Fahmida Y. Rashid

Senior Writer

Fahmida Y. Rashid is a senior writer at CSO, focused on the information security beat. Before joining CSO, she wrote about networking and security for various technology publications, including InfoWorld, eWeek, PC Magazine, Dark Reading, and CRN. She also spent years as an IT administrator, software developer, and data analyst. "I, for one, welcome our new computer overlords."

Amazon Macie automates cloud data protection with machine learning

Malicious code in the Node.js npm registry shakes open source trust model

Malicious code in the Node.js npm registry shakes open source trust model

Bad actors using typo-squatting place 39 malicious packages in npm that went undetected for two weeks. How should the open source community respond?

Why SSL/TLS attacks are on the rise

Why SSL/TLS attacks are on the rise

As more companies adopt better encryption practices, cyber criminals are turning to SSL/TLS vulnerabilities to deliver malicious attacks.

Adobe announces end-of-life for Flash, the InfoSec world cheers

Adobe announces end-of-life for Flash, the InfoSec world cheers

Support for Flash Player will end in 2020, so now is the time for website owners to migrate from it.

Oracle’s monster update emphasizes flaws in critical business applications

Oracle’s monster update emphasizes flaws in critical business applications

Oracle hasn’t been “just” a database company in a long time, and nowhere is that more evident than in its quarterly critical patch update release, where the bulk of the fixes are in business applications like PeopleSoft and E-Business...

Top cloud security controls you should be using

Top cloud security controls you should be using

Human error is one of the top reasons for data breaches in the cloud, as administrators forget to turn on basic security controls. Whether it is Amazon Web Services, Microsoft Azure, or Google Cloud Platform, keep these rules in mind...

Why linguistics can't always identify cyber attackers' nationality

Why linguistics can't always identify cyber attackers' nationality

The security whodunnit: analyzing the language used in an attack is just one tool to assign attribution, and it’s not always reliable.

The fault for ransomware attacks lies with the challenges security teams face

The fault for ransomware attacks lies with the challenges security teams face

The realities of managing and protecting IT infrastructures puts IT and security personnel in a no-win situation when attacks like WannaCry or ExPetr occur, so stop blaming them.

5 things you need to know about Stack Clash to secure your shared Linux environment

5 things you need to know about Stack Clash to secure your shared Linux environment

Qualys shows that attackers can locally exploit the privilege escalation vulnerability to gain root access over Linux, Solaris and BSD machines. This is bad news for Unix-based servers, and even more so for multi-tenant environments.

It's time to update XP, Windows Server 2003 despite Microsoft's emergency patch

It's time to update XP, Windows Server 2003 despite Microsoft's emergency patch

Windows XP and Windows Server 2003 are supposed to be dead, but Microsoft's emergency update to address serious vulnerabilities gives organizations another excuse to hang on to these legacy operating systems a little longer.

Mobile app developers: Make sure your back end is covered

Mobile app developers: Make sure your back end is covered

Developers need to make sure they are baking security into the application code and protecting how their apps handle data, but as the so-called HospitalGown security issue shows, they also need to know how the back-end servers and...

Don’t like Mondays? Neither do attackers

Don’t like Mondays? Neither do attackers

You can reduce potential damage by paying attention to when attackers are most likely to strike.

Load More