Location Data Firm SafeGraph Is Selling Data on Abortion Clinic Visits
CDC purchased SafeGraph location data on Navajo nation, Five RCE vulnerabilities found in Aruba and Avaya networking equipment, Critical flaw found in router code libraries, much more
According to sets of data easily purchased by Motherboard for just $160, a location data firm known as SafeGraph is selling information related to visits to clinics that provide abortions, including Planned Parenthood facilities, showing where groups of people visiting the locations came from, how long they stayed there, and where they then went afterward.
SafeGraph classifies "Planned Parenthood" as a "brand" that can be tracked, and the data Motherboard purchased includes more than 600 Planned Parenthood locations in the United States. The data included a week's worth of location data for those locations in mid-April.
Separately .documents show that the Centers for Disease Control and Prevention (CDC) purchased from SafeGraph access to location data harvested from tens of millions of phones in the United States to perform analysis of compliance with curfews, track patterns of people visiting K-12 schools, and specifically monitor the effectiveness of policy in the Navajo Nation.
SafeGraph includes Peter Thiel and the former head of Saudi intelligence among its investors. Google banned the company from the Play Store in June. (Joseph Cox / Motherboard, Joseph Cox / Motherboard)
Related: Mother Jones

Joseph Cox @josephfcox
New: companies selling location data on visits to abortion clinics. We know because we just bought some data for $160. Could be used to see clinics being visited by people from across state lines. Threatens both the patient and clinic. The risk is real. https://t.co/Qv7emmtafOSecurity researchers from Armis discovered five vulnerabilities dubbed TLStorm 2.0 in network equipment from Aruba (owned by HP) and Avaya (owned by ExtremeNetworks) that could allow malicious actors to execute code remotely on the devices.
Armis presents two main exploitation scenarios that allow escaping a captive portal or breaking network segmentation, both opening up the way to high-impact cyberattacks. In the captive portal scenario, the attacker can execute code remotely on the switch, bypassing the captive portal's restrictions or even disabling it altogether. In the second scenario, an attacker can use the vulnerabilities to break network segmentation and access any parts of the IT network, pivoting freely from the “guest” space to the “corporate” segment. Aruba and Avaya have issued patches for most of the vulnerabilities. (Bill Toulas / Bleeping Computer)
Related: SC Magazine, SiliconANGLE, Security Week, The Hacker News, CSO Online Network World Security, TechTarget, The Record by Recorded Future, Help Net Security
Nozomi Networks discovered a critical vulnerability in third-party code libraries used by hundreds of vendors, including Netgear, Linksys, Axis, and the Gentoo embedded Linux distribution that makes it possible for hackers with access to the connection between an affected device and the Internet to poison DNS requests used to translate domains to IP addresses.
The flaw resides in uClibc and uClibc fork uClibc-ng, both of which provide alternatives to the standard C library for embedded Linux. By feeding a vulnerable device fraudulent IP addresses repeatedly, the hackers can force end-users to connect to malicious servers that pose as Google or another trusted site. Netgear issued an advisory saying the company is aware of the library vulnerabilities and is assessing whether any of its products are affected. Representatives from Linksys and Axis didn’t immediately respond to emails asking if their devices are vulnerable. (Dan Goodin / Ars Technica)
Related: iTnews - Security, Exploit One, geekinteger, Nozomi, Techradar, eSecurityPlanet
Google’s Threat Analysis Group said that a Chinese-sponsored hacking group linked to China's People's Liberation Army Strategic Support Force (PLA SSF) called Curious Gorge is targeting Russian government agencies.
This threat actor has been targeting government and military organizations from Russia and those of other countries in the region like Ukraine, Kazakhstan, and Mongolia. (Sergiu Gatlan / Bleeping Computer)
Related: Malwarebytes, Security on TechRepublic, Cyberscoop, The Record by Recorded Future, Security Affairs, Google
More than 200 Spanish mobile numbers were selected as possible targets for surveillance by an NSO Group client believed to be Morocco.
More than 200 Spanish mobile numbers were selected as possible targets for surveillance by an NSO Group client believed to be Morocco, according to the data leak at the heart of the Pegasus project. Morocco previously denied spying on any foreign leaders using Pegasus. (Stephanie Kirchgaessner and Sam Jones / The Guardian)


Christiaan Beek, a lead threat researcher at cybersecurity firm Trellix, has linked several ransomware strains to APT38, a North Korean-sponsored hacking group known for its focus on targeting and stealing funds from financial institutions worldwide.
Beek said that the group's operators (part of Unit 180 of North Korea's cyber-army Bureau 121) have also used the Beaf, PXJ, ZZZZ, and ChiChi ransomware families to extort some of their victims. (Sergiu Gatlan / Bleeping Computer)
Related: Trellix


Researchers at Cybereason say that Chinese government-linked hackers have tried to steal sensitive data from some three dozen manufacturing and technology firms in the US, Europe, and Asia.
In hacking campaigns that date back to 2019, the hackers targeted blueprints for producing materials with broad applications to the pharmaceutical and aerospace sector. (Sean Lyngaas / CNN)
Related: Cybereason
The Securities and Exchange Commission’s office for protecting investors in cryptocurrencies and other digital assets, known as the cyber unit, is expanding and rebranding as the Crypto Assets and Cyber Unit.
“By nearly doubling the size of this key unit, the SEC will be better equipped to police wrongdoing in the crypto markets while continuing to identify disclosure and controls issues with respect to cybersecurity,” Chairman Gary Gensler said in a statement. (Joe Warminksy / The Record)
Related: Wall Street Journal, CNBC, Finextra Research news, The Crypto Basic, Cointelegraph.com, UK, Silicon UK, CryptoPotato, The Block, Finance Magnates, Benzinga, STL.News, Cointelegraph.com, Motherboard, Washington Post, ZDNet, CNET News, SEC
Kellogg Community College in Michigan canceled classes after a ransomware attack over the weekend.
All five Kellogg campuses in Michigan will remain closed while the matter is under investigation, though administrators hope to reopen them later this week. The college will also launch a “forced password reset for all students, faculty, and staff” to secure the network better. (Sarah Weissman / Insider Higher Ed)
Related: KCC Daily