Cyber Security Today, Feb. 2, 2024 – AI fakes are making trouble for facial recognition logins, and more

AI fakes are making trouble for facial recognition logins, and more.

Welcome to Cyber Security Today. It’s Friday, February 2nd, 2024. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

US

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

 AI-generated fake biometric images are so good that in two years many firms won’t accept facial recognition alone for identity verification and authentication. That’s the conclusion of researchers at Gartner. Some organizations allow facial scanning for logging into applications. But deepfake images are becoming so good that by 2026 30 per cent of firms will insist on a second factor or more for those wanting to log in through facial recognition. Current security technologies aren’t good enough to spot good fake images. Gartner says CISOs should choose identity authentication vendors that show they can handle these new types of attacks.

The recent discovery of vulnerabilities in Ivanti Connect Secure and Policy Secure gateways is so serious that American government agencies have been told to disconnect the devices from their networks by midnight tonight. To bring those devices back online a complete reset is required as well as upgrading to the latest device software. After that the admin and user passwords and API keys have to be reset. Departments must also assume the domain account associated with the devices has been compromised and take action by March 1st. In addition, government agencies have to continue hunting for compromises on any IT systems that were recently connected to Invanti devices.

Researchers at Cado Security have discovered another threat group going after poorly-protected Docker containers. The Commando Cat cryptojacking campaign leverages compromised Docker instances as an initial vector. Then the service is used to run a number of payloads that steal credentials for cloud services like Amazon AWS and Microsoft Azure, and install a cryptocurrency miner. The report says the attacker targets exposed Docker API endpoints, so administrators have to make sure these parts of containers are well protected.

Finally, poor digital hygiene of key IT and network employees is putting carriers and companies in Europe, Asia, Africa and Latin America at risk. That’s the conclusion of researchers at Resecurity. Several threat actors on the dark web are selling over 1,500 login credentials of telecom network administrators and engineers from a number of providers, the researchers say. Probably these are hackers who picked up on the recent successful hack of the internet registry login credentials of an employee of Spain’s Orange Espagne. That apparently prompted hackers to look for other telecom employees who don’t have multifactor authentication on their internet registry login accounts. A threat actor with internet registry control over a telecom provider can do nasty things. IT leaders be warned: Staff who have login privileges to their organization’s internet registry account must enable multifactor authentication or risk losing access to the account.

Later today the Week in Review podcast will be out. David Shipley of Beaceron Security and I will discuss the FBI warnings on China’s cyber threat, hacks at 23andMe and Microsoft, an attack on a Canadian government email system and more.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Sponsored By:

Cyber Security Today Podcast