A data location broker company called SafeGraph says it will no longer sell the location data of groups of people visiting Planned Parenthood and other clinics that provide abortions following a recent Vice report. Purchasers of that data previously could reportedly tell where visitors to those clinics came from, how long they stayed at the clinic and where they went after.SafeGraph on Tuesday said it decided to reverse course in part due to news of a leaked initial draft majority opinion which shows the U.S. Supreme Court’s apparent interest in striking down Roe v Wade, a titanic move that would effectively make abortion illegal in many states.

“In light of potential federal changes in family planning access, we’re removing Patterns data for locations classified as NAICS code 621410 (‘Family Planning Centers’) from our self-serve “shop” and API to curtail any potential misuse of its data,” SafeGraph wrote on its website.

Digital Defense Fund: “This page is organized into different security-related threats. You can jump to the ones that most concern you. Along with each scenario is a list of digital security tips to neutralize the threat. These are possible concerns you might have:…

The National Institute of Standards and Technology (NIST) has released updated guidance on securing the supply chain against cyberattacks.Since 2020, NIST has released two draft documents on how the enterprise can better defend itself from supply-chain attacks.

Today, in response to Executive Order 14028: Improving the Nation’s Cybersecurity, NIST has published ‘Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations‘ to provide guidance on identifying and responding to supply chain cybersecurity risks.

“Managing the cybersecurity of the supply chain is a need that is here to stay,” said NIST’s Jon Boyens, one of the publication’s authors. “If your agency or organization hasn’t started on it, this is a comprehensive tool that can take you from crawl to walk to run, and it can help you do so immediately.”

The document is a long read, weighing in at 326 pages, but includes valuable information on supply chain risks, from evaluating foreign control over a software/product’s development to risks associated with using external IT service providers.

…

Supply-chain attacks are becoming increasingly popular targets for threat actors, as it allows them to compromise a single product and have it impact numerous downstream companies who utilize it.

The severity of supply-chain attacks was demonstrated in real-world scenarios when threat actors compromised SolarWinds to infect downstream customers, Kaseya’s MSP software was used to encrypt over a thousand companies, and how npm modules were used to execute remote commands.

These attacks had widespread consequences for many organizations simply by compromising a single source, illustrating the need for the enterprise to add safeguards against supply-chain attacks.

Tagged: