Infosec Round-Up Nov 5th
Labour Data Breach, NSO Ban & Facebook Ends Facial Recognition
This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.
Labour Party Data Breach
The UK’s Labour Party has announced to members that some of their information has been breached following a suspected ransomware attack against a third-party data handler.
Alerting members via a breach notice on the political party’s website, information belonging to members, registered and affiliated supporters, and “other individuals who have provided their information to the Party” is believed to have been affected.
Having been alerted to the breach on the 29th of October, the extent of the data breach has yet to be confirmed, though the party has noted it is working closely with the National Crime Agency (NCA), National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO) to investigate the incident.
In the official statement, the party also noted they are “working closely and on an urgent basis with the third party in order to understand the full nature, circumstances and impact of the incident.”
Adding, “The Party takes the security of all personal information for which it is responsible very seriously. It is doing everything within its power to investigate and address this incident”.
Facebook to End Facial Recognition
The Facebook platform has announced that it will be discontinuing the use of its facial recognition software and deleting 1 billion existing facial profiles, or faceprints, used to automatically recognise individuals in photos and videos.
Closely following the parent company’s rebranding to ‘Meta’, Facebook announced the end to the controversial technology citing the need to balance the use of such systems against “growing societal concerns”, as well as a lack of clear guidance from regulators.
The development also comes only months after the settlement of a long-running Illinois-based class action lawsuit in which the company agreed to pay out $650 million to users who argued its facial recognition tool was in violation of the state's privacy laws.
Jerome Pesenti, VP of Artificial Intelligence stated on the decision, “There are many concerns about the place of facial recognition technology in society, and regulators are still in the process of providing a clear set of rules governing its use… Amid this ongoing uncertainty, we believe that limiting the use of facial recognition to a narrow set of use cases is appropriate.”
US Sanctions NSO Group
The controversial Israeli company behind the surveillance software Pegasus has this week been added to a US trade blacklist.
Added to the Commerce Department's Bureau of Industry and Security’s Entity List, preventing the export, reexport, or transfer of the company’s products or services, the creators of the so-called ‘military-grade spyware’ are said to be “dismayed” at the decision.
Having faced significant criticism for its involvement in the surveillance of murdered Saudi journalist Jamal Khashoggi, as well as being accused of selling its services to other authoritarian regimes, NSO Group continues to insist upon its “rigorous compliance and human rights programs”.
The US Commerce Department stated on the decision: “These tools have also enabled foreign governments to conduct transnational repression, which is the practice of authoritarian governments targeting dissidents, journalists and activists outside of their sovereign borders to silence dissent. Such practices threaten the rules-based international order”.
Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
GCHQ chief warns double in ransomware attacks. “Unprecedented” VOIP cyber-attack. Teen scammer has £2 million in crypto seized.
Computer maker Acer hacked twice in a single week. Ofcom reports almost 45 million people targeted by scammers. US restricts the sale of hacking tools.
125GB of Twitch data leaked. School IT tech charged in insider threat case. EU parliament votes against A.I surveillance.
iPhone contactless flaw could allow locked phone payments. China warns crypto “seriously endanger the safety of people’s assets”. Ethereum research facing 20 years in prison.
REvil steals loot from affiliate criminals. Lithuania warns of Chinese made phones. UK MoD exposes the data of Afghan interpreters.
Irish DPA investigates TikTok data collection. NSO Group flaw fixed. Microsoft announces passwordless future.
Ragnar Locker threatens victims with possible data leaks. UK student jailed for "cynical" cyber crime. ProtonMail faces criticism.
Insider threat destroys 21GB of credit union data. Hackers leak UK firearms marketplace data. Coinbase accidentally sends 125K warning emails.
Ethical hacker rewarded with $500K after returning stolen crypto. Japanese exchange attacked. US loses $2.3 million to BEC scam.
48 million T-Mobile customers' data breached. Secret 'no-fly' list exposed on internet. Brazil Government hit with another ransomware attack.