Feed aggregator

Top Comments – Pages 1381 – 1382

Looking For Group - Mon, 03/16/2020 - 16:16

Monday, YOU are the star! We curate our favourite comments from the previous week’s comments on lfg.co and Facebook and remind you how clever you are. Here are your top comments for Looking For Group pages 1381 – 1382 Looking […]

The post Top Comments – Pages 1381 – 1382 appeared first on Looking For Group.

Categories: Web Comics

Lock and Code S1Ep2: On the challenges of managed service providers

Malwarebytes - Mon, 03/16/2020 - 15:28

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to two representatives from an Atlanta-based managed service provider—a manager of engineering services and a data center architect—about the daily challenges of managing thousands of nodes and the future of the industry.

Tune in for all this and more on the latest episode of Lock and Code, with host David Ruiz.

You can also find us on the Apple iTunes store, on Google Play Music, plus whatever preferred podcast platform you use.

We cover our own research on:
  • International Women’s Day: Is awareness of stalkerware, monitoring, and spyware apps on the rise?
  • How a Rocket Loader skimmer impersonates the CloudFlare library in a clever scheme
  • Securing the MSP: What are the best practices for vetting cybersecurity vendors?
  • Remote security, aka RemoteSec, and how to achieve on-prem security levels with cloud-based remote teams
  • How the coronavirus has impacted security conferences and events, including which were cancelled, postponed, or switched over to virtual
  • The effects of climate change on cybersecurity
Plus, other cybersecurity news:
  • FBI warning: Hackers are targeting Office 365, G Suite users with business email compromise attacks. (Source: SiliconAngle)
  • How poor IoT security is allowing the 12-year-old Conficker malware to make a comeback. (Source: ZDNet)
  • Recently discovered spear phishing emails are using HIV test results as a scare factor. (Source: ThreatPost)
  • Talkspace threatened to sue a security researcher over a bug report, and forced him to take down a blog post. (Source: TechCrunch)
  • Independent testing found Google’s Play Protect to be poor on malware protection. (Source: Forbes)
  • Researchers found thousands of fingerprint files exposed in an unsecured database. (Source: Cnet)
  • Researchers discovered a phishing page informing victims about fake Netflix service disruptions, supposedly due to problems with the victim’s payment method. (Source: Sucuri Blog)

Stay safe, everyone!

The post Lock and Code S1Ep2: On the challenges of managed service providers appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Craft Destiny Crochet Hook Set Giveaway

Moogly - Mon, 03/16/2020 - 15:00

This Craft Destiny Crochet Hook Set has everything you need to crochet on the go – and I’m giving one set away on Moogly! Disclaimer: This post includes affiliate links; materials provided by Craft Destiny. A Golden Case! The Craft Destiny Crochet Hook Sets come in 3 colorways, but today I’m giving away the “Classy...

Read More

The post Craft Destiny Crochet Hook Set Giveaway appeared first on moogly. Please visit www.mooglyblog.com for this post. If you are viewing this on another site they have scraped the content from my website without permission. Thank you for your support.

8
Categories: Crochet Life

APT36 jumps on the coronavirus bandwagon, delivers Crimson RAT

Malwarebytes - Mon, 03/16/2020 - 15:00

Since the coronavirus became a worldwide health issue, the desire for more information and guidance from government and health authorities has reached a fever pitch. This is a golden opportunity for threat actors to capitalize on fear, spread misinformation, and generate mass hysteria—all while compromising victims with scams or malware campaigns.

Profiting from global health concerns, natural disasters, and other extreme weather events is nothing new for cybercriminals. Scams related to SARS, H1N1 (swine flu), and avian flu have circulated online for more than a decade. According to reports from ZDnet, many state-sponsored threat actors have already started to distribute coronavirus lures, including:

  • Chinese APTs: Vicious Panda, Mustang Panda
  • North Korean APTs: Kimsuky
  • Russian APTs: Hades group (believed to have ties with APT28), TA542 (Emotet)
  • Other APTs: Sweed (Lokibot)

Recently, the Red Drip team reported that APT36 was using a decoy health advisory document to spread a Remote Administration Tool (RAT).

APT36 is believed to be a Pakistani state-sponsored threat actor mainly targeting the defense, embassies, and the government of India. APT36 performs cyber-espionage operations with the intent of collecting sensitive information from India that supports Pakistani military and diplomatic interests. This group, active since 2016, is also known as Transparent Tribe, ProjectM, Mythic Leopard, and TEMP.Lapis.

APT36 spreads fake coronavirus health advisory

APT36 mainly relies on both spear phishing and watering hole attacks to gain its foothold on victims. The phishing email is either a malicious macro document or an rtf file exploiting vulnerabilities, such as CVE-2017-0199.

In the coronavirus-themed attack, APT36 used a spear phishing email with a link to a malicious document (Figure 1) masquerading as the government of India (email.gov.in.maildrive[.]email/?att=1579160420).

Figure 1: Phishing document containing malicious macro code

We looked at the previous phishing campaigns related to this APT and can confirm this is a new phishing pattern from this group. The names used for directories and functions are likely Urdu names.

The malicious document has two hidden macros that drop a RAT variant called Crimson RAT. The malicious macro (Figure 2) first creates two directories with the names “Edlacar” and “Uahaiws” and then checks the OS type.

Figure 2: malicious macro

Based on the OS type, the macro picks either a 32bit or 64bit version of its RAT payload in zip format that is stored in one of the two textboxes in UserForm1 (Figure 3).

Figure 3: embedded payloads in ZIP format

Then it drops the zip payload into the Uahaiws directory and unzips its content using the “UnAldizip” function, dropping the RAT payload into the Edlacar directory. Finally, it calls the Shell function to execute the payload.

Crimson RAT

The Crimson RAT has been written in .Net (Figure 4) and its capabilities include:

  • Stealing credentials from the victim’s browser
  • Listing running processes, drives, and directories on the victim’s machine
  • Retrieving files from its C&C server
  • Using custom TCP protocol for its C&C communications
  • Collecting information about antivirus software
  • Capturing screenshots
Figure 4: Crimson RAT

Upon running the payload, Crimson RAT connects to its hardcoded C&C IP addresses and sends collected information about the victim back to the server, including a list of running processes and their IDs, the machine hostname, and its username (Figure 5).

Figure 5: TCP communications Ongoing use of RATs

APT36 has used many different malware families in the past, but has mostly deployed RATs, such as BreachRAT, DarkComet, Luminosity RAT, and njRAT.

In past campaigns, they were able to compromise Indian military and government databases to steal sensitive data, including army strategy and training documents, tactical documents, and other official letters. They also were able to steal personal data, such as passport scans and personal identification documents, text messages, and contact details.

Protection against RATs

While most general users needn’t worry about nation-state attacks, organizations wanting to protect against this threat should consider using an endpoint protection system or endpoint detection and response with exploit blocking and real-time malware detection.

Shoring up vulnerabilities by keeping all software (including Microsoft Excel and Word) up-to-date shields against exploit attacks. In addition, training employees and users to avoid opening coronavirus resources from unvetted sources can protect against this and other social engineering attacks from threat actors.

Malwarebytes users are protected against this attack. We block the malicious macro execution as well as its payload with our application behavior protection layer and real-time malware detection.

Indicators of Compromise

Decoy URLs

email.gov.in.maildrive[.]email/?att=1579160420
email.gov.in.maildrive[.]email/?att=1581914657

Decoy documents

876939aa0aa157aa2581b74ddfc4cf03893cede542ade22a2d9ac70e2fef1656
20da161f0174d2867d2a296d4e2a8ebd2f0c513165de6f2a6f455abcecf78f2a

Crimson RAT

0ee399769a6e6e6d444a819ff0ca564ae584760baba93eff766926b1effe0010 b67d764c981a298fa2bb14ca7faffc68ec30ad34380ad8a92911b2350104e748

C2s

107.175.64[.]209 64.188.25[.]205 MITRE ATT&CK

https://attack.mitre.org/software/S0115/

The post APT36 jumps on the coronavirus bandwagon, delivers Crimson RAT appeared first on Malwarebytes Labs.

Categories: Techie Feeds

FIRST PLAY: Doctor Who: A Dalek Awakens – Battle against the Doctor’s Most Feared Enemy

Blogtor Who - Mon, 03/16/2020 - 11:00

This past Wednesday, I was lucky enough to participate in the latest Doctor Who event at Birmingham’s Escape Hunt in Resort World. Following the success of Doctor Who: World Collect, BBC Studio and Escape Hunt combined their creativity into forming another live escape game, For those unfamiliar with the concept of escape rooms, you get the chance to […]

The post FIRST PLAY: Doctor Who: A Dalek Awakens – Battle against the Doctor’s Most Feared Enemy appeared first on Blogtor Who.

Categories: Doctor Who Feeds

Some Counsel Regarding Covid-19

Just Call Me Pastor - Mon, 03/16/2020 - 11:00

Our doctor son, Robert, has written an email to us about the novel Corona virus (Covid-19). It contains some good counsel, and, with his permission, I pass it along to you. I send it with prayers for all who suffer from this crisis, whether from anxiety, actual illness, or the stress of taking care of those who are ill.

Dear Mom and Dad (and family),

First of all, please don’t think me panicked or crazy.” We are in the Lord’s hands, and the hope is that, in a few weeks, the rate of new cases will have slowed. Still, the future is unknowable, and so discretion is the better part of valor… With this in mind, permit me a comment or two encouraging a bit of wisdom and hypervigilance. After all, many of us are older,” and we have some health conditions to boot.

As you know, the first thing for a people group to try when a threatening virus is identified is containment. In other words, identify those infected and all of their contacts and quarantine them, hoping to keep the disease from becoming widespread.

Containment is no longer possible here. This is because there are so many unexplained cases without recent travel or exposure to someone who is ill that the virus must be considered to have escaped” into the general population. And there is no herd immunity” to this virus since it is new.”  

The next strategy therefore is mitigation. That is, trying to avoid a dramatic spike of cases that overwhelms the medical system, causing shortages, for example, of ventilators for the gravely ill. Mitigation not only aims to reduce the height of the spike but also to spread the cases of infection across a longer time span so that needed resources can be cycled into use across time rather than all at once.

Possibly the most powerful means of mitigation is exaggerated hand hygiene. Another is self-imposed social distancing. That means actually staying six feet or more away from others when appropriate, but also avoiding crowds. The incidence curve in a population is really flattened and broadened if the population practices these things. And it is important for young people to practice this even if they feel no personal threat because the disease is routinely so mild for them. Young people who feel fine can spread the virus to their community, parents, and grandparents.

I’m not thinking the situation is all that urgent (at least for the moment) for us who don’t live near a cluster of cases. Don’t let me make you crazy… But it is projected that the number of clusters will increase quickly in the next few weeks. Consider that Prime Minister Justin Trudeau’s wife now has the virus. So do Tom Hanks and his wife in Australia. Apparently, there were exchange students who jumped” / disobeyed quarantine restrictions and spread the virus into the Australian population. And President Trump and Vice-President Pence had dinner a few days ago with a man who has fallen ill. He was sitting right next to President Trump. (The president did get tested, and does not have the virus.)

My point only is that the fewer people we come into contact with, the less likely we are to contract this illness. Obvious measures (which we are already taking, particularly meticulous hand-washing and avoiding touching your face) include:

  1. No handshaking. Elbow bumps at most.
  2. Stay six feet or more away from people when possible when out in public.
  3. Stay away from anyone you see blowing their nose (even though this is not a major symptom of Covid-19) or especially if they are coughing.
  4. Sanitize carts at stores (if you must go there) and be extremely aware of your hands and where they have been. Sanitize hands very frequently especially when out and about. Probably six times during/after any necessary shopping visit.
  5. Consider having on hand a week’s worth of canned or frozen food. And, yes, you can easily live on buttered pasta or oatmeal and canned peaches for a few days so no need to empty out the supermarket.
  6. Consider just staying away from any group activities. That actually includes church! And hospitals and primary care doctor’s offices. How about we ALL move to the basement!
  7. Humor has a role, even if the gallows variety.

Again, we of all people should not panic, because, to paraphrase the song slightly,We know who holds the future, and we know who holds our hand.”  

Categories: Churchie Feeds

Weird Revisited: Middle Earth with More Pulp

Sorcerer's Skull - Mon, 03/16/2020 - 11:00
"Know, O prince, that between the years when the oceans drank Númenor and the gleaming cities, and the years of the Fourth Age, there was an Age undreamed of, when realms of Elf, Man, and Dwarf lay spread across the world like blue mantles beneath the stars. . . Hither came Aragorn of the Dúnedain, black-haired, sullen-eyed, sword in hand, a ranger, a wander, a chieftain, with gigantic melancholies and gigantic mirth, to tread the thrones of Arda under his feet." - The Red Book of WestmarchI posted that bit of Howardian remix on G+ yesterday goofing around, but it's a serious idea: What would Middle-earth be if presented in a more pulp fantasy (not just Robert E. Howard) sort of way? You could do a really comprehensive overall, sure, where maybe only the names remain the same, but I think a few tweaks here and there would make a big difference. Just take a look at things that are already pretty pulpy: 1) a fallen age following the sinking of a "Atlantis"; (2) Orders of beings with some more advanced and others more degenerate than others; (3) a lot of ruins strewn about; (4) a lot of wilderness separating civilized areas; (5) Magic (to the extent it is practiced by Men--i.e. humans) seems the province of sorcerers who are engaged with evil forces.

So let's start with Eriador, also called the Lone-Lands, which is pretty cool, because that's where the stories do, and see how it goes. Eriador is definitely a "Points of Light" place; a former advanced kingdom where most of the cities have fallen into ruin after a war with a Witch-King.


Witch-King Cultists: When a guy named the Witch-King used to rule, I think there probably should be hidden enclaves (or whole villages) fallen to his service and maybe worship of Sauron or Morgoth. They probably also engage in sacrifices commiserate with their Satanic cultist behavior.

The Rangers of the North: The Dúnedain who struggled against the Witch-King were descendants of Numenoreans (like Conan was a descendant of Atlanteans). After their defeat they become badass wilderness types organized into tribes or bands, I'd guess. They're about as much "barbarian" as Conan is, except they're in tight with elves. They roam the wilderness and hunt orcs and trolls (and probably those Witch-King cults). They could be part frontier lawmen, but also a lot like the settlers described in Howard's "Beyond the Black River":  "They were all gaunt and scarred and hard-eyed; sinewy and taciturn."

Replace the Picts in those Pictish Border Howard stories with orcs or Hill-men, and you've got it. Or replace Solomon Kane in any of a few of his stories with a lone ranger (heh), and that works as well.

Woses: Speaking of Picts, a couple of Howard's Pict stories are perfect inspiration for the mistreated, more primitive Drúedain. Check out "The Lost Race." Here's a perfect description:
"Scarce above four feet stood the tallest, and they were small of build and very dark of complexion. Their eyes were black; and most of them went stooped forward, as if from a lifetime spent in crouching and hiding; peering furtively on all sides. They were armed with small bows, arrows, spears and daggers, all pointed, not with crudely worked bronze but with flint and obsidian, of the finest workmanship. They were dressed in finely dressed hides of rabbits and other small animals, and a kind of coarse cloth; and many were tattooed from head to foot in ocher and woad" Hill-Men: Again speaking of Picts, in either Howards frontier stories or some of his other Pictish yarns where their degeneration is more sinister (after Machen) and less sad, the Hill-Men can be those sort of Picts. A little degeneration won't hurt. They're really likely to be those cultists mentioned above, too.


The towns: As to the civilized or more settled areas of Eriador. I strongly support MERP's idea that Tharbad (before it was a ruin) was a decaying city of cutthroats and thieves. A standard Conan tavern ought to fit in well, in any of those towns, too. Just substitute "Brythunian" with "Breeland" and you're good to go.

REVIEW: Doctor Who: The Faceless Ones – The Latest Missing Episodes Animation

Blogtor Who - Mon, 03/16/2020 - 08:00

Following in the footsteps of previous releases ‘The Power of the Daleks‘ and ‘The Macra Terror‘, comes ‘The Faceless Ones‘. Animation is now well established as an effective way of telling lost Doctor Who stories. So do Chameleon Tours fly high once again? ‘The Faceless Ones‘ is a great Doctor Who story with a particularly […]

The post REVIEW: Doctor Who: The Faceless Ones – The Latest Missing Episodes Animation appeared first on Blogtor Who.

Categories: Doctor Who Feeds

1383

Looking For Group - Mon, 03/16/2020 - 04:00

The post 1383 appeared first on Looking For Group.

Categories: Web Comics

A Free Adventure & A Keltic Campaign Sword & Sorcery Set Up

Swords & Stitchery - Sun, 03/15/2020 - 17:48
"Magical mirrors often hold more than you’re bargaining for. An adventure for a group of 1st and 2nd level characters."This guy is in so much trouble its not even funny. Will o whisps are very unforgiving. Time to roll up a new PC.Footprints 22 | Masthead by ZhuThe Grove of Ghost-lights by Markus Holzum While the entire world melts down in virus induced panic, we've been doing Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

Elves from the Broken Sword

Sorcerer's Skull - Sun, 03/15/2020 - 14:00

The elves of Poul Anderson's The Broken Sword are like the standard elves of D&D to the extent they both share similarities to Tolkien's elves (in the case of Anderson's book, it's because they share the same sources), but are very different in other ways: they are haughty and cruel, more classic faerie-like, invisible to human's without witchsight and vulnerable to iron.

Here's an elven subrace for 5e that is a bit more like Anderson's version than the standard D&D ones:
Ability Score Increase. Your Charisma score increases by 1.Elf Weapon Training. You have proficiency with the longsword, shortsword, shortbow, and longbow.Cantrip. You know one cantrip of your choice from the wizard spell list. Charisma is your spellcasting ability for it.Fleet of Foot. Your base walking speed increases to 35 feet.Iron Sensitivity. Iron weapons do +1 damage against one. You cannot wear iron weapons or armor, or even touch it without taking 1 point of damage per round.

Retro Review & OSR Campaign Commentary On Jungle Tomb of the Mummy Bride By Levi Combs From

Swords & Stitchery - Sun, 03/15/2020 - 00:34
"Tales of the cursed pyramid and the sleeping tomb of the Mummy Bride have long been a traveler’s tale, passed along by wayward explorers and greedy plunderers alike. Deep within the verdant jungles of the south, amidst a Green Hell of impenetrable jungle, savage cannibals and ancient myth, lies the shattered remnants of a once-powerful civilization and the terrible gods who ruled over them. Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

Why Ants?

The Splintered Realm - Sat, 03/14/2020 - 20:28
I think it's a fair question. Of my three 'properties', Army Ants is the most niche. It's got the smallest audience. It doesn't have the potential broad appeal of fantasy games. It doesn't have the competitiveness (and money-making ability) of supers gaming. It is, consistently, my lowest-performing major 'brand'.

So why the heck do I keep coming back to it?

It's a fair question, and one I ask myself a lot. Why wouldn't I work on something that people are more willing to pay for? Why wouldn't I develop a game that has a larger potential market? I think that there are two primary reasons...

1. Themes and Story. This is the big one. Army Ants keeps confronting me with the same themes that have always been interesting to me: the role of the individual in a society, sacrifice and friendship, grit in the face of adversity. Good vs. evil. These are hard-wired into the heart of the Army Ants world, and I get to continually refine these in new directions.

In addition, I conceived of an Army Ants 'super narrative' about twenty years ago, and I've never had a chance to tell the whole story. When I sit down to write about it, I'm not 'making things up'. It's all there, already largely formed in my subconscious. I'm just telling you a story that's already happened.

2. It's me. My fantasy game will never (ever) be more than a shadow of the grand-daddy of them all. I think it's a great, simple, clean knock off. But, at the end of the day, it's a knock off. It gives me a chance to re-create the game I loved growing up. That is powerful. But, every time I walk into a game or book store, I cannot help but marvel at the quality and quantity of content for D+D that I will never be able to replicate. The supers game is the same way, but with a different set of limitations. My game world (which is a big part of what I think makes a supers game tick) is never going to be more than a mashup of and reaction to the big two comic book universes. At the end of the day, that game is attempting to emulate someone else's material, not to forge my own.

Army Ants doesn't have any of those limitations. Nobody is doing Army Ants better than me. There is no external yardstick that I'm inevitably falling short of.

The other nice thing is that with Army Ants, I'm lingering in the shadows of some of my favorite worlds. Tolkien was mocked by the scholarly community for writing about hobbits and dwarves. Richard Adams and Stan Sakai have crafted stories around rabbits. Dave Sim did 300 issues about an aardvark. These are some of the people I most admire as a creator, and it feels like Army Ants is my world. It's where I want to spend my time. 

Two More Freebie Adventures & How To Create A Mini Sword & Sorcery Swamp OSR Campaign To Go!

Swords & Stitchery - Sat, 03/14/2020 - 19:54
"The Frog Idol has stood in the Black Mire for ages untold – an idol of an ancient and forgotten god who now only manifests through this ancient rock in a forgotten place. However, with the conquest of the dwarven citadel of Kuln by the giants, adventurers have been seen again in the city of Coruvon. And from Coruvon, the Black Mire is always in sight. This adventure is designed as a Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

[MgT2] Vargr 1

Furiously Eclectic People - Sat, 03/14/2020 - 19:03

Rikki-Tikki-Traveller 2e

Name:
Race: Vargr
Age: 38
UPP: A6E7A5

Skills:
Melee 3(4)
Admin 1, Animals (Riding) 1, Athletics (Dex) 1, Deception 1, Engineer 1, Explosives 1, Gun Combat 1, Heavy Weapons (Man) 1, Leadership 1, Medic 1, Recon 1, Vacc Suit 1
Drive 0, Electronics 0, Flyer 0, Mechanics 0, Profession 0

Stuff:
10K Creds; 10K/annum pension
Combat Implant -Enhance Melee (from 3 to 4)
Cloth Armour (self sealing, computer weave 0, chameleon, thruster pack) +8
Hostile Environment Vacc Suit (thruster pack, magnetic grapples, eye protection, computer weave 0) +12
Broadsword

History:
Army Academy declined entry; successful entry into Army-Support.
Term 1: Hostile planet (Vacc1), Rank 1 Lance Cpl, same plant as J Vargr (Dec. 1).
Term 2: +1 Endurance; Brutal gorund war (guns), Rank 2 Cpl
Term 3: Athletics 1; Planet (wild or hostile) with J Aslan (Melee 1); Rank 3 Lance Sgt; Explosives 1
Term 4: Melee; Heroism in battle, Rank 4 Sgt; +1 Endurance, Ageing -1 Strength
Term 5: Melee, Peacekeeper (Admin), Rank 5 Gunnery Sgt, Heavy Weps (Man portable)

image_blog: tweetbutton: 
Categories: Miscellaneous Blogs

Black Roads & Deodanths of Destruction - Play Session Report Cha'alt/Godbound Campaign

Swords & Stitchery - Sat, 03/14/2020 - 03:24
Today's  Godbound/Cha'alt game has been an adventure unto itself. The Corona virus scare has made my gaming & even blogging very interesting in Connecticut. Half of my day was gathering supplies,shopping, & then finally settling in for my usual Friday night game. In tonight's game I have a gang of Deodanth acting as a  hit squad warriors to take out the party. The Deodanths are working for the Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

Pages

Subscribe to Furiously Eclectic People aggregator