Catch up quick

@ D.C.

🇨🇳 China-backed hackers have breached the Committee on Foreign Investment in the United States, a Treasury Department office that reviews foreign investments for national security risks. (CNN)

✍🏻 A new Biden cybersecurity executive order, likely to be signed next week, will focus on how agencies procure security tools and how they vet the tools they're using, according to a draft copy. (Nextgov)

⭐️ Some internet-connected products will soon come with the equivalent of an Energy Star label that measures cybersecurity. (NBC News)

@ Industry

🙉 Apple said in a statement that it has never used Siri data to build marketing profiles and has never made that data available to advertisers after the company agreed to settle a lawsuit about the voice assistant. (The Verge)

☁️ Wiz tapped Fazal Merchant as its president and chief financial officer as the cloud security startup prepares for its IPO. (Reuters)

⌚️ More AI wearables are embedding microphones that are always on and listening for queues from the wearers, raising privacy concerns. (Wired)

@ Hackers and hacks

⚠️ Hackers are actively exploiting a critical security flaw in Ivanti's Connect Secure, Policy Secure and ZTA Gateways products, each of which is widely used across U.S. government agencies. (CyberScoop)

🗺️ Thousands of the world's most popular apps, including Candy Crush and Tinder, are likely co-opted as part of a hack of location data company Gravy Analytics. (404 Media)

🚌 PowerSchool — an ed tech company — told customers that hackers have stolen personal data about students and teachers in K-12 school districts across the U.S. (TechCrunch)