This week’s Cyber Weekly Digest discusses the latest ransomware gang to shut down and a data breach affecting the UK’s Labour Party. Keep reading to stay up to date on the latest cyber security news from across the globe.
The UK Labour Party has notified members that some of their information was impacted in a data breach after a ransomware attack hit a supplier who manages the Party’s data. Data involved in the incident includes information provided by members, registered and affiliated supporters, and others who have provided their information to the Party. Although the Labour Party has shared little details, it is believed the data breach resulted from a ransomware attack on a third-party supplier’s systems. Last year, the Labour Party also suffered a similar data breach following the ransomware attack on cloud software provider Blackbaud.
The BlackMatter ransomware is allegedly shutting down its operation due to pressure from the authorities and recent law enforcement operations. Researchers were sent a screenshot of a message allegedly posted by the BlackMatter operators on November 1st, warning affiliates that the ransomware operation was shutting down in 48 hours. Since the announcement, affiliates have been moving existing victims to the LockBit ransomware negotiation site.
On Tuesday, Facebook’s newly-rebranded parent company Meta announced plans to discontinue its “Face Recognition” s ystem and delete more than a billion users’ facial recognition templates as part of a broader initiative to limit the use of the technology across its products. Facebook’s Face Recognition system analyses photos taken of users and associated users’ profile photos to build a unique identifier or template. Facebook says they will be shutting down their Face Recognition system and deleting the user templates in the coming weeks. Many believe this decision is to further distance itself from regulatory scrutiny following a lawsuit for violating the Biometric Information Privacy Act, which ordered Facebook to pay $650 million to settle the class-action suit in March this year.
Researchers from the University of Cambridge have disclosed details about a new attack method called “Trojan Source”, which allows injecting vulnerabilities into the source code of a software project in a way that human reviewers cannot detect. Trojan Source relies on a simple trick that does not require modifying the compiler to create vulnerable binaries. The method works with some of today’s most widely used programming languages, and adversaries could use it for supply-chain attacks. At the moment, multiple compilers are unable to stop the Trojan Source attack method, despite almost two dozen software suppliers being aware of the threat.
Earlier this year, the media had warned of a new ransomware gang named “Groove”, however researchers are now stating that Groove was a hoax designed to toy with security firms and journalists. Groove was first announced in August this year which was believed to be a subgroup of the Babuk gang with affiliation without gangs such as BlackMatter. However, this week, a post on the cyber crime forum XSS explained that Groove was a “pet project” designed to mess with the media and security industry.