Fahmida brings over a decade of IT security news reporting along with ten years of network administration and software development to Decipher. Every security story has a human face, and her goal is to bring those stories to light. As the senior managing editor of Decipher, she will focus on ways security can impact how people live, work, and play. She enjoys working on stories that speak to those outside the security industry, highlighting the intersection of security and other technology areas. Over the years, she has seen enough to make her overzealous about her personal threat-model, but she doesn’t hold it against anyone for having a more relaxed worldview.
The United States Department of Justice painstakingly laid out the investigative breadcrumbs that identified the tools and techniques used by North Korea in offensive campaigns conducted over a four-year span, which includes the attack against Sony Pictures in 2014, the theft from Bangladesh Bank in 2016, and the devastating WannaCry ransomware outbreak in 2017.
The United States Department of Justice has charged a North Korean programmer for taking part in the attacks as part of its strategy to call out nation-state attackers. While there is no chance of US law enforcement ever making the arrest, the complaint is a way for the government to respond to damaging nation-state sponsored attacks.
The Internet relies on BGP, but the protocol doesn't have any security protections to prevent route hijacking. NIST's draft paper outlines techniques for securing BGP for a safer Internet.
Windows administrators don't like zero day vulnerabilities. The good news about the new flaw in the TaskScheduler service is that a hotfix, or a micropatch, is available.
The open source Struts web application framework has a target on its back. Attackers are likely developing exploits. Is it time to stop using Struts?