Category: Technology

SUPERBOWL CIPA SUNDAY: Does Samsung’s Website Chat Feature Violate CIPA?

Happy CIPA and Super Bowl Sunday TCPA World!

So, Samsung is under the spotlight with a new CIPA case brought by a self-proclaimed “tester.” You know like Rosa Parks?? Back to that in a bit.

The California Invasion of Privacy Act (“CIPA”) prohibits both wiretapping and eavesdropping of electronic communications without the consent of all parties to the communication. The Plaintiff’s bar is zoning in to CIPA with the Javier ruling.

If you recall, Javier found that “[T]hough written in terms of wiretapping, Section 631(a) applies to Internet communications. It makes liable anyone who ‘reads, or attempts to read, or to learn the contents’ of a communication ‘without the consent of all parties to the communication.’ Javier v. Assurance IQ, LLC, 2022 WL 1744107, at *1 (9th Cir. 2022).

Here, Plaintiff Garcia claims that Defendant both wiretaps the conversations of all website visitors and allows a third party to eavesdrop on the conversations in real time during transmission. Garcia v. Samsung Electronics America, Inc.

To enable the wiretapping, Plaintiff claims that Defendant has covertly embedded software code that functions as a device and contrivance into its website that automatically intercepts, records and creates transcripts of all conversations using the website chat feature.

To enable the eavesdropping, Defendant allows at least one independent third-party vendor to secretly intercept (during transmission and in real time), eavesdrop upon, and store transcripts of Defendant’s chat communications with unsuspecting website visitors – even when such conversations are private and deeply personal.

But Plaintiff currently proceeds in an individual action but if Samsung does not take appropriate steps to fully remedy the harm caused by its wrongful conduct, then Garcia will file an amended Complaint on behalf of a class of similarly aggrieved consumers.

Now back to Civil Rights.

According to this Complaint, Garcia is like Rosa Parks, you know, the civil rights activist. Why?

Well, because “Civil rights icon Rosa Parks was acting as a “tester” when she initiated the Montgomery Bus Boycott in 1955, as she voluntarily subjected herself to an illegal practice to obtain standing to challenge the practice in Court.”

Because Wiretapping and civil rights are similar right??

Disgusted.

The Plaintiff’s bar has no problem muddying the waters to appeal to the courts.

Do better.

CIPA is some dangerous stuff. Websites use chat features to engage with consumers all the time. It seems like it is easier to communicate via chat or text than to sit on a call waiting for an agent – assuming you get an agent. But maybe not?

Stay safe out there TCPA World!

Til next time Countess!! back to the game, GO EAGLES!!! #Phillyproud

Article By Jenniffer Cabrera of Troutman Firm

For more communications, media, and internet legal news, click here to visit the National Law Review.

© 2023 Troutman Firm

With the US Copyright Office (USCO) continuing their stance that protection only extends to human authorship, what will this mean for artificial intelligence (AI)-generated works — and artists — in the future?

Almost overnight, the limited field of Machine Learning and AI has become nearly as accessible to use as a search engine. Apps like Midjourney, Open AI, ChatGPT, and DALL-E 2, allow users to input a prompt into these systems and a bot will generate virtually whatever the user asks for. Microsoft recently announced its decision to make a multibillion-dollar investment in OpenAI, betting on the hottest technology in the industry to transform internet as we know it.[1]

However, with accessibility of this technology growing, questions of authorship and copyright ownership are rising as well. There remain multiple open questions, such as: who is the author of the work — the user, the bot, or the software that produces it? And where is this new generative technology pulling information from?

AI and Contested Copyrights

As groundbreaking as these products are, there has been ample backlash regarding copyright infringement and artistic expression. The stock image company, Getty Images, is suing Stability AI, an artificial intelligence art tool behind Stable Diffusion. Getty Images alleges that Stability AI did not seek out a license from Getty Images to train its system. Although the founder of Stability AI argues that art makes up 0.1% of the dataset and is only created when called by the user’s prompt. In contrast, Shutterstock, one of Getty Images largest competitors, has taken an alternative approach and instead partnered with Open AI with plans to compensate artists for their contributions.

Artists and image suppliers are not the only ones unhappy about the popularity of machine learning.  Creators of open-source code have targeted Microsoft and its subsidiary GitHub, along with OpenAI,  in a proposed class-action lawsuit. The lawsuit alleges that the creation of AI-powered coding assistant GitHub Copilot is relying on software piracy on an enormous scale. Further, the complaint claims that GitHub relies on copyrighted code with no attribution and no licenses. This could be the first class-action lawsuit challenging the training and output of AI systems. Whether artists, image companies, and open-source coders choose to embrace or fight the wave of machine learning,  the question of authorship and ownership is still up for debate.

The USCO made clear last year that the copyright act only applies to human authorship; however they have recently signaled that in 2023 the office will focus on the legal grey areas surrounding the copyrightability of works generated in conjunction with AI. The USCO denied multiple applications to protect AI authored works previously, stating that the “human authorship” element was lacking. In pointing to previous decisions, such as the 2018 decision that a monkey taking a selfie could not sue for copyright infringement, the USCO reiterated that “non-human expression is ineligible for copyright protection.” While the agency is standing by its conclusion that works cannot be registered if it is exclusively created by an AI, the office is considering the issue of copyright registration for works co-created by humans and AI.

Patent Complexities  

The US Patent and Trademark Office (USPTO) will have to rethink fundamental patent policies with the rise of sophisticated AI systems as well. As the USPTO has yet to speak on the issue, experts are speculating alternative routes that the office could choose to take: declaring AI inventions unpatentable, which could lead to disputes and hinder the incentive to promote innovation, or concluding that the use of AI should not render otherwise patentable inventions unpatentable, but would lead to complex questions of inventorship. The latter route would require the USPTO to rethink their existing framework of determining inventorship by who conceived the invention.

Takeaway

The degree of human involvement will likely determine whether an AI work can be protected by copyright, and potentially patents. Before incorporating this type of machine learning into your business practices, companies should carefully consider the extent of human input in the AI creation and whether the final work product will be protectable. For example:

  • An apparel company that uses generative AI to create a design for new fabric may not have a protectable copyright in the resulting fabric design.

  • An advertising agency that uses generative AI to develop advertising slogans and a pitch deck for a client may not be able to protect the client from freely utilizing the AI-created work product.

  • A game studio that uses generative AI to create scenes in a video game may not be able to prevent its unlicensed distribution.

  • A logo created for a business endeavor may not be protected unless there are substantial human alterations and input.

  • Code that is edited or created by AI may be able to be freely copied and replicated.

Although the philosophical debate is only beginning regarding what “makes” an artist, 2023 may be a uniquely litigious year defining the extent in which AI artwork is protectable under existing intellectual property laws.

FOOTNOTES

[1] https://www.cnn.com/2023/01/23/tech/microsoft-invests-chatgpt-openai/index.htmlhttps://www.nytimes.com/2023/01/12/technology/microsoft-openai-chatgpt.html

Article By Anthony V. Lupo and Dan Jasnow of ArentFox Schiff LLP

For more intellectual property legal news, click here to visit the National Law Review.

© 2023 ArentFox Schiff LLP

What’s New in 5G – February 2023

The next-generation of wireless technologies – known as 5G – is expected to revolutionize business and consumer connectivity, offering network speeds that are up to 100 times faster than 4G LTE, reducing latency to nearly zero, and allowing networks to handle 100 times the number of connected devices, enabling the “Internet of Things.”  Leading policymakers – federal regulators and legislators – are making it a top priority to ensure that the wireless industry has the tools it needs to maintain U.S. leadership in commercial 5G deployments.  This blog provides monthly updates on FCC actions and Congressional efforts to win the race to 5G.

Regulatory Actions and Initiatives

Spectrum

  • The FCC grants relief to a 600 MHz licensee serving Tribal Nations, giving it more time to complete and deploy its wireless network.

    • On January 4, 2023, the FCC’s Wireless Telecommunications Bureau (“WTB”) released an Order granting a third request by Pine Cellular Phones, Inc. (“Pine Cellular”) to extend its construction deadline for one of its 600 MHz licenses by one year from January 9, 2023 to January 9, 2024.  In 2019, Pine Cellular was a winning bidder in the Broadcast Incentive Auction (Auction No. 1002) of two 600 MHz licenses.  After the licenses were awarded, the FCC prohibited the use of funding from the Universal Service Fund for equipment and services deemed to pose a national security risk.  Pine Cellular planned to rely on that now-prohibited equipment to meet its construction requirement, but it has since been unable to acquire and install compliant equipment due, in part, to global supply chain issues.  The WTB granted Pine Cellular’s request because it recognized that the only way for Pine Cellular to fulfill its construction requirement is to remove and replace all prohibited equipment in its network and that termination of the license would not facilitate the provision of wireless broadband service, particularly to the Choctaw Nation, which is covered by Pine Cellular’s license.

  • The FCC grants additional licenses for spectrum in the 2.5 GHz band for commercial wireless services.

    • The WTB released a Public Notice on January 5, 2023, announcing the grant of four additional licenses for spectrum in the 2.5 GHz band, the auction for which concluded on August 29, 2022.  A list of the licenses, sorted by licensee, is available here.  And list of the same licenses, sorted by market, is available here.

  • The FCC takes further action to enable commercial operations through spectrum sharing in the 3.5 GHz band.

    • On January 10, 2023, the WTB and Office of Engineering and Technology (“OET”) released a Public Notice approving the new Environmental Sensing Capability (“ESC”) sensor deployment and coverage plans of Federated Wireless in the 3.5 GHz band.  Federated Wireless is now authorized to operate its ESC sensors to protect federal incumbents in Alaska and must, among other things, operate in conjunction with at least one Spectrum Access System (“SAS”), which manages non-federal access to the 3.5 GHz band, that has been approved for commercial deployment.

    • In addition, the WTB and OET released a Public Notice on January 12, 2023, certifying that the SAS operated by RED Technologies SAS (“RED”) has satisfied the FCC’s testing requirements and been approved to begin its initial commercial deployment (“ICD”), subject to certain conditions.  After RED operates its ICD, it is required to submit a report, and assuming that the report is satisfactory, RED will then receive authorization to operate for a five-year term.

  • The FCC revises its framework for making public safety spectrum in the 4.9 GHz band available for commercial wireless services.

    • On January 18, 2023, the FCC released an Order and Further Notice of Proposed Rulemaking establishing rules that provide for a nationwide Band Manager for public safety operations in the 4940-4990 MHz (“4.9 GHz”) band.  The Order replaces the previous framework for the 4.9 GHz band, which allowed states to lease the spectrum to third parties, including commercial entities, through a designated statewide lessor.  The new framework will allow the Band Manager to coordinate all use of the spectrum nationwide, including by making it available for secondary, non-public safety use – such as commercial 5G wireless services – by allowing non-public safety entities to lease unused 4.9 GHz band spectrum.  The Further Notice seeks comment on implementing the new leasing framework and selecting the Band Manager.  Comments and reply comments on the Further Notice will be due 30 days and 60 days, respectively, after publication in the Federal Register.

Other Agency Actions

  • The Federal Aviation Administration proposes requirements to help foster coexistence between 5G operations in the C-band and aircraft relying on radio altimeters.

    • On January 22, 2023, a Notice of Proposed Rulemaking issued by the Federal Aviation Administration (“FAA”) was published in the Federal Register.  The Notice proposes to update the FAA’s existing Airworthiness Directive (“AD”) regarding the coexistence of licensees of spectrum in the 3.7-4.2 GHz band (“C-band”) and radio altimeters.  Specifically, the FAA proposes interference tolerance requirements for radio altimeters and requirements that all aircraft operating under its rules meet power spectral density requirements to operate in the contiguous U.S. after February 2, 2024.  The FAA has determined that radio altimeter tolerant airplanes will not experience unsafe conditions at any airport identified by the FAA as a 5G market.  It has also determined that any 5G C-band provider that maintains the mitigated actions, which are based on the power levels to which Verizon and AT&T previously agreed, will not have an effect on the safety of transport and commuter airplanes with radio altimeters that meet the interference tolerance requirements.  The FAA will assess changes in the agreed-upon power levels.  Comments on the FAA’s proposals are due February 10, 2023.

  • The Department of Defense seeks comment on developing a spectrum roadmap.

    • On January 4, 2023, the Department of Defense (“DoD”) released a Request for Information seeking input to support the development of a Next-Generation Electromagnetic Spectrum Strategic Roadmap, which Congress requested of DoD in a June 2022 letter.  Among other things, DoD requests input on its ability to use commercial systems for its operations and spectrum sharing.  The deadline for providing input is February 10, 2023 at 2:00 pm ET.

5G Networks and Equipment

  • The FCC reminds rip-and-replace funding recipients of their reporting obligations.

    • On January 11, 2023, the FCC’s Wireline Competition Bureau released a Public Notice reminding parties that receive funding from the FCC’s Reimbursement Program to remove and replace equipment that poses a national security risk of their obligation to file their Reimbursement Program spending reports.  The spending reports, which, among other things, must include a detailed accounting of the covered equipment and services that have been removed and replaced, are due by February 10, 2023.

Article By Angela Y. Kung and Christen B’anca Glenn of Mintz

For more data privacy and cybersecurity legal news, click here to visit the National Law Review.

©1994-2023 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.

University of Texas at Austin Permanently Blocks TikTok on Network

On Tuesday, January 17, 2023, the University of Texas at Austin announced that it has blocked TikTok access across the university’s networks. According to the announcement to its users, “You are no longer able to access TikTok on any device if you are connected to the university via its wired or WIFI networks.” The measure was in response to Governor Greg Abbott’s December 7, 2022, directive to all state agencies to eliminate TikTok from state networks. Following the directive, the University removed TikTok from university-issued devices, including cell phones, laptops and work stations.

Copyright © 2023 Robinson & Cole LLP. All rights reserved.

For  more Cybersecurity Legal News, click here to visit the National Law Review.

Artists Are Selling AI-Generated Images of Mickey Mouse to Provoke a Test Case

Several artists, frustrated with Artificially Intelligent (AI) image generators skirting copyright laws, are using similar image generators to produce images of Mickey Mouse and other copyrighted characters to challenge the current legal status of AI art. While an artist’s copyright in a work typically vests at the moment of fixation, including the right to prosecute copyright violation, AI-generated work complicates the issue by removing humans from the creative process. Courts have ruled that AI cannot hold copyright, which by corollary also means that AI-generated art sits in the public domain. This legal loophole has angered many professional artists whose art is used to train the AI. Many AI generators, such as Dall-E 2 and Midjourney, can render pieces in the style of a human artist, effectively automating the artist’s job.

Given Disney’s reputation for vigorously defending its intellectual property, these artists hope that monetizing these public-domain AI Mickeys on mugs and T-shirts will prompt a lawsuit. Ironically, provoking and losing a case in this vein may set a favorable precedent for the independent artist community. As AI becomes more advanced, society will likely need to address how increasingly intelligent and powerful AI can complicate and undermine existing law.

Blair Robinson also contributed to this article.

For more Intellectual Property Legal News, click here to visit the National Law Review.

Ankura CTIX FLASH Update – January 3, 2023

Malware Activity

Louisiana’s Largest Medical Complex Discloses Data Breach Associated to October Attack

On December 23rd, 2022, the Lake Charles Memorial Health System (LCMHS) began sending out notifications regarding a newly discovered data breach that is currently impacting approximately 270,000 patients. LCMHS is the largest medical complex in Lake Charles, Louisiana, which contains multiple hospitals and a primary care clinic. The organization discovered unusual activity on their network on October 21, 2022, and determined on October 25, 2022, that an unauthorized actor gained access to the organization’s network as well as “accessed or obtained certain files from [their] systems.” The LCMHS notice listed the following patient information as exposed: patient names, addresses, dates of birth, medical record or patient identification numbers, health insurance information, payment information, limited clinical information regarding received care, and Social Security numbers (SSNs) in limited instances. While LCMHS has yet to confirm the unauthorized actor responsible for the data breach, the Hive ransomware group listed the organization on their data leak site on November 15, 2022, as well as posted files allegedly exfiltrated after breaching the LCMHS network. The posted files contained “bills of materials, cards, contracts, medical info, papers, medical records, scans, residents, and more.” It is not unusual for Hive to claim responsibility for the associated attack as the threat group has previously targeted hospitals/healthcare organizations. CTIX analysts will continue to monitor the Hive ransomware group into 2023 and provide updates on the Lake Charles Memorial Health System data breach as necessary.

Threat Actor Activity

Kimsuky Threat Actors Target South Korean Policy Experts in New Campaign

Threat actors from the North Korean-backed Kimsuky group recently launched a phishing campaign targeting policy experts throughout South Korea. Kimsuky is a well-aged threat organization that has been in operation since 2013, primarily conducting cyber espionage and occasional financially motivated attacks. Aiming their attacks consistently at entities of South Korea, the group often targets academics, think tanks, and organizations relating to inter-Korea relations. In this recent campaign, Kimsuky threat actors distributed spear-phishing emails to several well-known South Korean policy experts. Within these emails, either an embedded website URL or an attachment was present, both executing malicious code to download malware to the compromised machine. One (1) tactic the threat actors utilized was distributing emails through hacked servers, masking the origin IP address(es). In total, of the 300 hacked servers, eighty-seven (87) of them were located throughout North Korea, with the others from around the globe. This type of social engineering attack is not new for the threat group as similar instances have occurred over the past decade. In January 2022, Kimsuky actors mimicked activities of researchers and think tanks in order to harvest intelligence from associated sources. CTIX continues to urge users to validate the integrity of email correspondence prior to visiting any embedded emails or downloading any attachments to lessen the risk of threat actor compromise.

Vulnerabilities

Netgear Patches Critical Vulnerability Leading to Arbitrary Code Execution

Network device manufacturer Netgear has just patched a high-severity vulnerability impacting multiple WiFi router models. The flaw, tracked as CVE-2022-48196, is described as a pre-authentication buffer overflow security vulnerability, which, if exploited, could allow threat actors to carry out a number of malicious activities. These activities include stealing sensitive information, creating Denial-of-Service (DoS) conditions, as well as downloading malware and executing arbitrary code. In past attacks, threat actors have utilized this type of vulnerability as an initial access vector by which they pivot to other parts of the network. Currently, there is very little technical information regarding the vulnerability and Netgear is temporarily withholding the details to allow as many of their users to update their vulnerable devices to the latest secure firmware. Netgear stated that this is a very low-complexity attack, meaning that unsophisticated attackers may be able to successfully exploit a device. CTIX analysts urge Netgear users with any of the vulnerable devices listed in Netgear’s advisory to patch their device immediately.

For more cybersecurity news, click here to visit the National Law Review.

Copyright © 2023 Ankura Consulting Group, LLC. All rights reserved.

Nineteen States Have Banned TikTok on Government-Issued Devices

Governors of numerous states have issued Executive Orders in the past several weeks banning TikTok from government-issued devices and many have already implemented a ban, with others considering similar measures. There is also bi-partisan support of a ban in the Senate, which unanimously approved a bill last week that would ban the app from devices issued by federal agencies. There is already a ban prohibiting military personnel from downloading the app on government-issued devices.

The bans are in response to the national security concerns that TikTok poses to U.S. citizens [View related posts].

To date, 19 states have issued some sort of ban on the use of TikTok on government-issued devices, including some Executive Orders banning the use of TikTok statewide on all government-issued devices. Other state officials have implemented a ban within an individual state department, such as the Louisiana Secretary of State’s Office. In 2020, Nebraska was the first state to issue a ban. Other states that have banned TikTok use in some way are: South Dakota, North Dakota, Maryland, South Carolina, Texas, New Hampshire, Utah, Louisiana, West Virginia, Georgia, Oklahoma, Idaho, Iowa, Tennessee, Alabama, Virginia, and Montana.

Indiana’s Attorney General filed suit against TikTok alleging that the app collects and uses individuals’ sensitive and personal information, but deceives consumers into believing that the information is secure. We anticipate that both the federal government and additional state governments will continue to assess the risk and issue bans on its use in the next few weeks.

Copyright © 2022 Robinson & Cole LLP. All rights reserved.
For more Cybersecurity Legal News, click here to visit the National Law Review.

Office of Science and Technology Policy Requests Public Input on Biotechnology Regulation

  • The Office of Science and Technology Policy (OSTP) issued a request for information (RFI) today in which it invites public comment on the Coordinated Framework for the Regulation of Biotechnology (the “Coordinated Framework”).
  • The Coordinated Framework, which is a Federal regulatory policy for ensuring the safety of biotechnology products, was first issued in 1986, updated in 1992— to affirm that federal regulation should focus on characteristics of the product and the environment into which it being introduced, and not on the process by which it is produced—and then updated again in 2017 to clarify the roles of EPA, FDA, and USDA. And, in September of this year, Executive Order 14081 directed the three agencies to clarify and streamline regulations to support the safe of use of biotechnology products.
  • Accordingly, the RFI requests comment on seven questions related to the Coordinated Framework. The questions include a request for comment on identification of any regulatory gaps, inefficiencies, or uncertainties; data or information to improve any identified issues; and new or emerging biotechnology products that the agencies should be prepared to address. Comments to the RFI are due by February 3, 2023. Also, on January 12, 2023, OTSP will host a virtual event in which it will listen to public feedback on the RFI.

Article By Food and Drug Law at Keller and Heckman

For more food, drug, and biotechnology legal news, click here to visit the National Law Review.

© 2022 Keller and Heckman LLP

Ankura CTIX FLASH Update – December 13, 2022

Malware Activity

Uber Discloses New Data Breach Related to Third-Party Vendor

Uber has disclosed a new data breach that is related to the security breach of Teqtivity, a third-party vendor that Uber uses for asset management and tracking services. A threat actor named “UberLeaks” began leaking allegedly stolen data from Uber and Uber Eats on December 10, 2022, on a hacking forum. The exposed data includes Windows domain login names and email addresses, corporate reports, IT asset management information, data destruction reports, multiple archives of apparent source code associated with mobile device management (MDM) platforms, and more. One document in particular contained over 77,000 Uber employee email addresses and Windows Active Directory information. UberLeaks posted the alleged stolen information in four (4) separate postings regarding Uber MDM, Uber Eats MDM, Teqtivity MDM, and TripActions MDM platforms. The actor included one (1) member of the Lapsus$ threat group in each post, but Uber confirmed that Lapsus$ is not related to this December breach despite being previously linked to the company’s cyberattack in September 2022. Uber confirmed that this breach is not related to the security incident that took place in September and that the code identified is not owned by Uber. Teqtivity published a data breach notification on December 12, 2022, that stated the company is aware of “customer data that was compromised due to unauthorized access to our systems by a malicious third party” and that the third-party obtained access to its AWS backup server that housed company code and data files. Teqtivity also noted that its ongoing investigation identified the following exposed information: first name, last name, work email address, work location details, device serial number, device make, device model, and technical specs. The company confirmed that home address, banking information, and government identification numbers are not collected or retained. Uber and Teqtivity are both in the midst of ongoing investigations into this data breach. CTIX analysts will provide updates on the matter once available.

Threat Actor Activity

PLAY Ransomware Claims Responsibility for Antwerp Cyberattack

After last week’s ransomware attack on the city of Antwerp, a threat organization has claimed responsibility and has begun making demands. The threat group, tracked as PLAY ransomware, is an up-and-coming ransomware operation that has been posting leaked information since November 2022, according to an available posting on their leak site. Samples of the threat group’s ransomware variants have shown activity dating back to June 2022, which is around the time PLAY ransomware targeted the Argentina Court of Cordoba (August). While PLAY’s ransomware attack crippled several sectors of Antwerp, it appears to have had a significant impact on residential facilities throughout the city, as stated by officials. According to PLAY NEWS, PLAY’s ransomware leak site, the publication date for the exfiltrated data is Monday, December 19, 2022, if the undisclosed ransom is not paid. PLAY threat actors claim to have 557 gigabytes (GB) worth of Antwerp-related data including but not limited to personal identifiable information, passports, identification cards, and financial documents. CTIX continues to monitor the developing situation and will provide additional updates as more information is released.

Vulnerabilities

Fortinet Patches Critical RCE Vulnerability in FortiOS SSL-VPN Products

After observing active exploitation attempts in-the-wild, the network security solutions manufacturer Fortinet has patched a critical vulnerability affecting their FortiOS SSL-VPN products. The flaw, tracked as CVE-2022-42475, was given a CVSS score of 9.3/10 and is a heap-based buffer overflow, which could allow unauthenticated attackers to perform arbitrary remote code execution (RCE) if successfully exploited. Specifically, the vulnerability exists within the FortiOS sslvpnd product, which enables individual users to safely access an organization’s network, client-server applications, and internal network utilities and directories without the need for specialized software. The vulnerability was first discovered by researchers from the French cybersecurity firm Olympe Cyberdefense who warned users to monitor their logs for suspicious activity until a patch was released. Although very few technical details about the exploitation have been divulged, Fortinet did share lists of suspicious artifacts and IPs. Based on research by Ankura CTIX analysts, the IPs released by Fortinet are located around the globe and are not associated with known threat actors at this time. To prevent exploitation, all Fortinet administrators leveraging FortiOS sslvpnd should ensure that they download and install the latest patch. If organizations cannot immediately patch their systems due to the business interruption it would cause, Olympe Cyberdefense suggests “customers monitor logs, disable the VPN-SSL functionality, and create access rules to limit connections from specific IP addresses.” A list of the affected products and their solutions, as well as the indicators of compromise can be found in the Fortinet advisory linked below.

The semi-weekly Ankura Cyber Threat Investigations and Expert Services (CTIX) FLASH Update is designed to provide timely and relevant cyber intelligence pertaining to current or emerging cyber events. The preceding is a collection of cyber threat intelligence leads assembled over the past few days and typically includes high level intelligence pertaining to recent threat group/actor activity and newly identified vulnerabilities impacting a wide range of industries and victims. 

Article By Ankura Cyber Threat Investigations and Expert Services

For more cybersecurity legal news, click here to visit the National Law Review.

Copyright © 2022 Ankura Consulting Group, LLC. All rights reserved.

Easy Ways to Build Your Professional Brand

Whether or not you realize it, you have a professional brand, and it’s up to you to maximize and leverage it.

Every day, people are searching for you online. They may go to your web bio, but more than likely, they’re probably going to LinkedIn as well to check you out.

LinkedIn paints a much more robust picture of you and your professional background than your web site bio because it enables you to showcase your entire professional history and body of work.

Think of LinkedIn as your own mini website and blog.

So LinkedIn is a huge part of managing your brand. It would be very wise to focus on building your presence on LinkedIn, and it is free.

Also, Googling yourself regularly and setting up Google alerts to make sure that you’re aware of what’s being said about you, and manage your online reputation.

Speaking engagements can be incredibly powerful to underscore your subject matter expertise and stay top of mind with those who need someone like you. If you feel uncomfortable doing them live, do webinars.

There is a ripple effect with speaking engagements, which is that you likely will get asked to do another speaking engagement when people see that you are on the speaking circuit and that you are good at it.

Not everyone is comfortable being on video like I am, but that’s also an option. A podcast is another great way to build your brand, make strong relationships and you don’t have to be on camera.

There’s a lot of other things you can do, such as writing articles, blog posts, client alerts, email blasts and email newsletters – these are all great ways to showcase your thought leadership expertise and stay top of mind with your clients, prospects and referral sources.

There’s also trade association memberships and committee involvement – they are an effective way to get to know people in your industry, as long as you’re going to commit to them, because the worst thing you can do is to not do a good job on these committees.

You don’t have to do all of these things, or several of them at once, and you should only do the ones that you like to do because you will be more successful at them.

A Word About Self Confidence

Don’t let anyone else dim your light, most of all you.

It’s time to build your confidence about posting on LinkedIn and showing up in other kinds of marketing. We each have value to provide to others and we need to believe that.

Every time I post I get nervous about how it will be received, especially posting videos.

But we all over estimate the extent to which others are thinking about us because guess what? They’re thinking about themselves way more. So stop worrying about what everyone else thinks!

You won’t be everyone’s cup of tea and that’s okay.

The right people will gravitate toward you and appreciate your posts even if they don’t tell you or actually post a like on your content.

I keep posting because I believe in my posts and I’m coming from a place of genuineness. Trying to help people is enough for me to keep showing up and posting.

So believe in yourself and silence the naysayers and that negative voice that you have about yourself. Each of us has an inner critic and if we’re not careful, we can start to believe what it has to say. Your success on LinkedIn and elsewhere depends on your ability to silence your inner critic.

Don’t let other people (or yourself) dim your light and be YOU. That’s your superpower.

How do you find the confidence to show up on LinkedIn and in other places?

Article By Stefanie M. Marrone of Stefanie Marrone Consulting

For more legal marketing news, click here to visit the National Law Review.

Copyright © 2022, Stefanie M. Marrone. All Rights Reserved.