Hackers sell tool to spread malware through torrent files

Be careful with what you torrent. A new tool on the black market is helping hackers distribute malware through torrent files in exchange for a fee.On Tuesday, security researchers at InfoArmor said they discovered the so-called "RAUM" tool in underground forums.It leverages torrenting -- a popular file-sharing method associated with piracy -- to spread the malware. Popular torrent files, especially games, are packaged with malicious coding and then uploaded for unsuspecting users to download.Using torrents to infect computers is nothing new. But the makers of the RAUM tool have streamlined the whole process with a "Pay-Per-Install" model, according to InfoArmor.To read this article in full or to leave a comment, please click here

Hackers sell tool to spread malware through torrent files

Be careful with what you torrent. A new tool on the black market is helping hackers distribute malware through torrent files in exchange for a fee.On Tuesday, security researchers at InfoArmor said they discovered the so-called "RAUM" tool in underground forums.It leverages torrenting -- a popular file-sharing method associated with piracy -- to spread the malware. Popular torrent files, especially games, are packaged with malicious coding and then uploaded for unsuspecting users to download.Using torrents to infect computers is nothing new. But the makers of the RAUM tool have streamlined the whole process with a "Pay-Per-Install" model, according to InfoArmor.To read this article in full or to leave a comment, please click here

Lenovo laptops refuse to run Linux due to storage woes, not Microsoft evildoing

It looks like Linux lovers have another roadbump to watch out for beyond Microsoft’s slow tightening of the UEFI Secure Boot screws.Lenovo’s forums and the Linux subreddit are ablaze amidst reports of failed Linux installs on the Lenovo Yoga 900 13ISK2 and Ideapad 710S, as Tech Republic first reported. The howls intensified when an unverified person identifying herself as a “Lenovo Product Expert” answered a question about the issue on the Best Buy website with, “The system has a Signature Edition of Windows 10 Home installed. It is locked per our agreement with Microsoft.”To read this article in full or to leave a comment, please click here

How to protect your mission-critical information

Given the vast and increasing volumes of data within organizations today, securing your data can seem an insurmountable task. But you can get your arms around it if you assess the value of your data and focus your attention on protecting your mission-critical information assets — the crown jewels.Yesterday, the nonprofit Information Security Forum (ISF) announced the availability of Protecting the Crown Jewels: How to Secure Mission-Critical Information Assets, the latest in a series of reports geared to helping organizations do just that."Businesses must prioritize the protection of mission-critical information assets," says Steve Durbin, managing director of the ISF. "Far too often, organizations consider the value of these assets, but fail to recognize the extent to which they are exposed to global security threats."To read this article in full or to leave a comment, please click here

Samsung has shipped 500,000 replacement Note 7 units to the U.S.

Samsung has announced it has just finished a shipment of 500,000 units of the Galaxy Note7 to carrier and retail outlets.The devices are to be available on Wednesday, September 21, meaning you can finally get a non-exploding model in exchange for the one you own. Those who were issued a temporary device by their carrier should also be eligible to swap it for a Note7.Those who have been forced to wait to buy a new Note7 also may be in luck. The Note7 is available on the online store for Verizon and Sprint right now. Other carriers like T-Mobile and AT&T still redirecting Note7 information on their site to a dedicated page with recall details, but they may very well resume sales soon.  If you were thinking of buying a Note7 but got stuck waiting because of the battery fiasco, your best bet is to contact your carrier.To read this article in full or to leave a comment, please click here

Cisco says router bug could be result of ‘cosmic radiation’ … Seriously?

A Cisco bug report addressing “partial data traffic loss” on the company’s ASR 9000 Series routers contends that a “possible trigger is cosmic radiation causing SEU soft errors.”Cosmic radiation? While we all know that cosmic radiation can wreak havoc on electronic devices, there’s far less agreement as to the likelihood of it being the culprit in this case. Or that Cisco could know one way or the other.A reader of Reddit’s section devoted to networking asks the question: “Has anyone ever seen ‘cosmic radiation’ as a cause for software errors in a bug report before? The ‘fix’ is to reload the line card. This did resolve the issue in our case. Anybody else experience this?”To read this article in full or to leave a comment, please click here

Cisco says router bug could be result of ‘cosmic radiation’ … Seriously?

A Cisco bug report addressing “partial data traffic loss” on the company’s ASR 9000 Series routers contends that a “possible trigger is cosmic radiation causing SEU soft errors.”Cosmic radiation? While we all know that cosmic radiation can wreak havoc on electronic devices, there’s far less agreement as to the likelihood of it being the culprit in this case. Or that Cisco could know one way or the other.A reader of Reddit’s section devoted to networking asks the question: “Has anyone ever seen ‘cosmic radiation’ as a cause for software errors in a bug report before? The ‘fix’ is to reload the line card. This did resolve the issue in our case. Anybody else experience this?”To read this article in full or to leave a comment, please click here

IDG Contributor Network: 3D printers hackable via smartphone

A smartphone’s built-in sensors can be used to swipe important intellectual property, such as product models and prototypes, by reading a combination of acoustic traces and electromagnetic energy as a 3D printer’s print head moves across a platen.New research discovered that it’s not just the sounds that the nozzle makes as it prints the model that gives the game away, as was previously thought. A new study indicates that by combining the collection of sounds with electromagnetic readings, hackers can obtain a powerful facsimile of what’s being made.+ Also on Network World: 3D printers wide-open to hacking +To read this article in full or to leave a comment, please click here

Save Big on Select Chromebooks Through 9/26 Only on Amazon – Deal Alert

Amazon has discounts on many popular Chromebook models, and the discounts continue through September 26th. Below is a sample of the savings, and you can click through to this page on Amazon for the full list. ASUS C201 11.6 Inch Chromebook (Rockchip, 4 GB, 16GB SSD, Lotus Gold/Red) $487.35 $199.00 HP Chromebook 14-ak010nr 14-Inch (Intel Celeron, 2 GB RAM, 16 GB SSD)  $249.99 $215.98 Samsung Chromebook 3 XE500C13-K02US 4 GB RAM 11.6" Laptop (Black) $229.99 $209.98 To read this article in full or to leave a comment, please click here

IDG Contributor Network: Cloudways choses Kyup to power its container-based hosting

Cloudways is a cloud platform offering support for organizations that need to run web-applications. Competing with other web-application hosting services like Pantheon and Pressable, Cloudways offers applications such as ecommerce, content management systems and blogging platforms.Basically the idea is that if you’re a content producer, you can rely on Cloudways to ensure that your site stays up regardless of traffic spikes, application updates or security issues. Instead of picking a standard cloud or hosting provider and doing the heavy lifting of the application-specific stuff yourself, you rely on Cloudways to do that for you.To read this article in full or to leave a comment, please click here

The Three Great Lies of Cloud Computing

It’s elastic! It’s on-demand! It scales dynamically to meet your needs! It streamlines your operations, gives you persistent access to data, and it’s always, always cheaper. It’s cloud computing, and it’s here to save your enterprise.

And yet, for all the promise of cloud, there are still segments of IT, such as HPC and many categories of big data analytics, that have been resistant to wholesale outsourcing to public cloud resources. At present cloud computing makes up only 2.4% of the HPC market by revenue, and although Intersect360 Research is forecast its growth at a robust 10.9%, that still keeps

The Three Great Lies of Cloud Computing was written by Nicole Hemsoth at The Next Platform.

Cables and chargers go big and long

As my family acquires more gadgets and devices that require recharging, I find myself experiencing a lot more drama when one of their devices goes dead and needs to be plugged in. This turns into a battle of “cable swapping”, in which one family member removes a cable from a device being recharged and plugs it into their own device, with the hope that family member #2 doesn’t notice the swap. Buying more cable chargers can help, but then the issue becomes the availability and location of power outlets. Nowhere is this more evident than in our vehicle (a 7-year-old minivan with a recharger port only in the front), which requires a bunch of different power recharging options for occupants in the van. The driver and passenger have priority, of course, as we utilize charging for our smartphones for GPS and music streaming purposes. It's good to be the parents.To read this article in full or to leave a comment, please click here

Opportunistic Encryption: Bringing HTTP/2 to the unencrypted web

Encrypting the web is not an easy task. Various complexities prevent websites from migrating from HTTP to HTTPS, including mixed content, which can prevent sites from functioning with HTTPS.

Opportunistic Encryption provides an additional level of security to websites that have not yet moved to HTTPS and the performance benefits of HTTP/2. Users will not see a security indicator for HTTPS in the address bar when visiting a site using Opportunistic Encryption, but the connection from the browser to the server is encrypted.

In December 2015, CloudFlare introduced HTTP/2, the latest version of HTTP, that can result in improved performance for websites. HTTP/2 can’t be used without encryption, and before now, that meant HTTPS. Opportunistic Encryption, based on an IETF draft, enables servers to accept HTTP requests over an encrypted connection, allowing HTTP/2 connections for non-HTTPS sites. This is a first.

Combined with TLS 1.3 and HTTP/2 Server Push, Opportunistic Encryption can result in significant performance gains, while also providing security benefits.

Opportunistic Encryption is now available to all CloudFlare customers, enabled by default for Free and Pro plans. The option is available in the Crypto tab of the CloudFlare dashboard:

How it works

Opportunistic Encryption Continue reading

Education needs to study up on fighting ransomware

It should surprise no one that ransomware is on the rise, but it may be news that education -- not healthcare -- is outstripping other industries for rate of infection, according to a study by security ratings firm BitSight.Organizations in education had the highest rate of infection, with at least one in 10 experiencing ransomware on their networks, according to “The Rising Face of Cyber Crime: Ransomware” report.The study looks at businesses in finance, retail, healthcare, energy/utilities, government and education, which are listed in order from best to worst for ransomware infection rate. Education’s score is far behind that of the others, more than double that for government. The rate ranges from 13% of those in education down to 1.5% for those in finance.To read this article in full or to leave a comment, please click here

Education needs to study up on fighting ransomware

It should surprise no one that ransomware is on the rise, but it may be news that education -- not healthcare -- is outstripping other industries for rate of infection, according to a study by security ratings firm BitSight.Organizations in education had the highest rate of infection, with at least one in 10 experiencing ransomware on their networks, according to “The Rising Face of Cyber Crime: Ransomware” report.The study looks at businesses in finance, retail, healthcare, energy/utilities, government and education, which are listed in order from best to worst for ransomware infection rate. Education’s score is far behind that of the others, more than double that for government. The rate ranges from 13% of those in education down to 1.5% for those in finance.To read this article in full or to leave a comment, please click here

‘Digital laggards’ must harness data or get left behind

Consultants like to warn CIOs that if they don't embrace modern technologies to meet customer demands that they will be left in the dust by more nimble rivals. Such sky-is-falling proclamations have been taken lightly because they've been difficult to back up. However, new research from Harvard Business School (HBS) suggests that a divide is forming between organizations that have accelerated their digital transformations and those that are still figuring out a working digital model.Digital leaders, defined by HBS as companies that landed in the top quarter of its research, generate better gross margins as well as better earnings and net income than organizations in the bottom digital quarter. Leaders post a three-year average gross margin of 55 percent, compared to just 37 percent for the laggards. Leaders also outstrip laggards in three-year average earnings 16 percent to 11 percent. And in three-year average net income, leaders have the advantage 11 percent to seven percent.To read this article in full or to leave a comment, please click here

Apple’s new macOS Sierra fixes over 60 security flaws

Apple launched its newest operating system, macOS Sierra 10.12, on Tuesday and aside from new and interesting features, it has a large number of important security fixes.The new OS patches 65 vulnerabilities in various core and third-party components. Some of these vulnerabilities are critical and can result in arbitrary code execution with kernel privileges.Flaws that allow local applications to execute malicious code with kernel or system privileges were fixed in Apple's HSSPI support component, AppleEFIRuntime, AppleMobileFileIntegrity, AppleUUC, the Bluetooth stack, DiskArbitration, the Intel Graphics Driver, the IOAcceleratorFamily and IOThunderboltFamily, the S2 Camera, the Security service and the kernel itself.To read this article in full or to leave a comment, please click here

Apple’s new macOS Sierra fixes over 60 security flaws

Apple launched its newest operating system, macOS Sierra 10.12, on Tuesday and aside from new and interesting features, it has a large number of important security fixes.The new OS patches 65 vulnerabilities in various core and third-party components. Some of these vulnerabilities are critical and can result in arbitrary code execution with kernel privileges.Flaws that allow local applications to execute malicious code with kernel or system privileges were fixed in Apple's HSSPI support component, AppleEFIRuntime, AppleMobileFileIntegrity, AppleUUC, the Bluetooth stack, DiskArbitration, the Intel Graphics Driver, the IOAcceleratorFamily and IOThunderboltFamily, the S2 Camera, the Security service and the kernel itself.To read this article in full or to leave a comment, please click here