{"id":22663,"date":"2022-05-11T08:36:12","date_gmt":"2022-05-11T12:36:12","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=483680"},"modified":"2022-05-16T11:52:50","modified_gmt":"2022-05-16T15:52:50","slug":"cyber-security-today-may-11-2022-f5-big-ip-devices-under-attack-a-proposed-settlement-on-a-clearview-ai-lawsuit-and-colonial-pipeline-may-be-fined","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-may-11-2022-f5-big-ip-devices-under-attack-a-proposed-settlement-on-a-clearview-ai-lawsuit-and-colonial-pipeline-may-be-fined\/","title":{"rendered":"Cyber Security Today, May 11, 2022 \u2013 F5 BIG-IP devices under attack, a proposed settlement on a Clearview AI lawsuit and Colonial Pipeline may be fined"},"content":{"rendered":"<p>F5 BIG-IP devices under attack, a proposed settlement on a Clearview AI lawsuit and Colonial Pipeline may be fined.<\/p>\n<p>Welcome to Cyber Security Today. It\u2019s Wednesday May 11th, 2022. I\u2019m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.<\/p>\n<p><iframe style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/23067365\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\"><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\"><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\"><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<p><strong>Last Friday<\/strong> I reported that a serious vulnerability had been found in F5 Network\u2019s BIG-IP network security devices that need patching. This week security researchers said threat actors are already trying to exploit appliances that aren\u2019t fixed and are open to the internet. <a href=\"https:\/\/www.randori.com\/blog\/vulnerability-analysis-cve-2022-1388\/\" rel=\"noopener\">According to researchers at Randori<\/a>, hackers can gain access to devices by bypassing authentication processes if their management interfaces are publicly available. Usually that\u2019s not the way these devices are set up. However, administrators of BIG-IP devices should install the patch and make sure these devices aren\u2019t open to the internet.<\/p>\n<p><strong>The European Union<\/strong> <a href=\"https:\/\/www.consilium.europa.eu\/ro\/press\/press-releases\/2022\/05\/10\/russian-cyber-operations-against-ukraine-declaration-by-the-high-representative-on-behalf-of-the-european-union\/\" rel=\"noopener\">has formally accused Russia<\/a> of an unprovoked cyberattack on Viasat\u2019s internet satellite network an hour before its invasion of Ukraine. The malware damaged thousand of modems used by subscribers in a number of countries, including Ukraine. This unacceptable cyberattack is yet another example of Russia\u2019s continued pattern of irresponsible behaviour in cyberspace, the EU said. It also demanded Russia stop the war.<\/p>\n<p><strong>Companies in the United States<\/strong> won\u2019t be able to buy access to the database of billions of faces collected by facial recognition software provider Clearview AI. <a href=\"https:\/\/www.aclu.org\/press-releases\/big-win-settlement-ensures-clearview-ai-complies-with-groundbreaking-illinois\" rel=\"noopener\">That\u2019s according to a proposed settlement<\/a> with civic groups including the American Civil Liberties Union. They sued Clearview AI for allegedly violating the state\u2019s Biometric Information Privacy Act. Also as part of the proposed settlement Clearview won\u2019t be able to sell access to it\u2019s facial recognition service to any entity in Illinois for five years, including police forces. Clearview AI has been criticized around the world for scraping images of people from the internet and using them in its facial recognition software. Privacy commissioners in Canada have ruled collecting images without consent violates Canadian privacy laws. Clearview AI is fighting that ruling in court. The Illinois settlement, if approved by a court, would still allow Clearview to sell is facial recognition service to American police forces outside Illinois.<\/p>\n<p><strong>Also in Illinois<\/strong>, Lincoln College<a href=\"https:\/\/lincolncollege.edu\/\" rel=\"noopener\"> said it will close this Friday,<\/a> the result of the combined impact of the pandemic and a cyberattack. The pandemic cut recruitment, fundraising and enrollment. The college then had to spend heavily on technology. Then in December a ransomware attack shut IT systems needed for student recruitment, retention and fundraising. When systems were restored in March projections showed enrollment would be so low in the fall the college didn\u2019t have enough money to survive.<\/p>\n<p><strong>A detailed incident response plan<\/strong> covering all possibilities is essential for surviving a cyber attack. The American oil company Colonial Pipeline had one, but it wasn\u2019t as prepared as it thought it was for last year\u2019s ransomware attack. Now it faces the possibility of an $850,000 fine. <a href=\"https:\/\/www.scmagazine.com\/analysis\/ransomware\/us-proposes-1-million-fine-for-colonial-pipeline-ransomware-attack\" rel=\"noopener\">That\u2019s what the U.S. Department of Transportation wants to levy<\/a> because Colonial didn\u2019t have a plan for dealing with a loss of internal email or voice communications for manually running the pipeline. As a result, after it had to shut the IT systems because of the cyberattack Colonial wasn\u2019t prepared to manually restart operation of the pipeline. American regulations require pipeline companies to have a tested and verified internal communications plan.<\/p>\n<p><a href=\"https:\/\/www.nokia.com\/about-us\/news\/releases\/2022\/05\/09\/nokia-launches-groundbreaking-cybersecurity-focused-testing-lab-in-the-us\/\" rel=\"noopener\"><strong>Nokia is opening<\/strong> <\/a>a cybersecurity testing lab in Dallas to learn ways of preventing attacks on 5G networks, software and hardware. The knowledge will be used by Nokia telecom equipment, enterprise and government customers. In Canada, Bell and Telus are Nokia 5G customers. In the U.S. carriers include Verizon and AT&amp;T.<\/p>\n<p><strong>Finally,<\/strong> yesterday was the monthly Patch Tuesday for Microsoft, Adobe and other software manufacturers. Make sure your systems have the latest security updates. One of the Windows patches covers a Network File System vulnerability that touches all Windows servers. Another fixes a vulnerability in Windows Server 2008 for x64-based systems running Service Pack 2. Adobe issued patches for Framemaker, InCopy, InDesign and ColdFusion. SAP released 17 new and updated SAP Security Notes, including four HotNews notes and two High Priority notes.<\/p>\n<p>Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.<\/p>\n<p>The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-may-11-2022-f5-big-ip-devices-under-attack-a-proposed-settlement-on-a-clearview-ai-lawsuit-and-colonial-pipeline-may-be-fined\/483680\">Cyber Security Today, May 11, 2022 \u2013 F5 BIG-IP devices under attack, a proposed settlement on a Clearview AI lawsuit and Colonial Pipeline may be fined<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Today&#8217;s podcast reports on the need to patch F5 BIG-IP devices , a proposed settlement on a Clearview AI lawsuit would limit some sales of its facial recognition software and Colonial Pipeline may be fined for its response after ransomware attack<\/p>\n<p>The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-may-11-2022-f5-big-ip-devices-under-attack-a-proposed-settlement-on-a-clearview-ai-lawsuit-and-colonial-pipeline-may-be-fined\/483680\">Cyber Security Today, May 11, 2022 \u2013 F5 BIG-IP devices under attack, a proposed settlement on a Clearview AI lawsuit and Colonial Pipeline may be fined<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"author":17,"featured_media":20700,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389],"class_list":["post-22663","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-podcasts","category-security","tag-cyber-security-today"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/22663","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=22663"}],"version-history":[{"count":3,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/22663\/revisions"}],"predecessor-version":[{"id":22863,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/22663\/revisions\/22863"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media\/20700"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=22663"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=22663"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=22663"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}