Fahmida Y. Rashid
Senior Writer
Fahmida Y. Rashid is a senior writer at CSO, focused on the information security beat. Before joining CSO, she wrote about networking and security for various technology publications, including InfoWorld, eWeek, PC Magazine, Dark Reading, and CRN. She also spent years as an IT administrator, software developer, and data analyst. "I, for one, welcome our new computer overlords."
Oracle’s monster update emphasizes flaws in critical business applications
Oracle hasn’t been “just” a database company in a long time, and nowhere is that more evident than in its quarterly critical patch update release, where the bulk of the fixes are in business applications like PeopleSoft and E-Business...
Top cloud security controls you should be using
Human error is one of the top reasons for data breaches in the cloud, as administrators forget to turn on basic security controls. Whether it is Amazon Web Services, Microsoft Azure, or Google Cloud Platform, keep these rules in mind...
Why linguistics can't always identify cyber attackers' nationality
The security whodunnit: analyzing the language used in an attack is just one tool to assign attribution, and it’s not always reliable.
The fault for ransomware attacks lies with the challenges security teams face
The realities of managing and protecting IT infrastructures puts IT and security personnel in a no-win situation when attacks like WannaCry or ExPetr occur, so stop blaming them.
5 things you need to know about Stack Clash to secure your shared Linux environment
Qualys shows that attackers can locally exploit the privilege escalation vulnerability to gain root access over Linux, Solaris and BSD machines. This is bad news for Unix-based servers, and even more so for multi-tenant environments.
It's time to update XP, Windows Server 2003 despite Microsoft's emergency patch
Windows XP and Windows Server 2003 are supposed to be dead, but Microsoft's emergency update to address serious vulnerabilities gives organizations another excuse to hang on to these legacy operating systems a little longer.
Mobile app developers: Make sure your back end is covered
Developers need to make sure they are baking security into the application code and protecting how their apps handle data, but as the so-called HospitalGown security issue shows, they also need to know how the back-end servers and...
The Target data breach settlement sets a low bar for industry security standards
The multistate settlement over the 2013 Target data breach outlines the kind of security measures enterprises should have in order to not be found negligent with customer data. The problem is, the settlement doesn’t go far enough to...
Patch the Samba bug before a network worm exploits it
It isn’t at WannaCry-crisis levels yet, but the fact that Samba is so widely used means a network worm can really have a field day exploiting this vulnerability.
The modern guide to staying safe online
Keeping safe and productive online requires smart decision-making and just the right preventive measures to fit the level of risk you can live with.
McAfee: Wave of Shamoon cyberattacks being coordinated by a single group
The latest campaigns are bigger, more sophisticated, and causing far more damage as the attackers learn new techniques and collaborate with other groups
Don't get bit by zombie cloud data
Data you thought you had deleted from the cloud can come back to haunt you. Get to know your provider’s data deletion policy
Shadow Brokers dump contained Solaris hacking tools
The tools would let attackers remotely take over any Solaris system around the world
Know the limits of SSL certificates
All SSL certs are not created equal, and web browsers make matters worse by not clearly showing what security you’re actually getting
Old attack code is new weapon for Russian hackers
Researchers found commonalities between tools used against Solaris 20 years ago and modern-day attacks deployed against Windows PCs
Google tries to beat AWS at cloud security
New tools that protect enterprise applications running on Google Cloud Platform may help take the spotlight away from AWS and Microsoft Azure
How to scrub your private data from 'people finder' sites
The internet has your number—among many other deets. Prevent identity theft and doxxing by erasing yourself from aggregator sites like Spokeo and PeekYou
5 open source security tools too good to ignore
Look to these clever open source tools to keep secrets out of source code, identify malicious files, block malicious processes, and keep endpoints safe
