Infosec Round-Up Nov 5th
Labour Data Breach, NSO Ban & Facebook Ends Facial Recognition
This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.
Labour Party Data Breach
The UK’s Labour Party has announced to members that some of their information has been breached following a suspected ransomware attack against a third-party data handler.
Alerting members via a breach notice on the political party’s website, information belonging to members, registered and affiliated supporters, and “other individuals who have provided their information to the Party” is believed to have been affected.
Having been alerted to the breach on the 29th of October, the extent of the data breach has yet to be confirmed, though the party has noted it is working closely with the National Crime Agency (NCA), National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO) to investigate the incident.
In the official statement, the party also noted they are “working closely and on an urgent basis with the third party in order to understand the full nature, circumstances and impact of the incident.”
Adding, “The Party takes the security of all personal information for which it is responsible very seriously. It is doing everything within its power to investigate and address this incident”.
Facebook to End Facial Recognition
The Facebook platform has announced that it will be discontinuing the use of its facial recognition software and deleting 1 billion existing facial profiles, or faceprints, used to automatically recognise individuals in photos and videos.
Closely following the parent company’s rebranding to ‘Meta’, Facebook announced the end to the controversial technology citing the need to balance the use of such systems against “growing societal concerns”, as well as a lack of clear guidance from regulators.
The development also comes only months after the settlement of a long-running Illinois-based class action lawsuit in which the company agreed to pay out $650 million to users who argued its facial recognition tool was in violation of the state's privacy laws.
Jerome Pesenti, VP of Artificial Intelligence stated on the decision, “There are many concerns about the place of facial recognition technology in society, and regulators are still in the process of providing a clear set of rules governing its use… Amid this ongoing uncertainty, we believe that limiting the use of facial recognition to a narrow set of use cases is appropriate.”
US Sanctions NSO Group
The controversial Israeli company behind the surveillance software Pegasus has this week been added to a US trade blacklist.
Added to the Commerce Department's Bureau of Industry and Security’s Entity List, preventing the export, reexport, or transfer of the company’s products or services, the creators of the so-called ‘military-grade spyware’ are said to be “dismayed” at the decision.
Having faced significant criticism for its involvement in the surveillance of murdered Saudi journalist Jamal Khashoggi, as well as being accused of selling its services to other authoritarian regimes, NSO Group continues to insist upon its “rigorous compliance and human rights programs”.
The US Commerce Department stated on the decision: “These tools have also enabled foreign governments to conduct transnational repression, which is the practice of authoritarian governments targeting dissidents, journalists and activists outside of their sovereign borders to silence dissent. Such practices threaten the rules-based international order”.
Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
An email security policy is a document describing how an organisation's email system should, and most importantly, should not be used.
When Human Error is found in information security, it is often avoidable errors that allow much larger consequential problems to arise.
Investing in Information Security Awareness Training - educating people against cyber threats should be considered essential for any organisation operating in 2021
How Secure is Microsoft Teams? Information Security blog by Information Security Awareness solution provider Hut Six Security
Best Ways To Ensure Enterprise Data Regulation guest blog by technivorz.com and information security awareness solution Hut Six Security.
Writing a Disaster Recovery Plan: information security planning blog by information security awareness solution provider Hut Six Security.
Security program policies blog by information security awareness training provider Hut Six Security.
Security awareness training for Cyber Essentials blog by information security awareness training provider Hut Six Security.
Information Security Awareness Training in 2021 blog by information security awareness training platform Hut Six Security
What are the best VPNs for work? - VPN review blog by security awareness training provider Hut Six Security.