Attacks Based on Credential Theft On The Rise, DBIR Says
In the 13th Data Breach Investigations Report, Verizon researchers found that attackers are relying less on malware and more on...
SEARCH
Fahmida Y. Rashid
Senior Managing EditorFahmida brings over a decade of IT security news reporting along with ten years of network administration and software development to Decipher.
Every security story has a human face, and her goal is to bring those stories to light. As the senior managing editor of Decipher, she will focus on ways security can impact how people live, work, and play. She enjoys working on stories that speak to those outside the security industry, highlighting the intersection of security and other technology areas. Over the years, she has seen enough to make her overzealous about her personal threat-model, but she doesn’t hold it against anyone for having a more relaxed worldview.
- fahmida@decipher.sc
- @FYRashid
- 3DF6 3FDA FACC 7BC6
Featured Articles
Decipher Library: First Edition
We've put together a list of security and privacy related book recommendations from people across the industry, from technical...
Security Norms Must Shift in a Crisis
With so many employees and contractors working remotely, security teams and CISOs grapple with the job of continuing to protect...
ESET Identifies 11 Latin American Malware Families
There are multiple distinct banking Trojan families in Latin America, rather than one large group as has been previously believed, ESET researchers said at the Virus Bulletin 2020 conference.
Framework Outlines How Companies Should Talk About Breaches
Organizations are increasingly developing incident response playbooks to plan out in advance what steps to take in case of a security breach—such as an employees accessing files without authorization, a lost computer, or a server compromised by outside attackers. A team of academics from the UK's University of Kent and University of Warwick outlined a comprehensive playbook on how organizations should communicate after a security incident.
Attackers Actively Targeting Zerologon Flaw, Microsoft Warns
The Zerologon vulnerability Microsoft patched in Windows Server last month is actively being exploited in several attacks, Microsoft warned.
Compromised Credentials Used in Attack Against Federal Agency
An intruder breached a federal agency’s internal network and accessed data files using compromised credentials and custom malware, the Cybersecurity and Infrastructure Security Agency said in an Analysis Report.
CISA Orders Agencies to Patch Zerologon Flaw
Federal agencies have until the end of Monday to install fixes for a recently-fixed elevation of privilege vulnerability in Windows which could be used to take control of the entire network, CISA said in an emergency directive.