Fahmida brings over a decade of IT security news reporting along with ten years of network administration and software development to Decipher. Every security story has a human face, and her goal is to bring those stories to light. As the senior managing editor of Decipher, she will focus on ways security can impact how people live, work, and play. She enjoys working on stories that speak to those outside the security industry, highlighting the intersection of security and other technology areas. Over the years, she has seen enough to make her overzealous about her personal threat-model, but she doesn’t hold it against anyone for having a more relaxed worldview.
The original vulnerability may be in a jQuery plugin, but the disconnect in how web developers use .htaccess with the Apache web server and how the server is actually configured means there are potentially more applications out there that are vulnerable to attack.
Android has long been viewed as the less-secure mobile operating system compared to iOS, and Google's licensing changes to comply with the European Commission's anti-trust ruling can potentially make the ecosystem's overall security situation worse.
Thank you California. Gov. Brown has signed into the law that requires manufacturers to give Internet-connected devices unique passwords and not weak passowords like "admin" by default.
Whether or not Chinese spies actually planted rogue chips into Super Micro servers, this kind of supply chain attack is feasible. This is just the tip of the iceberg.
Facebook revoked its session tokens after the massive breach. A team of researchers from the University of Illinois at Chicago lay out what attackers could do with those session tokens if they hadn't been reset.