Fahmida Y. Rashid

Senior Writer

Fahmida Y. Rashid is a senior writer at CSO, focused on the information security beat. Before joining CSO, she wrote about networking and security for various technology publications, including InfoWorld, eWeek, PC Magazine, Dark Reading, and CRN. She also spent years as an IT administrator, software developer, and data analyst. "I, for one, welcome our new computer overlords."

DDoS attacks abusing exposed LDAP servers on the rise

DDoS attacks abusing exposed LDAP servers on the rise

A pair of advisories from Ixia and Akamai illustrate how DDoS attackers can abuse legitimate protocols to launch ever larger reflection attacks

Shadow Brokers dump contained Solaris hacking tools

Shadow Brokers dump contained Solaris hacking tools

The tools would let attackers remotely take over any Solaris system around the world

Clean up your DNS act or get pwned like this bank

Clean up your DNS act or get pwned like this bank

The key takeaway from the massive heist at a Brazilian bank is what security experts have been saying for years: secure DNS

Trust issues: Know the limits of SSL certificates

Trust issues: Know the limits of SSL certificates

All SSL certs are not created equal, and web browsers make matters worse by not clearly showing what security you’re actually getting

Phishing scammers exploit Wix web hosting

Phishing scammers exploit Wix web hosting

Criminals flock to free web services to establish their attack infrastructure. The latest example: A group using free website host Wix for its phishing pages

Old attack code is new weapon for Russian hackers

Old attack code is new weapon for Russian hackers

Researchers found commonalities between tools used against Solaris 20 years ago and modern-day attacks deployed against Windows PCs

Jenkins users can shore up software security with plugins

Jenkins users can shore up software security with plugins

Safeguard the software you develop from the start with these Jenkins plug-ins and integrations, which automate security testing

Critical flaw alert! Stop using JSON encryption

Critical flaw alert! Stop using JSON encryption

Developers shouldn't use JSON Web Tokens or JSON Web Encryption in their applications at all, lest their private keys get stolen

Google to Symantec: We don't trust you anymore

Google to Symantec: We don't trust you anymore

Admins need to consider whether they still want to use Symantec after its repeated mistakes with issuing TLS certificates

Malware finds unwitting ally in GitHub

Malware finds unwitting ally in GitHub

Winnti's abuse of GitHub repository leaves the site in the tricky position of deciding which projects can stay and which ones to shut down

Google reports mixed progress on Android security

Google reports mixed progress on Android security

Is the glass half full or half empty? The real issue is that it’s at the halfway mark and there's still a significant security road that Android must travel

Devops embraces security measures to build safer software

Devops embraces security measures to build safer software

Survey finds that devops teams are automating security throughout the software development lifecycle to create better and safer code

Leading Linux distros dawdle as kernel flaw persists

Leading Linux distros dawdle as kernel flaw persists

A race condition flaw has been fixed in the mainline Linux kernel, but some Red Hat, Canonical, and Debian distributions don't yet have patches

Warning: Your networking tools are weakening your web security

Warning: Your networking tools are weakening your web security

US-CERT says SSL inspection tools, which let enterprise administrators examine encrypted traffic to find and block malicious activity, actually hinder HTTPS

Yahoo breach lessons IT can't ignore

Yahoo breach lessons IT can't ignore

The indictment against the attackers behind the Yahoo breach shows just how vulnerable corporate networks are when thieves get their hands on employees' personal information

Facebook bars developers from using data feeds for spying tools

Facebook bars developers from using data feeds for spying tools

Facebook and Instagram have publicly changed their terms and conditions to tell developers they can't use public user data feeds to develop tools that can be used for surveillance

How Android and iOS devices really get hacked

How Android and iOS devices really get hacked

There are many ways to hack mobile devices, but the method people worry about is hard and relatively uncommon. You're more likely to get phished first

Google tries to beat AWS at cloud security

Google tries to beat AWS at cloud security

New tools that protect enterprise applications running on Google Cloud Platform may help take the spotlight away from AWS and Microsoft Azure

Apache Struts bug is under attack, patch now

Apache Struts bug is under attack, patch now

Due to the Jakarta Multipart parser in Apache Struts mishandling Content-Type headers, an attacker can remotely execute code on vulnerable systems

WordPress fixes XSS, CSRF flaws in latest core update

WordPress fixes XSS, CSRF flaws in latest core update

WordPress has a new security update for its content management platform. Don't wait for attackers to launch attacks before updating to version 4.7.3

Load More