Mega says it can’t decrypt your files. New POC exploit shows otherwise
In the decade since larger-than-life character Kim Dotcom founded Mega, the cloud storage service has amassed 250 million registered users and stores a whopping 120 billion files that take up more than 1,000 petabytes of storage. A key selling point that has helped fuel the growth is an extraordinary promise that no top-tier Mega competitors make: Not even Mega can decrypt the data it stores. On the company’s homepage, for instance, Mega displays an image that compares its offerings to Dropbox and Google Drive. In addition to noting Mega’s lower prices, the comparison emphasizes that Mega offers end-to-end encryption, whereas the other two do not.
Former AWS engineer convicted over hack that cost Capital One $270m
A former AWS engineer has been convicted of seven counts of fraud after the personal data of more than 100 million people was stolen from unsecured accounts on the cloud platform. The breach has so far cost US bank Capital One, one of the 30 institutions affected, more than $270m in compensation and regulatory fines. Paige Thompson was arrested in July 2019, after Capital One alerted the FBI to the breach. Prosecutors alleged that she had stolen personal data of more than 100 million of the company’s customers, including 140,000 Social Security numbers and 80,000 bank account numbers.
CISA experts propose ‘311’ cybersecurity emergency call line for small businesses
Members of the Cybersecurity and Infrastructure Security Agency’s (CISA) Cybersecurity Advisory Committee proposed the creation of an emergency “311” cybersecurity call line for incidents affecting small and medium-sized businesses. The committee – made up of cybersecurity experts from several leading companies – held its third meeting in Austin, Texas on Wednesday and provided several recommendations to CISA Director Jen Easterly. The committee was founded in June 2021, held its first meeting in December and is split up into six subcommittees focused on several different issues – including the cyber workforce, information dissemination, cyber hygiene efforts, technical advisories, critical infrastructure and misinformation.
Cloud Email Threats Soar 101% in a Year
The number of email-borne cyber-threats blocked by Trend Micro surged by triple digits last year, highlighting the continued risk from conventional attack vectors. The vendor stopped over 33.6 million such threats reaching customers via cloud-based email in 2021, a 101% increase. This included 16.5 million phishing emails, a 138% year-on-year increase, of which 6.5 million were credential phishing attempts. Trend Micro also blocked 3.3 million malicious files in cloud-based emails, including a 134% increase in known threats and a 221% increase in unknown malware. The news comes as Proofpoint warned in a new report of the continued dangers posed by social engineering, and the mistaken assumptions many users make.