Fahmida Y. Rashid

Senior Writer

Fahmida Y. Rashid is a senior writer at CSO, focused on the information security beat. Before joining CSO, she wrote about networking and security for various technology publications, including InfoWorld, eWeek, PC Magazine, Dark Reading, and CRN. She also spent years as an IT administrator, software developer, and data analyst. "I, for one, welcome our new computer overlords."

Oracle’s monster update emphasizes flaws in critical business applications

Oracle’s monster update emphasizes flaws in critical business applications

Oracle hasn’t been “just” a database company in a long time, and nowhere is that more evident than in its quarterly critical patch update release, where the bulk of the fixes are in business applications like PeopleSoft and E-Business...

Top cloud security controls you should be using

Top cloud security controls you should be using

Human error is one of the top reasons for data breaches in the cloud, as administrators forget to turn on basic security controls. Whether it is Amazon Web Services, Microsoft Azure, or Google Cloud Platform, keep these rules in mind...

Why linguistics can't always identify cyber attackers' nationality

Why linguistics can't always identify cyber attackers' nationality

The security whodunnit: analyzing the language used in an attack is just one tool to assign attribution, and it’s not always reliable.

The fault for ransomware attacks lies with the challenges security teams face

The fault for ransomware attacks lies with the challenges security teams face

The realities of managing and protecting IT infrastructures puts IT and security personnel in a no-win situation when attacks like WannaCry or ExPetr occur, so stop blaming them.

5 things you need to know about Stack Clash to secure your shared Linux environment

5 things you need to know about Stack Clash to secure your shared Linux environment

Qualys shows that attackers can locally exploit the privilege escalation vulnerability to gain root access over Linux, Solaris and BSD machines. This is bad news for Unix-based servers, and even more so for multi-tenant environments.

It's time to update XP, Windows Server 2003 despite Microsoft's emergency patch

It's time to update XP, Windows Server 2003 despite Microsoft's emergency patch

Windows XP and Windows Server 2003 are supposed to be dead, but Microsoft's emergency update to address serious vulnerabilities gives organizations another excuse to hang on to these legacy operating systems a little longer.

Mobile app developers: Make sure your back end is covered

Mobile app developers: Make sure your back end is covered

Developers need to make sure they are baking security into the application code and protecting how their apps handle data, but as the so-called HospitalGown security issue shows, they also need to know how the back-end servers and...

The Target data breach settlement sets a low bar for industry security standards

The Target data breach settlement sets a low bar for industry security standards

The multistate settlement over the 2013 Target data breach outlines the kind of security measures enterprises should have in order to not be found negligent with customer data. The problem is, the settlement doesn’t go far enough to...

Patch the Samba bug before a network worm exploits it

Patch the Samba bug before a network worm exploits it

It isn’t at WannaCry-crisis levels yet, but the fact that Samba is so widely used means a network worm can really have a field day exploiting this vulnerability.

The modern guide to staying safe online

The modern guide to staying safe online

Keeping safe and productive online requires smart decision-making and just the right preventive measures to fit the level of risk you can live with.

McAfee: Wave of Shamoon cyberattacks being coordinated by a single group

McAfee: Wave of Shamoon cyberattacks being coordinated by a single group

The latest campaigns are bigger, more sophisticated, and causing far more damage as the attackers learn new techniques and collaborate with other groups

Don't get bit by zombie cloud data

Don't get bit by zombie cloud data

Data you thought you had deleted from the cloud can come back to haunt you. Get to know your provider’s data deletion policy

Shadow Brokers dump contained Solaris hacking tools

Shadow Brokers dump contained Solaris hacking tools

The tools would let attackers remotely take over any Solaris system around the world

Know the limits of SSL certificates

Know the limits of SSL certificates

All SSL certs are not created equal, and web browsers make matters worse by not clearly showing what security you’re actually getting

Old attack code is new weapon for Russian hackers

Old attack code is new weapon for Russian hackers

Researchers found commonalities between tools used against Solaris 20 years ago and modern-day attacks deployed against Windows PCs

Google tries to beat AWS at cloud security

Google tries to beat AWS at cloud security

New tools that protect enterprise applications running on Google Cloud Platform may help take the spotlight away from AWS and Microsoft Azure

How to scrub your private data from 'people finder' sites

How to scrub your private data from 'people finder' sites

The internet has your number—among many other deets. Prevent identity theft and doxxing by erasing yourself from aggregator sites like Spokeo and PeekYou

5 open source security tools too good to ignore

5 open source security tools too good to ignore

Look to these clever open source tools to keep secrets out of source code, identify malicious files, block malicious processes, and keep endpoints safe

Why 2017 will be the worst year ever for security

Why 2017 will be the worst year ever for security

High-profile breaches are just the tip of the iceberg. Many have never been detected or disclosed--and without a major infrastructure changes it's only going to get worse

Self-protection is key to Linux kernel security

Self-protection is key to Linux kernel security

Finding and fixing Linux security vulnerabilities amounts to the usual whack-a-mole. The real solution is to harden the Linux kernel and let it protect itself

Load More