Threat Brief
OpenSSH now supports FIDO U2F security keys for 2-factor authentication "FIDO tokens are most commonly connected via USB but may be attached via other means such as Bluetooth or NFC. In OpenSSH, communication with the token is managed via a middleware library." This is big news since this will make it much harder for account take overs. Now the servers will be protected from access if you keys get leaked they will still need the 2FA to gain access to server. https://thehackernews.com/2020/02/openssh-fido-security-keys.html Iranian APT group hacks a VPN server for FOX kitten C ampaign “Hackers maintained a long-lasting foothold at the targeted organizations and breach additional companies through supply-chain attacks,” researchers said in their blog post . https://www.hackread.com/iranian-apt-group-hacking-vpn-servers-fox-kitten-campaign/
