Security News

The U.S. has imposed sanctions on two individuals and five entities linked to the development and distribution of the Predator commercial spyware used to target Americans, including government officials and journalists. "Today, the Department of the Treasury's Office of Foreign Assets Control designated two individuals and five entities associated with the Intellexa Consortium for their role in developing, operating, and distributing commercial spyware technology used to target Americans, including U.S. government officials, journalists, and policy experts," reads a press release by the Office of Foreign Assets Control.

A security failure at a third-party vendor exposed an untold number of American Express card numbers, expiry dates, and other data to persons unknown. "We became aware that a third-party service provider engaged by numerous merchants experienced unauthorized access to its system," Amex chief privacy officer Anneke Covell wrote in a letter [PDF] to customers at the end of last month, alerting them to the snafu.

American Express is warning customers that credit cards were exposed in a third-party data breach after a merchant processor was hacked. This incident was not caused by a data breach at American Express, but rather at a merchant processor in which American Express Card member data was processed.

American Express is warning customers that credit cards were exposed in a third-party data breach after one of its service providers was hacked. In a data breach notification filed with the state of Massachusetts, American Express said that the breach occurred at one of its service providers used by their travel services division, American Express Travel Related Services Company.

US President Joe Biden is expected to sign an executive order today that aims to prevent the sale or transfer of Americans' sensitive personal information and government-related data to adversarial countries including China and Russia. In addition to the executive order, the White House will propose regulations that prohibit companies from directly or indirectly transferring large amounts of certain types of data to so-called "Countries of concern" - China, Russia, North Korea, Iran, Cuba, and Venezuela - according to a senior administration official.

The U.S. Federal Trade Commission says Americans lost over $10 billion to scammers in 2023, marking a 14% increase in reported losses compared to the previous year. Imposter scams emerged as the most frequently reported fraud category, with notable upticks in business and government impersonation reports.

It finally admitted to buying bulk data on Americans from data brokers, in response to a query by Senator Weyden. This is almost certainly illegal, although the NSA maintains that it is legal until it's told otherwise.

For a country that prides itself on being free, America does seem to have an awful lot of spying going on, as the new Street Surveillance Hub from the Electronic Frontier Foundation shows. The Hub contains detailed breakdowns of the type of surveillance systems used, from bodycams to biometrics, predictive policing software to gunshot detection microphones and drone-equipped law enforcement.

Today, the U.S. Federal Trade Commission banned data broker Outlogic, formerly X-Mode Social, from selling Americans' raw location data that could be used for tracking purposes. Under the order released today, the first time data brokers were barred from sharing and selling users' sensitive location data, Outlogic must now delete all unlawfully collected sensitive location data, including any models or algorithms derived from this data.

First American Financial Corporation, the second-largest title insurance company in the United States, took some of its systems offline today to contain the impact of a cyberattack. "First American has experienced a cybersecurity incident," the company said in a statement published on a website dedicated to the cyberattack.