Location Data Firm SafeGraph Is Selling Data on Abortion Clinic Visits

CDC purchased SafeGraph location data on Navajo nation, Five RCE vulnerabilities found in Aruba and Avaya networking equipment, Critical flaw found in router code libraries, much more

Photo by Dennis Kummer on Unsplash

According to sets of data easily purchased by Motherboard for just $160, a location data firm known as SafeGraph is selling information related to visits to clinics that provide abortions, including Planned Parenthood facilities, showing where groups of people visiting the locations came from, how long they stayed there, and where they then went afterward.

SafeGraph classifies "Planned Parenthood" as a "brand" that can be tracked, and the data Motherboard purchased includes more than 600 Planned Parenthood locations in the United States. The data included a week's worth of location data for those locations in mid-April.

Separately .documents show that the Centers for Disease Control and Prevention (CDC) purchased from SafeGraph access to location data harvested from tens of millions of phones in the United States to perform analysis of compliance with curfews, track patterns of people visiting K-12 schools, and specifically monitor the effectiveness of policy in the Navajo Nation.

SafeGraph includes Peter Thiel and the former head of Saudi intelligence among its investors. Google banned the company from the Play Store in June. (Joseph Cox / Motherboard, Joseph Cox / Motherboard)

Related: Mother Jones

Pwn All The Things @pwnallthethings

Jesus christ what a dystopia

Joseph Cox @josephfcox

New: companies selling location data on visits to abortion clinics. We know because we just bought some data for $160. Could be used to see clinics being visited by people from across state lines. Threatens both the patient and clinic. The risk is real. https://t.co/Qv7emmtafO

May 3rd 2022

92 Retweets225 Likes

Security researchers from Armis discovered five vulnerabilities dubbed TLStorm 2.0 in network equipment from Aruba (owned by HP) and Avaya (owned by ExtremeNetworks) that could allow malicious actors to execute code remotely on the devices.

Armis presents two main exploitation scenarios that allow escaping a captive portal or breaking network segmentation, both opening up the way to high-impact cyberattacks. In the captive portal scenario, the attacker can execute code remotely on the switch, bypassing the captive portal's restrictions or even disabling it altogether. In the second scenario, an attacker can use the vulnerabilities to break network segmentation and access any parts of the IT network, pivoting freely from the “guest” space to the “corporate” segment. Aruba and Avaya have issued patches for most of the vulnerabilities. (Bill Toulas / Bleeping Computer)

Related: SC Magazine, SiliconANGLE, Security Week, The Hacker News, CSO Online Network World Security, TechTarget, The Record by Recorded Future, Help Net Security

Nozomi Networks discovered a critical vulnerability in third-party code libraries used by hundreds of vendors, including Netgear, Linksys, Axis, and the Gentoo embedded Linux distribution that makes it possible for hackers with access to the connection between an affected device and the Internet to poison DNS requests used to translate domains to IP addresses.

The flaw resides in uClibc and uClibc fork uClibc-ng, both of which provide alternatives to the standard C library for embedded Linux. By feeding a vulnerable device fraudulent IP addresses repeatedly, the hackers can force end-users to connect to malicious servers that pose as Google or another trusted site. Netgear issued an advisory saying the company is aware of the library vulnerabilities and is assessing whether any of its products are affected. Representatives from Linksys and Axis didn’t immediately respond to emails asking if their devices are vulnerable. (Dan Goodin / Ars Technica)

Related: iTnews - Security, Exploit One, geekinteger, Nozomi, Techradar, eSecurityPlanet

Google’s Threat Analysis Group said that a Chinese-sponsored hacking group linked to China's People's Liberation Army Strategic Support Force (PLA SSF) called Curious Gorge is targeting Russian government agencies.

This threat actor has been targeting government and military organizations from Russia and those of other countries in the region like Ukraine, Kazakhstan, and Mongolia. (Sergiu Gatlan / Bleeping Computer)

Related: Malwarebytes, Security on TechRepublic, Cyberscoop, The Record by Recorded Future, Security Affairs, Google

More than 200 Spanish mobile numbers were selected as possible targets for surveillance by an NSO Group client believed to be Morocco.

More than 200 Spanish mobile numbers were selected as possible targets for surveillance by an NSO Group client believed to be Morocco, according to the data leak at the heart of the Pegasus project. Morocco previously denied spying on any foreign leaders using Pegasus. (Stephanie Kirchgaessner and Sam Jones / The Guardian)

Bill Marczak @billmarczak

If the reported 2021 Pegasus operations against Spain's PM and Defense Minister are indeed the work of a foreign government, then Morocco seems to have emerged as the likeliest culprit Over 200 Spanish mobile numbers ‘possible targets of Pegasus spyware’Data leak reveals scale of potential surveillance by NSO Group client believed to be Moroccotheguardian.com

May 4th 2022

7 Retweets15 Likes

Christiaan Beek, a lead threat researcher at cybersecurity firm Trellix, has linked several ransomware strains to APT38, a North Korean-sponsored hacking group known for its focus on targeting and stealing funds from financial institutions worldwide.

Beek said that the group's operators (part of Unit 180 of North Korea's cyber-army Bureau 121) have also used the Beaf, PXJ, ZZZZ, and ChiChi ransomware families to extort some of their victims. (Sergiu Gatlan / Bleeping Computer)

Related: Trellix

Raj Samani @Raj_Samani

Good work by @ChristiaanBeek details multiple #ransomware families linked to APT38 which "share a significant amount of code with the VHD source code" trellix.com/en-us/about/ne… #malware #cybersecurity #infosec

May 4th 2022

7 Retweets5 Likes

Researchers at Cybereason say that Chinese government-linked hackers have tried to steal sensitive data from some three dozen manufacturing and technology firms in the US, Europe, and Asia.

In hacking campaigns that date back to 2019, the hackers targeted blueprints for producing materials with broad applications to the pharmaceutical and aerospace sector. (Sean Lyngaas / CNN)

Related: Cybereason

The Securities and Exchange Commission’s office for protecting investors in cryptocurrencies and other digital assets, known as the cyber unit, is expanding and rebranding as the Crypto Assets and Cyber Unit.

“By nearly doubling the size of this key unit, the SEC will be better equipped to police wrongdoing in the crypto markets while continuing to identify disclosure and controls issues with respect to cybersecurity,” Chairman Gary Gensler said in a statement. (Joe Warminksy / The Record)

Related: Wall Street Journal, CNBC, Finextra Research news, The Crypto Basic, Cointelegraph.com, UK, Silicon UK, CryptoPotato, The Block, Finance Magnates, Benzinga, STL.News, Cointelegraph.com, Motherboard, Washington Post, ZDNet, CNET News, SEC

Kellogg Community College in Michigan canceled classes after a ransomware attack over the weekend.

All five Kellogg campuses in Michigan will remain closed while the matter is under investigation, though administrators hope to reopen them later this week. The college will also launch a “forced password reset for all students, faculty, and staff” to secure the network better. (Sarah Weissman / Insider Higher Ed)

Related: KCC Daily