AI fakes are making trouble for facial recognition logins, and more.
Welcome to Cyber Security Today. It’s Friday, February 2nd, 2024. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
AI-generated fake biometric images are so good that in two years many firms won’t accept facial recognition alone for identity verification and authentication. That’s the conclusion of researchers at Gartner. Some organizations allow facial scanning for logging into applications. But deepfake images are becoming so good that by 2026 30 per cent of firms will insist on a second factor or more for those wanting to log in through facial recognition. Current security technologies aren’t good enough to spot good fake images. Gartner says CISOs should choose identity authentication vendors that show they can handle these new types of attacks.
The recent discovery of vulnerabilities in Ivanti Connect Secure and Policy Secure gateways is so serious that American government agencies have been told to disconnect the devices from their networks by midnight tonight. To bring those devices back online a complete reset is required as well as upgrading to the latest device software. After that the admin and user passwords and API keys have to be reset. Departments must also assume the domain account associated with the devices has been compromised and take action by March 1st. In addition, government agencies have to continue hunting for compromises on any IT systems that were recently connected to Invanti devices.
Researchers at Cado Security have discovered another threat group going after poorly-protected Docker containers. The Commando Cat cryptojacking campaign leverages compromised Docker instances as an initial vector. Then the service is used to run a number of payloads that steal credentials for cloud services like Amazon AWS and Microsoft Azure, and install a cryptocurrency miner. The report says the attacker targets exposed Docker API endpoints, so administrators have to make sure these parts of containers are well protected.
Finally, poor digital hygiene of key IT and network employees is putting carriers and companies in Europe, Asia, Africa and Latin America at risk. That’s the conclusion of researchers at Resecurity. Several threat actors on the dark web are selling over 1,500 login credentials of telecom network administrators and engineers from a number of providers, the researchers say. Probably these are hackers who picked up on the recent successful hack of the internet registry login credentials of an employee of Spain’s Orange Espagne. That apparently prompted hackers to look for other telecom employees who don’t have multifactor authentication on their internet registry login accounts. A threat actor with internet registry control over a telecom provider can do nasty things. IT leaders be warned: Staff who have login privileges to their organization’s internet registry account must enable multifactor authentication or risk losing access to the account.
Later today the Week in Review podcast will be out. David Shipley of Beaceron Security and I will discuss the FBI warnings on China’s cyber threat, hacks at 23andMe and Microsoft, an attack on a Canadian government email system and more.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.