Gmail Now Offers Client Side Encryption!
Google has recently announced that it will now offer Client Side Encryption (CSE) for Gmail and Calendar users with Workspace Enterprise Plus, Education Plus, and Education Standard accounts. This move expands the encryption feature that was first made available and in beta last year for Google Docs, Sheets, Drive, Meet, and Slides. CSE allows for sensitive data in an email body, including any images or attachments, to be encrypted before being sent out to Google’s servers in order to be sent to a recipient. However, it does not include the email header like the subject line or the recipient’s address. Unlike End to End Encryption, CSE can still allow a company admin or IT to decrypt the messages, which can be used for data retention or specific company policies.
How to Enable CSE
To enable CSE, it needs to be toggled on in the settings as it is off by default. It can be found in the Admin console under Security, Access and Data Control, then Client Side Encryption. Next, users can click a lock icon next to the cc or bss line in an email, click Turn On Additional Encryption for any emails, and write emails as normal. Unfortunately, CSE is not currently available to users who don’t have Enterprise Plus, Education Plus, or Education Standard accounts. However, this encryption feature is marketed towards organizations that need to stay within data compliance policies, giving those kinds of teams more control over the kinds of data that Google can store on its servers.
UEFI Bootkit Targets Windows 11
For the first time ever, a UEFI bootkit has successfully infected a fully patched Windows 11 system. The Unified Extensible Firmware Interface (UEFI) is software that boots up when your PC starts up, allowing you to control the boot sequence before the OS starts. Last year, the BlackLotus UEFI malware appeared on hacker forums, and the seller claimed that it had strong persistence and that AVs couldn’t scan for it or remove it. Security firm ESET found out that this was true, as it bypasses the Secure Boot using a vulnerability tracked as CVE-2022-21894. Exploiting this vulnerability leads to Secure Boot bypass and persistence. Since its inception, BlackLotus has gotten some upgrades. Now it can bypass the Secure Boot capabilities on Windows 11, which means it’ll disable the security that comes with that OS. That means it can hide itself from defenses like Windows Defender and the memory integrity module called the Hypervisor Protected Code Integrity, which is used to protect the Windows Kernel from attacks. It can also disable Bitlocker data protections.
LastPass Breach
LastPass has had a difficult start to 2023, with a Senior DevOps engineer at the company having their credentials stolen by the same threat actor responsible for the initial breach. The attacker targeted the employee’s home computer, specifically using an exploit directed at a vulnerable third party media software package. This led to a remote code execution attack, which let the attacker install a keylogger on the victim’s computer. They monitored the employee’s keystrokes and eventually stole the master password for the corporate vault. Since the attacker used valid creds to access the data, LastPass did not detect it for two months, eventually noticing strange behavior through their AWS GuardDuty Alerts when the attacker tried to use IAM roles to do something anomalous. The data in the vault includes “encrypted secure notes with access and decryption keys needed to access the AWS S3 Lastpass production backups, other cloud-based storage resources, and some related critical database backups.”
How Does This Affect Customers?
LastPass is recommending users change their master password and enable MFA if it’s not already in use, and change all the passwords for accounts stored in the vault. However, it’s strongly recommended to switch to a new password manager with more secure options, like local storage password managers.
With Gmail now offering Client Side Encryption and LastPass facing another breach, it’s important to stay vigilant and keep an eye on the latest security updates. It’s also important to switch to more secure options for password managers to keep your online accounts safe.