Fahmida brings over a decade of IT security news reporting along with ten years of network administration and software development to Decipher. Every security story has a human face, and her goal is to bring those stories to light. As the senior managing editor of Decipher, she will focus on ways security can impact how people live, work, and play. She enjoys working on stories that speak to those outside the security industry, highlighting the intersection of security and other technology areas. Over the years, she has seen enough to make her overzealous about her personal threat-model, but she doesn’t hold it against anyone for having a more relaxed worldview.
An intruder breached a federal agency’s internal network and accessed data files using compromised credentials and custom malware, the Cybersecurity and Infrastructure Security Agency said in an Analysis Report.
Federal agencies have until the end of Monday to install fixes for a recently-fixed elevation of privilege vulnerability in Windows which could be used to take control of the entire network, CISA said in an emergency directive.
MITRE’s latest project is a public library of detailed plans replicating tactics and techniques used by known attack groups. The first set of adversary emulation plans released this week describe the behavior of cybercrime group FIN6.
The House of Representatives has unanimously passed a bipartisan bill setting minimum security requirements for Internet of Things devices connected to federal networks. The next step: get the Senate to vote on its version of the bill.
Attackers are cross-checking stolen Office 365 credentials on Azure Active Directory in real-time after victims type them into a malicious phishing page, researchers from Armorblox said.