AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 06/23/2022

Mega says it can’t decrypt your files. New POC exploit shows otherwise

In the decade since larger-than-life character Kim Dotcom founded Mega, the cloud storage service has amassed 250 million registered users and stores a whopping 120 billion files that take up more than 1,000 petabytes of storage. A key selling point that has helped fuel the growth is an extraordinary promise that no top-tier Mega competitors make: Not even Mega can decrypt the data it stores. On the company’s homepage, for instance, Mega displays an image that compares its offerings to Dropbox and Google Drive. In addition to noting Mega’s lower prices, the comparison emphasizes that Mega offers end-to-end encryption, whereas the other two do not.


TikTok Quietly Updated Privacy Policy to Collect Faceprints and Voiceprints

TikTok, one of the most downloaded apps of 2021 so far, decided to quietly update its privacy policy to collect biometric identifiers and biometric information know in the US as faceprints and voiceprints. The trendy app, owned by the Chinese internet technology company ByteDance, added a new section to its privacy policy called ‘Image and Audio Information.’ With the bold move, the Beijing-based company can now automatically collect those new types of biometric data. According to the updated privacy policy, the data will be used for non-personally-identifying operations such as enabling special video effects, content moderation, demographic classification, and ad recommendations.


Former AWS engineer convicted over hack that cost Capital One $270m

A former AWS engineer has been convicted of seven counts of fraud after the personal data of more than 100 million people was stolen from unsecured accounts on the cloud platform. The breach has so far cost US bank Capital One, one of the 30 institutions affected, more than $270m in compensation and regulatory fines. Paige Thompson was arrested in July 2019, after Capital One alerted the FBI to the breach. Prosecutors alleged that she had stolen personal data of more than 100 million of the company’s customers, including 140,000 Social Security numbers and 80,000 bank account numbers.


CISA experts propose ‘311’ cybersecurity emergency call line for small businesses

Members of the Cybersecurity and Infrastructure Security Agency’s (CISA) Cybersecurity Advisory Committee proposed the creation of an emergency “311” cybersecurity call line for incidents affecting small and medium-sized businesses. The committee – made up of cybersecurity experts from several leading companies – held its third meeting in Austin, Texas on Wednesday and provided several recommendations to CISA Director Jen Easterly. The committee was founded in June 2021, held its first meeting in December and is split up into six subcommittees focused on several different issues – including the cyber workforce, information dissemination, cyber hygiene efforts, technical advisories, critical infrastructure and misinformation.


Cloud Email Threats Soar 101% in a Year

The number of email-borne cyber-threats blocked by Trend Micro surged by triple digits last year, highlighting the continued risk from conventional attack vectors. The vendor stopped over 33.6 million such threats reaching customers via cloud-based email in 2021, a 101% increase. This included 16.5 million phishing emails, a 138% year-on-year increase, of which 6.5 million were credential phishing attempts. Trend Micro also blocked 3.3 million malicious files in cloud-based emails, including a 134% increase in known threats and a 221% increase in unknown malware. The news comes as Proofpoint warned in a new report of the continued dangers posed by social engineering, and the mistaken assumptions many users make.  

Related Posts