Infosec Round-Up Nov 5th

Play Video

Labour Data Breach, NSO Ban & Facebook Ends Facial Recognition

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

Labour Party Data Breach

The UK’s Labour Party has announced to members that some of their information has been breached following a suspected ransomware attack against a third-party data handler.

Alerting members via a breach notice on the political party’s website, information belonging to members, registered and affiliated supporters, and “other individuals who have provided their information to the Party” is believed to have been affected.

Having been alerted to the breach on the 29th of October, the extent of the data breach has yet to be confirmed, though the party has noted it is working closely with the National Crime Agency (NCA), National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO) to investigate the incident.

In the official statement, the party also noted they are “working closely and on an urgent basis with the third party in order to understand the full nature, circumstances and impact of the incident.”

Adding, “The Party takes the security of all personal information for which it is responsible very seriously. It is doing everything within its power to investigate and address this incident”.

Facebook to End Facial Recognition

The Facebook platform has announced that it will be discontinuing the use of its facial recognition software and deleting 1 billion existing facial profiles, or faceprints, used to automatically recognise individuals in photos and videos.

Closely following the parent company’s rebranding to ‘Meta’, Facebook announced the end to the controversial technology citing the need to balance the use of such systems against “growing societal concerns”, as well as a lack of clear guidance from regulators.

The development also comes only months after the settlement of a long-running Illinois-based class action lawsuit in which the company agreed to pay out $650 million to users who argued its facial recognition tool was in violation of the state's privacy laws.

Jerome Pesenti, VP of Artificial Intelligence stated on the decision, “There are many concerns about the place of facial recognition technology in society, and regulators are still in the process of providing a clear set of rules governing its use… Amid this ongoing uncertainty, we believe that limiting the use of facial recognition to a narrow set of use cases is appropriate.”

US Sanctions NSO Group

The controversial Israeli company behind the surveillance software Pegasus has this week been added to a US trade blacklist.

Added to the Commerce Department's Bureau of Industry and Security’s Entity List, preventing the export, reexport, or transfer of the company’s products or services, the creators of the so-called ‘military-grade spyware’ are said to be “dismayed” at the decision.

Having faced significant criticism for its involvement in the surveillance of murdered Saudi journalist Jamal Khashoggi, as well as being accused of selling its services to other authoritarian regimes, NSO Group continues to insist upon its “rigorous compliance and human rights programs”.

The US Commerce Department stated on the decision: “These tools have also enabled foreign governments to conduct transnational repression, which is the practice of authoritarian governments targeting dissidents, journalists and activists outside of their sovereign borders to silence dissent. Such practices threaten the rules-based international order”.

Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.

Security Awareness for your Organisation

Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.

Featured

Infosec Round-Up Oct 29th

Infosec Round-Up Oct 29th - Hut Six

GCHQ chief warns double in ransomware attacks. “Unprecedented” VOIP cyber-attack. Teen scammer has £2 million in crypto seized.

Infosec Round-Up Oct 22nd

Infosec Round-Up Oct 22nd - Hut Six

Computer maker Acer hacked twice in a single week. Ofcom reports almost 45 million people targeted by scammers. US restricts the sale of hacking tools.

Infosec Round-Up Oct 8th

Infosec Round-Up Oct 8th - Hut Six

125GB of Twitch data leaked. School IT tech charged in insider threat case. EU parliament votes against A.I surveillance.

Infosec Round-Up Oct 1st

Infosec Round-Up Oct 1st - Hut Six

iPhone contactless flaw could allow locked phone payments. China warns crypto “seriously endanger the safety of people’s assets”. Ethereum research facing 20 years in prison.

InfoSec Round-Up Sep 24th

InfoSec Round-Up Sep 24th - Hut Six

REvil steals loot from affiliate criminals. Lithuania warns of Chinese made phones. UK MoD exposes the data of Afghan interpreters.

Infosec Round-Up Sep 17th

Infosec Round-Up Sep 17th - Hut Six

Irish DPA investigates TikTok data collection. NSO Group flaw fixed. Microsoft announces passwordless future.

Infosec Round-Up Sep 10th

Infosec Round-Up Sep 10th - Hut Six

Ragnar Locker threatens victims with possible data leaks. UK student jailed for "cynical" cyber crime. ProtonMail faces criticism.

Infosec Round-Up Sep 3rd

Infosec Round-Up Sep 3rd - Hut Six

Insider threat destroys 21GB of credit union data. Hackers leak UK firearms marketplace data. Coinbase accidentally sends 125K warning emails.

Infosec Round-Up Aug 27th

Infosec Round-Up Aug 27th - Hut Six

Ethical hacker rewarded with $500K after returning stolen crypto. Japanese exchange attacked. US loses $2.3 million to BEC scam.

Infosec Round-Up Aug 20th

Infosec Round-Up Aug 20th - Hut Six

48 million T-Mobile customers' data breached. Secret 'no-fly' list exposed on internet. Brazil Government hit with another ransomware attack.