Cyber Security Today, Feb. 2, 2024 – AI fakes are making trouble for facial recognition logins, and more

Share post:

AI fakes are making trouble for facial recognition logins, and more.

Welcome to Cyber Security Today. It’s Friday, February 2nd, 2024. I’m Howard Solomon, contributing reporter on cybersecurity for and in the U.S.


Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

 AI-generated fake biometric images are so good that in two years many firms won’t accept facial recognition alone for identity verification and authentication. That’s the conclusion of researchers at Gartner. Some organizations allow facial scanning for logging into applications. But deepfake images are becoming so good that by 2026 30 per cent of firms will insist on a second factor or more for those wanting to log in through facial recognition. Current security technologies aren’t good enough to spot good fake images. Gartner says CISOs should choose identity authentication vendors that show they can handle these new types of attacks.

The recent discovery of vulnerabilities in Ivanti Connect Secure and Policy Secure gateways is so serious that American government agencies have been told to disconnect the devices from their networks by midnight tonight. To bring those devices back online a complete reset is required as well as upgrading to the latest device software. After that the admin and user passwords and API keys have to be reset. Departments must also assume the domain account associated with the devices has been compromised and take action by March 1st. In addition, government agencies have to continue hunting for compromises on any IT systems that were recently connected to Invanti devices.

Researchers at Cado Security have discovered another threat group going after poorly-protected Docker containers. The Commando Cat cryptojacking campaign leverages compromised Docker instances as an initial vector. Then the service is used to run a number of payloads that steal credentials for cloud services like Amazon AWS and Microsoft Azure, and install a cryptocurrency miner. The report says the attacker targets exposed Docker API endpoints, so administrators have to make sure these parts of containers are well protected.

Finally, poor digital hygiene of key IT and network employees is putting carriers and companies in Europe, Asia, Africa and Latin America at risk. That’s the conclusion of researchers at Resecurity. Several threat actors on the dark web are selling over 1,500 login credentials of telecom network administrators and engineers from a number of providers, the researchers say. Probably these are hackers who picked up on the recent successful hack of the internet registry login credentials of an employee of Spain’s Orange Espagne. That apparently prompted hackers to look for other telecom employees who don’t have multifactor authentication on their internet registry login accounts. A threat actor with internet registry control over a telecom provider can do nasty things. IT leaders be warned: Staff who have login privileges to their organization’s internet registry account must enable multifactor authentication or risk losing access to the account.

Later today the Week in Review podcast will be out. David Shipley of Beaceron Security and I will discuss the FBI warnings on China’s cyber threat, hacks at 23andMe and Microsoft, an attack on a Canadian government email system and more.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, Feb. 2, 2024 – AI fakes are making trouble for facial recognition logins, and more first appeared on IT World Canada.
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs


Related articles

Hashtag Trending Feb.28- OpenAI says New York Times hacked ChatGPT; Apple cancels plans to release electric car; Your Voice is Power teaches indigenous youth...

Sponsor: Hashtag Trending is sponsored by (Spell). The founder is a big supporter of our podcast and is not only a sponsor but he has offered to provide $20,000 in Azure credits for two to three of our listeners who have a unique idea for an Azure based project. The credits can be applied

Russian threat actor expanding its target list, warns Five Eyes report

APT29 is increasingly going after cloud services in mo

Canada’s privacy watchdog investigating hack at Global Affairs

Inquiry will look into adequacy of data safeguards at the federal

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways