Security News > 2021

IBM announced key members of the executive team to lead the independent company that will be created following the previously announced separation of IBM's Managed Infrastructure Services business. "These executives bring great global expertise as we build a purpose-led culture for our new company," said Martin Schroeter, who assumed the role of NewCo's Chief Executive Officer on January 15.

Ingram Micro Cloud announced its new White-Label Marketplace, a robust feature for resellers to publish and launch their own branded marketplace on the Ingram Micro Cloud Marketplace. Now, reseller partners can easily automate their own cloud business and ultimately increase sales by directly offering the best-in-class technology solutions available on the Ingram Micro Cloud Marketplace, while also providing access to a selection of self-branded services to give their customers a more customized experience.

Following Microsoft's release of out-of-band patches to address multiple zero-day flaws in on-premises versions of Microsoft Exchange Server, the U.S. Cybersecurity and Infrastructure Security Agency has issued an emergency directive warning of "Active exploitation" of the vulnerabilities. The alert comes on the heels of Microsoft's disclosure that China-based hackers were exploiting unknown software bugs in Exchange server to steal sensitive data from select targets, marking the second time in four months that the U.S. has scrambled to address a widespread hacking campaign believed to be the work of foreign threat actors.

Researchers have uncovered more custom malware that is being used by the threat group behind the SolarWinds attack. Researchers with Microsoft and FireEye identified three new pieces of malware that the companies said are being used in late-stage activity by the threat actor.

Maza, a place online for fraudsters and extorters to connect to pull off their operations, has been breached by an unknown attacker, in just the latest in a series of attacks targeting elite Russian-language cybercrime forums. These forums are where threat actors can go to access ransomware-as-a-service tools, launder stolen money and even get advice on how to improve their crimes, Flashpoint vice president Thomas Hofmann explained to Threatpost.

Security concerns largely center on the fact that TikTok is a Chinese company. If you decide to use TikTok - and the same goes for all social media platforms - be careful with what you share, and don't assume any inherent data security or privacy.

CNAME tracking is a way to configure DNS records to erase the distinction between code and assets from a publisher's domain and tracking scripts on that site that call a server on an advertiser's domain. As privacy barriers have gone up to prevent marketers from gathering data from web users, CNAME manipulation has become more popular.

US managed service provider CompuCom has suffered a DarkSide ransomware attack leading to service outages and customers disconnecting from the MSP's network to prevent the spread of malware. Over the weekend, CompuCom suffered an outage that prevented customers from accessing the company's customer portal to open troubleshooting tickets.

How to stop security-conscious apps from allowing unencrypted data to escape, and how scammers put social network users under pressure in order to steal their passwords. WHERE TO FIND THE PODCAST ONLINE. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher, Overcast and anywhere that good podcasts are found.

We've never quite understood Google's mention of rolling out updates over "Days/weeks" in an update bulletin that includes 47 security fixes, of which eight have a severity level of High. We suggest going out manually and making sure you've got your Chrome update already, without waiting for those day/weeks to elapse until the update finds you.