Fahmida Y. Rashid
Contributor
Fahmida Y. Rashid is a freelance writer who wrote for CSO and focused on information security. Before joining CSO, she wrote about networking and security for various technology publications, including InfoWorld, eWeek, PC Magazine, Dark Reading, and CRN. She also spent years as an IT administrator, software developer, and data analyst. "I, for one, welcome our new computer overlords."
Google tinkers with Android O to foil ransomware
Android O has specific elements to make it harder for ransomware to get a foothold on the device
DDoS attacks abusing exposed LDAP servers on the rise
A pair of advisories from Ixia and Akamai illustrate how DDoS attackers can abuse legitimate protocols to launch ever larger reflection attacks
Clean up your DNS act or get pwned like this bank
The key takeaway from the massive heist at a Brazilian bank is what security experts have been saying for years: secure DNS
Phishing scammers exploit Wix web hosting
Criminals flock to free web services to establish their attack infrastructure. The latest example: A group using free website host Wix for its phishing pages
Critical flaw alert! Stop using JSON encryption
Developers shouldn't use JSON Web Tokens or JSON Web Encryption in their applications at all, lest their private keys get stolen
Google to Symantec: We don't trust you anymore
Admins need to consider whether they still want to use Symantec after its repeated mistakes with issuing TLS certificates
Malware finds unwitting ally in GitHub
Winnti's abuse of GitHub repository leaves the site in the tricky position of deciding which projects can stay and which ones to shut down
Google reports mixed progress on Android security
Is the glass half full or half empty? The real issue is that it’s at the halfway mark and there's still a significant security road that Android must travel
Devops embraces security measures to build safer software
Survey finds that devops teams are automating security throughout the software development lifecycle to create better and safer code
Leading Linux distros dawdle as kernel flaw persists
A race condition flaw has been fixed in the mainline Linux kernel, but some Red Hat, Canonical, and Debian distributions don't yet have patches
Warning: Your networking tools are weakening your web security
US-CERT says SSL inspection tools, which let enterprise administrators examine encrypted traffic to find and block malicious activity, actually hinder HTTPS
Yahoo breach lessons IT can't ignore
The indictment against the attackers behind the Yahoo breach shows just how vulnerable corporate networks are when thieves get their hands on employees' personal information
Facebook bars developers from using data feeds for spying tools
Facebook and Instagram have publicly changed their terms and conditions to tell developers they can't use public user data feeds to develop tools that can be used for surveillance
How Android and iOS devices really get hacked
There are many ways to hack mobile devices, but the method people worry about is hard and relatively uncommon. You're more likely to get phished first
Apache Struts bug is under attack, patch now
Due to the Jakarta Multipart parser in Apache Struts mishandling Content-Type headers, an attacker can remotely execute code on vulnerable systems
WordPress fixes XSS, CSRF flaws in latest core update
WordPress has a new security update for its content management platform. Don't wait for attackers to launch attacks before updating to version 4.7.3
Bitbucket tightens security on private code
Administrators can use IP whitelisting and two-step verification to have full control over who can view or work with private code repositories
HackerOne opens up bug bounties to open source
The platform helps teams handle vulnerability submissions, coordinate communications, identify duplicate reports, and run bug bounty programs
Chrome extension brings encryption to Gmail
E2Email, Google's latest open source project, wants to bring encrypted email to the masses, but without strong leadership, this project may wind up going nowhere