uk10/12/2011
Standards
FIPS 186-4 Digital Signature Standard (DSS)FIPS7/23/2013
NIST SP 800-177 Revision 1, Trustworthy EmailNIST9/7/2016