Security news that informs and inspires
headshot of Fahmida Y. Rashid with teal overlay

Fahmida Y. Rashid

Contributor

Fahmida brings over a decade of IT security news reporting along with ten years of network administration and software development to Decipher. Every security story has a human face, and her goal is to bring those stories to light. As the senior managing editor of Decipher, she will focus on ways security can impact how people live, work, and play. She enjoys working on stories that speak to those outside the security industry, highlighting the intersection of security and other technology areas. Over the years, she has seen enough to make her overzealous about her personal threat-model, but she doesn’t hold it against anyone for having a more relaxed worldview.

  • fahmida@decipher.sc
  • @FYRashid
  • 3DF6 3FDA FACC 7BC6
352 articles by Fahmida Y. Rashid

Compromised Credentials Used in Attack Against Federal Agency

An intruder breached a federal agency’s internal network and accessed data files using compromised credentials and custom malware, the Cybersecurity and Infrastructure Security Agency said in an Analysis Report.

Government, Data Breaches

CISA Orders Agencies to Patch Zerologon Flaw

Federal agencies have until the end of Monday to install fixes for a recently-fixed elevation of privilege vulnerability in Windows which could be used to take control of the entire network, CISA said in an emergency directive.

Patch, Windows, Government

MITRE Releases FIN6 Emulation Plan

MITRE’s latest project is a public library of detailed plans replicating tactics and techniques used by known attack groups. The first set of adversary emulation plans released this week describe the behavior of cybercrime group FIN6.

Cybercrime, Attacker, Attack Simulations

House Passes IoT Security Bill

The House of Representatives has unanimously passed a bipartisan bill setting minimum security requirements for Internet of Things devices connected to federal networks. The next step: get the Senate to vote on its version of the bill.

Iot Security

Attackers Verify O365 Credentials On Azure AD

Attackers are cross-checking stolen Office 365 credentials on Azure Active Directory in real-time after victims type them into a malicious phishing page, researchers from Armorblox said.

Phishing, Office 365, Azure, Azure Ad, Active Directory