176698077
submission
Beave writes:
The standard hardware security key in the tech space is typically a YubiKey. While I’m sure we all appreciate YubiKeys, there are many other key manufacturers out there. Each manufacturer and key has different capabilities, and are not all equal. This article will explore the various hardware security keys that can be used to store Passkeys and SSH keys. We will focus on usability, operating system compatibility, and costs. This article will likely help, whether you're looking for a personal key for projects or seeking to implement a passwordless solution at work.
170203527
submission
Beave writes:
Security researchers and practitioners at Quadrant Information Security recently found themselves in a battle with the Russian ransomware gang known as “Black Basta” in an attempted “double extortion” scheme. Quadrant discovered the Russian gang attempting to exfiltrate data from a network. Data exfiltrated from a victims network is used as part one of the gangs “double extortion” scheme. Once a victim's data is fully exfiltrated, the gang then encrypts workstations and servers. This is part two of the “double extortion”. Once these tasks are completed, Black Basta demands ransom payments from the victim in order to decrypt their data and to prevent Black Basta from releasing exfiltrated data to the public.
Fortunately, in this case, Black Basta didn’t make it that far. Instead, the security researchers used the opportunity to better understand Black Basta’s "backend servers", tools, and methods.
It ends up Black Basta will sometimes use a victims network to log into their own servers, which leads to interesting opportunities to observe the gang's operations.
The first write up goes into technical details about the malware and tactics Black Basta used. The second second write up focuses on Black Basta’s “backend” servers and how they manage them.
TLDR? You can also listen to two of the security researchers discuss their findings on the latest episode of the "Breaking Badness" podcast.
