After a lot of reading I don't think there is any email service anywhere that is actually secure. The metadata on email is too extensive and the reach of the NSA (et al) is too broad. If you have to secure the contents of your email you're going to have to encrypt it yourself. If you just want to get away from advertisers deusexcaelo has complied a nice list of email services. but don't think any of them are "private". They're not. Email is inherently insecure.

Would this be worth it for an intelligence agency? Since a handful of primes are so widely reused, the payoff, in terms of connections they could decrypt, would be enormous. Breaking a single, common 1024-bit prime would allow NSA to passively decrypt connections to two-thirds of VPNs and a quarter of all SSH servers globally. Breaking a second 1024-bit prime would allow passive eavesdropping on connections to nearly 20% of the top million HTTPS websites. In other words, a one-time investment in massive computation would make it possible to eavesdrop on trillions of encrypted connections.

Add all this up, and it's easy to see why every cellphone manufacturer just opts for an off-the-shelf baseband processor and associated software. This does mean that each and every feature and smartphone has a piece of software that always runs (when the device is on), but that is essentially a black box. Whenever someone does dive into baseband software, many bugs and issues are found, which raises the question just how long this rather dubious situation can continue.

The backdoor was installed in such a way that it was intercepting and querying all Yahoo Mail users’ emails, not just emails of investigation targets.

The Stegano exploit kit would use three Adobe Flash vulnerabilities (CVE-2015-8651, CVE-2016-1019 or CVE-2016-4117) to attack the user's PC, and forcibly download and launch into execution various strains of malware.

This attack is determined by the particular router model that is detected during the reconnaissance phase. If there is no known exploit, the attack will attempt to use default credentials; otherwise, it will use known exploits to modify the DNS entries in the router and, when possible (observed for 36 fingerprints out of the 129 available), it will try to make administration ports available from external addresses. In this way, it will expose the router to additional attacks like those performed by the Mirai botnets.

Malicious ads are serving exploit code to infect routers, instead of browsers, in order to insert ads in every site users are visiting.

[...]

The way this entire operation works is by crooks buying ads on legitimate websites. The attackers insert malicious JavaScript in these ads, which use a WebRTC request to a Mozilla STUN server to determine the user's local IP address.

[...]

Researchers say they've seen attackers open administration ports for 36 routers of the list of 166 router fingerprints.

No attempts are made to determine what programs that are accessing the Desktop API since they identify themselves as the undocumented client name identifier "Skype Dashbd Wdgt Plugin". This opens up the potential for abuse by third-party programs, including malware, running locally on the machine.

At least two Netgear routers, the R6400 and R7000 are vulnerable to a command injection flaw that is easy to exploit and could lead to the total takeover of the routers. This was disclosed yesterday, December 9th, and there has, as yet, been no response from Netgear.

RouterCheck is a system for ensuring the well-being of your router and home network. It addresses the new threats posed by hackers.