Feed aggregator

HelloKitty: When Cyberpunk met cy-purr-crime

Malwarebytes - Thu, 03/18/2021 - 12:01

On February 9, after discovering a compromise, CD Projekt Red (CDPR) announced to its 1+ million followers on Twitter that it was the victim of a ransomware attack against its systems (and made it clear they would not yield to the demands of the threat actors, nor negotiate).

Cyberpunk 2077, the latest game released by CD Projekt Red and once hailed as the “most anticipated game of the decade”, was released in December 2020 with many calling it an “unplayable mess”.

No surprise then that some people suspected that enraged gamers were hitting back at the company for releasing the game in that state. But infamous ransomware hunter Fabian Wosar (@fwosar), of Emsisoft begged to differ.

The amount of people that are thinking this was done by a disgruntled gamer is laughable. Judging by the ransom note that was shared, this was done by a ransomware group we track as "HelloKitty". This has nothing to do with disgruntled gamers and is just your average ransomware. https://t.co/RYJOxWc5mZ

— Fabian Wosar (@fwosar) February 9, 2021

Although what he said was an informed claim, we cannot say for sure what hit CDPR until a ransomware sample is retrieved and analyzed. Nevertheless, the name-check was enough to put the HelloKitty ransomware family in the headlines.

HelloKitty ransomware

The HelloKitty ransomware, also known as Kitty ransomware, was first seen in November 2020, a few months after the first variants of Egregor were spotted in the wild.

CEMIG (Companhia Energética de Minas Gerais), a Brazilian electric power company, revealed on Facebook in late December 2020 that it was a victim of a cyberattack. Succeeding reports revealed that HelloKitty was the ransomware behind it, and that this ransomware strain was used to steal a large amount of data about the company. The attack didn’t cause any damage, however, but it caused the company to suspend its WhatsApp and SMS channels, and its online app service.

This ransomware family was named after a mutex it used called “HelloKittyMutex.”

Some researchers refer to HelloKitty as DeathRansom—a ransomware family that, based on its earlier variants, merely renames target files and doesn’t encrypt them. We speculate, however, that HelloKitty was built from DeathRansom. As such, Malwarebytes detects this ransomware as Ransom.DeathRansom.

The threat actors behind HelloKitty ransomware aren’t as active as some other threat groups, so there is little information about it. Below is what we know so far.

Infection vector

According to SentinelLabs, current intelligence suggests that HelloKitty arrives via phishing emails or via secondary infection from an initial malware attack.

Symptoms HelloKitty ransom note

Systems affected by HelloKitty ransomware display the following symptoms:

1. Terminated processes and Windows services. Once it reaches an affected system and executes, HelloKitty terminates processes and Windows services that may interfere with its operation. These processes are generally associated with security software, backup software, accounting software, email servers, and database servers (to name a few). Overall, it can target and terminate over 1,400 processes and services.

It performs the termination process using taskkill.exe and net.exe, two legitimate Microsoft Windows programs.

SentinelLabs also notes that if there are processes HelloKitty cannot terminate using these executables, it then taps into Windows’s Restart Manager to perform the termination.

2. Encrypted files with .KITTY or .CRYPTED file extensions. On Windows systems, HelloKitty ransomware uses a combination of AES-128 + NTRU encryption. On Linux systems, it uses the combination AES-256 + ECDH. These encryption recipes are not known to have any weaknesses, making decryption impossible without a key.

Encrypted files will have the .kitty or .crypted file extension appended to the file names. For example, an encrypted sample.mdb file will either have the sample.mdb.kitty or sample.mdb.crypted file names.

3. Targeted ransom note. The HelloKitty ransom note is usually a plain text file bearing either the name read_me_lkdtt.txt or read_me_unlock.txt that references its target and/or its environment. For a sample content of the note, below is a portion of the CEMIG ransom note as follows:

Hello CEMIG!

All your fileservers, HyperV infrastructure and backups have been encrypted!

Trying to decrypt or modify the files with programs other than our decryptor can lead to permanent loss of data!

The only way to recover your files is by cooperating with us.

To prove our seriousness, we can decrypt 1 non-critical file for free as proof. We have over 10 TB data of your private files, databases, personal data… etc, you have 24 hours to contact us, another way we publish this information in public channels, and this site will be unavailable.

The ransom note also includes a .onion URL that victims can open using the Tor browser. URLs are different for each victim.

4. Deleted shadow copies. Similar to other well-known ransomware families like Phobos and Sodinokibi, HelloKitty deletes shadow copies of encrypted files on affected systems to prevent victims from restoring them.

Indicators of Compromise (IOCs)

Tor Onion URLs:

  • 6x7dp6h3w6q3ugjv4yv5gycj3femb24kysgry5b44hhgfwc5ml5qrdad.onion
  • x6gjpqs4jjvgpfvhghdz2dk7be34emyzluimticj5s5fexf4wa65ngad.onion

SHA256 hashes:

  • 78afe88dbfa9f7794037432db3975fa057eae3e4dc0f39bf19f2f04fa6e5c07c
  • fa722d0667418d68c4935e1461010a8f730f02fa1f595ee68bd0768fd5d1f8bb
  • c7d6719bbfb5baaadda498bf5ef49a3ada1d795b9ae4709074b0e3976968741e
  • 9a7daafc56300bd94ceef23eac56a0735b63ec6b9a7a409fb5a9b63efe1aa0b0
  • 38d9a71dc7b3c257e4bd0a536067ff91a500a49ece7036f9594b042dd0409339

The post HelloKitty: When Cyberpunk met cy-purr-crime appeared first on Malwarebytes Labs.

Categories: Techie Feeds

What I Want in A Superhero Rpg

Sorcerer's Skull - Thu, 03/18/2021 - 11:00

When it comes to superhero rpgs, I've played and enjoyed a few of them over the years starting with Villains & Vigilantes and going through the Marvel Superheroes Roleplaying Game, DC Heroes rpg, Champions, GURPS Supers, and Mutants & Masterminds. I've owned and read numerous others, including Heroes Unlimited, Wild Talents, Silver Age Sentinels and ICONS. I'm about to give the Sentinel Comics rpg a whirl.

I don't think I've ever found the perfect supers game for me, though. At least, not perfect for what the 2021 version of me wants out of one. These are the things I think I'm looking for:

Low to Medium crunch. I'm not interested in rules heavier games like Champions or GURPS currently. I would suspect medium crunch games would probably give the best balance between covering what needs to be covered, but not doing too much.

Emulates comics. I'm interested in something that supports creating the sort of thing we see in comic books (or superhero film) not "a world with superheroes." Some of my following points sort of flow from this one.

"Every member of the Justice League gets to do something important." Older superhero games, to me, make the mistake of wanting to tailor attributes/power levels to benchmarks, winding up with disparate power levels. Sure, things like Karma/Hero Points address some of this, but in comics it mostly seems that power levels wind up being more about how characters tackle problems than whether they can tackle them. The Fantastic Four beats Dr. Doom, but so does the Punisher (or close enough). They just do it in different ways.

Heroic Normals are viable. Because of the ability score benchmarks, guys like Nick Fury or the Challengers of the Unknown tend to come out pretty samey in abilities because the normal end of the scale gets shortened. A system that gave them more variation would be nice. Of course, if you wanted a campaign of these folks, one could just play a nonsuperhero game, so this perhaps isn't as important to me as other points.

Variable Villains. Ever noticed how villains tend to be tougher or weaker depending on the hero or heroes their dealing with? I suppose it could be argued the heroes change and the villains stay the same, but anyway it might be nice if supers rpgs had mechanics for this difference.

Powers not overly detailed, but not quite freeform. Honestly, I lean toward more of a "just tell me what is does take", but you need to certain mechanics attached to powers to use them in the game, and you also need suggestions for people modeling powers, so for that it seems like completely freeform isn't the way to go. 

Supreme effort. This is one supers games seem to consistently pick up, but it bears repeating. There should be a means of a hero giving it that extra oomph in a dramatic moment.

There's probably something else I'm not thinking of, but that's all I've got now.

Mother charged with using deepfakes to shame daughter’s cheerleading rivals

Malwarebytes - Thu, 03/18/2021 - 09:11

A Pennsylvania woman reportedly sent doctored photos and videos of her daughter’s cheerleader rivals to their coaches, in an attempt to embarrass them and get them kicked off the team. She’s alleged to have used deepfake technology to create photo and video depictions of the girls naked, drinking, and vaping, law enforcement officials said.

The woman—50-year-old Raffaela Spone—was arrested in early March and charged with multiple misdemeanor counts of cyberbullying, after targeting three teen girls in Victory Vipers, her daughter’s cheerleading squad, and three counts of harassment. However, she was later released on the condition that she attends her preliminary hearing on March 30.

A deepfake, is a realistic fake image or video that uses machine learning to replace the original subject with somebody else’s likeness. The usual recipe needed to create one is a deepfake tool, which are becoming widely accessible online, the original image or video, and a photo or photos of the person being added to it.

According to reports, Spone likely used images from the girls’ social media accounts to create the fake media. She also anonymously sent harassing text messages from multiple fake phone numbers to the girls, their parents, and the owners of the gym where the cheerleading squad practiced. Some messages contained deepfakes, and some messages urged them to kill themselves, according to The Philadelphia Inquirer.

Police were able to identify that the fake numbers Spone used belonged to an app called Pinger. This allowed them to acquire the IP address messages were coming from, and then use the IP to acquire Spone’s home address and phone carrier. Further searches on Spone’s phone revealed evidence tying her to the deepfakes.

Per court records, there was no indication that her daughter knew what her mother was doing.

“Here are some of my concerns in this case,” said Bucks County District Attorney Matt Weintraub during a news conference Monday, “[deepfake] tech is now available to anyone with a smartphone. Your neighbor down the street, somebody who holds a grudge—you’ll just have no way of knowing. This is prevalent.”

He continued, “This is also another way for an adult to now prey on children, as is the case of the allegations in this instance.”

Crimes committed by Spone was something Henry Ajder, a deepfake researcher, saw coming. Speaking to The New York Times, Ajder, who anticipates that deepfake depictions will become more realistic in the next five years, is concerned they could be used to “attack individuals, create political disinformation … conduct fraud and manipulate stock markets”.

Robert Birch, Spone’s attorney, revealed to WPVI-TV, a local network, that his client has received death threats after reports about the deepfakes appeared in the press.

Victory Vipers apologized to all individuals involved in this case. “Victory Vipers has always promoted a family environment and we are sorry for all individuals involved. We have very well-established policies, and a very strict anti-bullying policy in our program.” said Mark McTague and Kelly Cramer in a statement.

“When this incident came to our attention last year we immediately initiated our own internal investigation and took the appropriate action at the time. This incident happened outside of our gym. When the criminal investigation ensued, we fully cooperated with law enforcement. All athletes involved, are no longer a part of our program.”

Other posts on the subject of deepfake:

The post Mother charged with using deepfakes to shame daughter’s cheerleading rivals appeared first on Malwarebytes Labs.

Categories: Techie Feeds


Looking For Group - Thu, 03/18/2021 - 04:00

The post 1488 appeared first on Looking For Group.

Categories: Web Comics

'If This Be Our Last Battle Ground' Sword & Sorcery OSR Thoughts On X5: "Temple of Death" (1983), by David "Zeb" Cook, Michael Moorcock, Lamentations of the Flame Princess rpg, & More

Swords & Stitchery - Thu, 03/18/2021 - 02:20
 "Sent on a desperate mission into an unknown land, you must seek out one called "the Master" and his Temple of Death. There is little time to waste, as you must act before the Master's armies destroy your homelands. But to complete your task, you must battle fearsome guardians, travel through a hostile kingdom, and discover the secret of the Master. Can you survive his defenses and win?"This is Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

Saint Patrick's Day Serpents With The Magicks of Corum & Beyond

Swords & Stitchery - Wed, 03/17/2021 - 18:05
 "A New World for StormbringerThe balance between Chaos and Law has tipped. Barbarian hordes sweep across the land while civilization decays in doomed castles. Eldritch beasts terrorize the innocent. Arcane technologies are all but lost and foul Chaotic magic corrupts land and sea alike. In the age to come a cursed Prince will seek his destiny across this dying world. His path will be vengeance, Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

Apple shines and buffs Mac security—Is it enough to stop today’s malware?

Malwarebytes - Wed, 03/17/2021 - 15:26

There’s a lot going on in the Mac security world lately.

Over the last few months, Apple has ramped up security efforts across its platforms. From an endpoint security framework overhaul of macOS Catalina to phasing out kernel extensions, the tech giant has been battening down the hatches—especially of macOS and Mac computer hardware.

Despite Apple’s best efforts—or perhaps as a result of them—the Mac threat landscape has become even more dangerous. But instead of welcoming allied assistance via third-party security vendors, Apple is closing the gate. And cybercriminals are closing the gap.

A crack in the Mac door

It seems like only yesterday there weren’t many breaking news stories on Mac security threats to bite into. In fact, news on Apple cyberthreats wasn’t just infrequent—it was inconsequential. But over the last few years, credible threats, exploits, and hacks of Apple products have become more persistent. There was KeRanger ransomware in 2016. Several effective Mac-facing miners joined the crypto-rush in 2018. The iOS vulnerability exploited by checkm8 rattled quite a few cages in late 2019.

However, from the start of 2020 onward, the malicious momentum has been building. In the 2020 State of Malware Report, Malwarebytes researchers found that Mac malware—primarily backdoors, data stealers, and cryptominers—had risen by 61 percent over the previous year.

2020 served Apple users with a number of targeted attacks using RATs and APTs developed by nation-state actors from China, North Korea, and Vietnam. Some of these made their way into the wild; others appeared on journalists’ iPhones. ThiefQuest, a Mac malware masquerading as ransomware, was discovered in mid-2020.

Despite having the most locked-down security system of Apple’s platforms, iOS was particularly pummelled in the last year. A zero-click exploit remained unpatched for six months of 2020, leaving innocent iPhone users unaware that anyone nearby could completely take over their device without touching it. In November 2020, Apple released patches for three zero-day vulnerabilities in iOS and iPadOS that were being actively exploited in the wild.

Unfortunately, 2021 is proving to be similarly rotten for Apple. Just last week, the company released a patch for iPhone, iPad, and MacBook for a bug that could allow code execution through websites hosting malicious code. Reading between the lines, this means its browsers were vulnerable to exploits that could be launched from malicious website content, including images and ads.

While Apple didn’t comment on whether this particular vulnerability had been discovered by cybercriminals, the company released patches for three separate security bugs that were being actively exploited in January 2021. (Note: These are a different three vulnerabilities than the zero-days found in November.) And just a couple weeks ago, there was Silver Sparrow.

Silver Sparrow is a new Mac malware that swooped in on February 18 and was found on nearly 40,000 endpoints by Malwarebytes detection engines. At first considered a reasonably dangerous threat (researchers now believe it’s a form of adware), Silver Sparrow is nevertheless a malware family of intrigue for showcasing “mature” capabilities, such as the ability to remove itself, which is usually reserved for stealth operations.

One of Silver Sparrow’s more advanced features is the ability to run natively on the M1 chip, which Apple introduced to macOS in November. The M1 chip is central to Apple’s latest security features for Mac computers, and that makes it central to the apparent security paradigm shift happening within the company’s walls.

Apple security paradigm shift

And what paradigm shift is that? Macs running the M1 chip now support the same degree of robust security Apple consumers expect from their iOS devices, which means features like Kernel Integrity Protection, Fast Permission Restrictions (which help mitigate web-based or runtime attacks), and Pointer Authentication Codes. There are also several data protections and a built-in Secure Enclave. Put plainly: Apple have baked security directly into the hardware of their Macs.

But the security changes aren’t limited to the M1 chip or even macOS. On February 18, the company released its Platform Security Guide, which details the changes in iOS 14, iPadOS 14, macOS Big Sur, tvOS 14, and more—and there are many. From an optional password manager feature in Safari that looks out for saved passwords involved in data breaches to new digital security for car keys on Apple Watches and the iPhone, the security sweep appears to be comprehensive. In the guide preamble, Apple touts:

“Apple continues to push the boundaries of what’s possible in security and privacy. Apple silicon forms the foundation for…system integrity features never before featured on the Mac. These integrity features help prevent common attack techniques that target memory, manipulate instructions, and use JavaScript on the web. They combine to help make sure that even if attacker code somehow executes, the damage it can do is dramatically reduced.”

Looking at the collective security improvements made to Macs over the last several months—the M1 chips, changes to system extensions, an entirely new endpoint security framework—it appears Apple is making great strides against the recent uptick in cyberattacks. In fact, they should be commended for developing many beneficial technologies that help Mac (and iPhone) users stay more secure. However, not all of the changes are for the better.

Securing themselves in the foot

Unlike their Microsoft counterparts, Apple have been historically far more reticent about working with others—and that extends to third-party antivirus programs and security researchers alike. Their recent security upgrades for macOS and MacBook hardware are, unfortunately, right on brand.

The security components of M1-based Macs are harder to analyze and verify for those looking in from the outside. Security researchers and the tools they use may be thwarted by a less-than-transparent environment. Essentially, the new developments have hidden Mac defenses behind castle walls, which could make it more difficult for users, businesses, or analysts to know whether their devices have been compromised.

In a recent article in the MIT Technology Review, journalist Patrick Howell O’Neill said that Apple’s security succeeds in keeping almost all of the usual bad guys out, but when the most advanced hackers do break in, “Apple’s extraordinary defenses end up protecting the attackers themselves.” Those threat actors with the resources to develop or pay for a zero-day exploit can pole jump over the Apple security wall and, once inside, move around fairly undetected because of its locked-down, secretive nature.

Mac system extensions and the endpoint security framework introduced in Catalina are similarly problematic. Third-party software developers must apply to Apple for system extensions, and they aren’t just handing them out like masks and sanitizer. Once a developer gets a system extension approval from Apple, though, that developer’s software is protected by System Integrity Protection—and it’s nearly impossible to remove the extension unless you’re the owner of the software.

That’s great for legitimate third-party software programs, like Malwarebytes for Mac, especially in protecting against outside threats that might try to disable security software during an attack. But not every company that applies for system extensions is legitimate.

There have already been a few examples of developers known for cranking out potentially unwanted programs (PUPs) getting extensions from Apple. Because of this, some PUPs can no longer be fully removed by Malwarebytes (or any other security vendor) from Mac computers running Catalina or Big Sur. And while there are some ways that users can manually remove these programs, they are by no means straight-forward or intuitive.

No matter the malware

There’s been much fuss made about “actual” Mac malware in the press (and in this very article), but PUPs and adware are a significant issue for Mac computers. Cue the classic rebuttal: “But it’s only PUPs!” While many like to trivialize them, PUPs and adware open the door for more vulnerabilities, making an attack by malicious software even easier. Adware, for example, can host malicious advertising (malvertising), which can push exploits or redirects to malicious websites. If the most recent vulnerability patched by Apple wasn’t already being exploited, that would have been a perfect opportunity for cybercriminals to penetrate the almighty Apple defenses.

As discovered in the State of Malware Report, PUPs represented more than 76 percent of Mac detections in 2020. Adware accounted for another 22 percent. Actual malware designed for Macs is but a small slice of the apple. But it’s a growing slice for businesses with Mac endpoints.

In 2020, Mac threat actors decided to take a page out of the Windows cybercriminal book and turn their attention toward larger organizations instead of individuals. To that end, Mac malware increased on business endpoints by 31 percent in 2020—remote work and all. There may not be as many “actual” malware attacks on Mac endpoints as on Windows, but the share of Macs in business environments has been increasing, especially since the start of the pandemic.

Apple has developed some impressive armor for its Macs, but it doesn’t protect against the full scope of what’s out there. Further, Apple only uses static rules definitions for its anti-malware protection, which means it won’t stop malware it doesn’t already recognize. A security program that uses behavioral detection methods (heuristic analysis), like Malwarebytes Endpoint Detection and Response, has the potential to catch a lot of bad apples that Apple hasn’t seen yet.

As time goes on, we’re increasingly in danger of a major attack waged against Macs. There are still a myriad of Mac users who don’t install any third-party security. Fundamentally, Macs still aren’t all that difficult to infect—even with all the bells and whistles. And by closing their systems, Apple is limiting the capabilities of additional third-party security layers to assist in stopping that major attack from doing major damage.

Apple’s days of sitting on the security fence are certainly over. Time will tell if their fortress-like defenses win out, or if they’ll eventually need to depend on their allies for assistance.

The post Apple shines and buffs Mac security—Is it enough to stop today’s malware? appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Baa Ram Ewe Crochet Sheep Toy: Pattern, Tips, and Tricks

Moogly - Wed, 03/17/2021 - 15:00

The Baa Ram Ewe Crochet Sheep Toy is an adorable lamb stuffy made with Bernat Sheepy! Get the free crochet pattern, supplies, and my best tips for this pattern, on Moogly! Disclaimer: Materials provided by Yarnspirations and Michaels; this post includes affiliate links.  The Pattern How adorable is this crochet lamb toy? The instructions are...

Read More

The post Baa Ram Ewe Crochet Sheep Toy: Pattern, Tips, and Tricks appeared first on moogly. Please visit www.mooglyblog.com for this post. If you are viewing this on another site they have scraped the content from my website without permission. Thank you for your support.

Categories: Crochet Life

Small Islands of Wonder, Magic and Society Part 1

Bat in the Attic - Wed, 03/17/2021 - 14:16

On one of the posts I made on social media, Ian Borchardt created a great phrase for how I view magic's effect on the cultures of the Majestic Fantasy Realms.

One of the big problems is that magic in a lot of campaigns tends to be non-scalable, being focused in individuals. Thus I suspect that as a result the effects of magic would tend to cluster tightly, rather than spread through the society. Small islands of wonder in what is otherwise a less developed world (since there would be less incentive for overall development).

Over a decade ago I wrote a post speaking in general about some of issue surrounding magic and society.

Magic and Society (Feb 2010) 

I wrapped the post up with this.

There are a lot of dials here you can play with and the results is that many types of settings can result even when they share the same assumptions I am making. By doing this type of exercise you find yourself considering the different possibilities. This is can ultimately to a more interesting and fun game for you and your players.

Since then I done more work detailing my setting both as the Majestic Wilderlands and as the Majestic Fantasy Realms.  Hopefully a brief overview will serve as an example of some of the thing I touch on that post.

One the things I developed is the technology of magic. How was it discovered and how did it developed into its present form as outlined by the system. Currently the Vancian system found in ODnD's 3 LBBs. 

Originally in the Majestic Fantasy Realms level of magic was low, spells could only be cast through laborious 10 minute rituals. The range of spells was similar those found in the 3 LBBs of ODnD. Magic could be found in physical form as viz and that would allow a spell to be cast within seconds. Related spells could be cast quickly if made into a scroll or a magic item.

After the Dawn War, the Demons were imprisoned in the Abyss. Each of the surviving gods created a crystal. Nine of them were used to seal the entrance of the Abyss, and the tenth was the master Chromatic Cystal.

In order to power them, the gods had the crystals channel the ambient magic into their crystalline structure and then release it back out into the world. Creating a self sustaining loop the keep the demon imprisoned. A side effect this that were now flows of magic throughout the world. Concentrated enough to allow magical energy to be gathered quickly and released as a spell within seconds. 

The nine crystals "tainted" the flow emerging from them creating nine distinct forms of magic. Each form reflected the personality and powers of the god that created the crystal. These nine forms plus the original ambient magic became known as the Ten Arts of Magic.

Like our world's zodiac, they became associated with specific images and colors. The Claw (Black), The Eagle (Red), The Flame (Orange), The Forge (colorless, original ambient magic), The Hearth (Green), The Lantern (Purple), The Skull (White), The Storm (Indigo), The Tree (Blue), The Web (Yellow).

The Mechanics

So what does it means in terms of Swords and Wizardry? I created the following additions*

  • The maximum spell level the spellcaster could cast as ritual is determined by their level. 
  • Rituals take ten minutes to cast and require the presence of the spellbook.
  • Ritual spell caster can't memorize spells. 
  • The ritual spell caster had to have scribed the spell into their spell book. For pre-literate societies arcane spellcasters used natural media like cave walls, bark, stone, and sometimes dried tablets of clay to scribe mystical pattern that enabled to learn the spells. 
  • Magic items can be used in seconds within the time of a single combat round. Thus any spell used in combat had to be scribed as a scroll (or similar object), a wand, or a magic item.
  • One additional wrinkle I will touch on later is that if the ritual spell caster has viz, magic in physical form, then a spell can be casted within seconds. The number of viz needed is equal to the level of the spell. Viz is ephemeral and the spell caster can only maintain a number of viz equal to half of their level (rounded up) plus their intelligence bonus. Excess viz dissipates at the next sunrise, unless they have a special magic item called a Arcane Coffer.  
  • Spells are kept the as they are written in the book**. 
  • Each spells is associated with an art of magic. 
  • If cast with viz associated with a specific art or a spellcaster with a focus in that art. The spell has an increased effect***. 
*Rob's Notes: Ritual only spellcaster are deliberately designed to be weaker than normal vancian style magic-users. The only thing they are better at is that they are able to caster higher level spells at high level as ritual. A normal Magic-User can only learn to cast up to 4th level spells as rituals when they learn to memorize 8th level spells. 
**Rob's Notes: In the Majestic Fantasy RPG, I have rewritten some spells for clarity. Functionally they work the same as how they are presented in Swords and Wizardry.
***Rob's Notes: I was reluctant to this. Originally my idea was to have viz or a focus in an art equate to a +1 level caster bonus. A 8th spell caster with a focus in the Art of the Flame would cast fireball with 9d6 instead of 8d6. But it turns out there not many spells like Fireball in Swords and Wizardry, so I went through each spell and gave a small bonus effect if casted with a focus in an art or viz of that type. Usually increase in duration, range, etc.

Part 2

Categories: Tabletop Gaming Blogs

FBI warns of increase in PYSA ransomware attacks targeting education

Malwarebytes - Wed, 03/17/2021 - 11:39

On March 16, the Federal Bureau of Investigation (FBI) issued a “Flash” alert on PYSA ransomware after an uptick on attacks this month against institutions in the education sector, particularly higher ed, K-12, and seminaries. According to the alert [PDF], the United Kingdom and 12 states in the US have already affected by this ransomware family.

#FBI reporting notes a recent increase in PYSA ransomware targeting education institutions in 12 US states and the UK. PYSA, aka Mespinoza, is a malware capable of exfiltrating data and encrypting users’ critical files and data stored on their systems. https://t.co/FxoYZZKo7V pic.twitter.com/NOPAcEFxM8

— FBI Buffalo (@FBIBuffalo) March 16, 2021

PYSA, also known as Mespinoza, was first spotted in the wild in October 2019 where it was initially used against large corporate networks.

CERT France issued an alert a year ago about PYSA widening its reach to include French government organizations, and other governments and institutions outside of France. PYSA was categorized as one of the big-game hunters, joining the ranks of Ryuk, Maze, and Sodinokibi (REvil). “Big-game” ransomware attacks target entire organizations, with threat actors operating their ransomware manually, after spending time breaking into and an organization’s networks and conducting reconnaissance.

PYSA/Mespinoza can arrive on victims’ networks either via phishing campaigns or by brute-forcing Remote Desktop Protocol (RDP) credentials to gain access.

Before downloading and detonating the ransomware payload, threat actors behind this ransomware were also found to conduct network reconnaissance using open-source tools like Advanced Port Scanner and Advanced IP Scanner. They also install other such tools, such as Mimikatz, Koadic, and PowerShell Empire (to name a few), to escalate privileges and move laterally.

The threat actors deactivate security protection on the network, exfiltrate files, and upload the stolen data to Mega.nz, a cloud-storage and file-sharing service. After this, PYSA is then deployed and executed. All encrypted files in Windows and Linux, the two platforms this ransomware primarily targets, will have the .pysa suffix.

The FBI report also reveals a possible double extortion tactic that might occur against victims: “In previous incidents, cyber actors exfiltrated employment records that contained personally identifiable information (PII), payroll tax information, and other data that could be used to extort
victims to pay a ransom.”

In the last six months, the FBI and other law enforcement organizations have been warning the education sector about increased threat activity against them. And this isn’t just limited to ransomware attacks. Phishing campaigns and domain typosquatting also come into play.

The FBI’s “Flash” alert includes these recommended mitigations for potential targets.

To prevent attacks:

  • Install security updates for operating systems, software, and firmware as soon as they are released.
  • Use multi-factor authentication wherever possible.
  • Avoid reusing passwords for different accounts and implement the shortest acceptable timeframe for password changes.
  • Disable unused RDP ports and monitor remote access/RDP logs.
  • Audit user accounts with administrative privileges and configure access controls with the lowest privileges you can.
  • Use up-to-date anti-virus and anti-malware software on all hosts.
  • Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a VPN.
  • Consider adding an email banner to messages coming from outside your organization.
  • Disable hyperlinks in received emails.
  • Provide users with training on information security principles and techniques as well as emerging cybersecurity risks.

To mitigate the effects of an attack:

  • Back up data and use air gaps and passwords to make them inaccessible to attackers.
  • Use network segmentation to make lateral movement harder.
  • Implement a recovery plan and keep multiple copies of sensitive or proprietary data in physically separate, segmented, secure locations.

The post FBI warns of increase in PYSA ransomware attacks targeting education appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Halls of the Blood King, D&D adventure review

Ten Foot Pole - Wed, 03/17/2021 - 11:11
By Diogo Nogueira Necrotic Gnome OSE Levels 3-5

With the rising of the Blood Moon, the accursed abode of the Blood King returns to this world. The lord of all vampires comes to claim the blood that is owed to him. His halls contain treasures and secrets that would make any ambitious adventurer abandon reason and caution to seek them out. Will you risk your soul for gold and glory in the Halls of the Blood King?

This 56 page adventure details about a forty page manor home of an interdimensional vampire king. Good formatting, stuff to do, and some decent imagery lead to mountains of fun for every blood bag that dares enter! 

So, vampire king lives in this little manor home and pops around the multiverse, demanding tribute from all the vampires on the world he lands in, before moving to the next. Things are going great! Well, except for the blood spiders that have gained an intelligence and have their own mock court. But they are fun to watch. Oh, and that vampire hunter living inside, plagued by the morally questionable stuff they’ve done. But, hey, they are fun to watch and torment also! (How fucking ennui is that! “Yeah, I keep a psycho around and, yeah,. They sometimes kill people. It keeps things interesting around here …”) And, then, there’s the alien fungi in the basement. Bu, it’s fun to experiment on. Hope it doesn’t get out of hand and destroy all life on the world. And, of course, then there’s hidden rebellion within the home, the princess wanting to go her own way, with her followers. Then there’s the visitors, a motley crue of vampires, people pretending to be vampires, people studying vampires, and the list goes on. Minor players, but they all have goals and personalities and can be leveraged. Mom is upstairs. She wants to be reunited with her vampire king son. She’s a banshee now. Is he REALLY her son, like she says? What happens when you introduce the two? Or, hey, that mirror upstairs? The one that the vampire king put all of the kind parts of his soul in to? What happens, do you think, when he looks in to THAT mirror? And then there’s the little scale model of a solar system. With a sun. And little planets. That are actually planets full of living people, just very tiny. Also, fuckng with it could create a black hole that sucks everything in in a 30’ radius. Also, that black hole could swallow up the vampire kings heart, that he keeps stored nearby in a safe place. 

From that we can gather more than a couple of type of interactivity. We’ve got some traditional faction play. Then we’ve got some good NPC’s thrown in, both with their own explicit interactions with the adventure (mom, the mirror) and some opportunities to non-specifically exploit (the guests come to visit.) These three type of people could all be leveraged by the party, or use the party to their own ends, or just eat/kill the party. Then we have more traditional environmental interactivity, with the solar system, cause and effect, and some flaws, like the heart, hanging around. Wanderers are doing something. The guard barracks has one thrall who is reading a love letter from home and has ALMOST broken out of his thralldom. Shit is going DOWN in this place. All we need now is a dumpster fire full of gasoline to be wheeled about!

It’s clearly been designed for ease of use at the table. I don’t know if it’s Gavin (publisher) Diogo (writer) or Geist/Crader/Urbanek (Editing) but it feels like someone actually gave a shit when putting this together. The map is interesting, easy to read, contains notes like locked doors, and has rooms with monsters clearly marked on it with their names. The map, a handy reference sheet of vampire traits/abilities, and the wanderers table are right up front, the first three pages of the adventure, so as to act as an easy to locate reference for the DM. There’s a decent and yet short summary of whats going on in side the manor, as well as a little section on expanding things and consequences. All of this is fucking greta. A poster child for how to do things. There’s even a summary of all the treasure in the adventure, added up, where it is, and then how hard it is to loot it. There’s a little timeline with a couple of entries to keep the party moving. The room entires, proper, have bolded keywords, followed up with more keywords in a less-is-more type room description. There are bullets to describe things to follow up with. Monsters and NPC’s have short and sweet keyword descriptions. Some things have explicit notes on how they react (Desires blood!) and what to do. The sections expanded upon are not formulaic, but rather situational. IE: not every room has an explicit Lighting section. Or every monster an Appeasement section. 

Looking at a monster description we get this for the Shadow Hounds: Dark as the night (reflects no light). A face that is largely its maw and small red eyes (can swallow a head). Long and tall but very lean (as if stretched). That will also actr a good example of a room description. Imagine room features as the bolded words and follow up/enhancement information as the stuff in the parens. It’s great. It leaves dark corners in your brain that it works quickly and efficiently to fill in. This sort of format is, as I’ve mentioned a few times now, one of my favorites. I think it’s one of the easiest for a beginner to use effectively. It’s by no means the ONLY way to do things, but it is an effective and I think easy to grasp way that necessarily keeps the verbosity to a minimum.  There’s so much more. Notes on windows and balconies and using them. The art in this is pretty well matched, pulling off the interdimensional vampire stuff decently well, and add to the descriptive text, especially for the monsters.

A few notes. 

The adventure notes that “Many vampires are within.” Yeah, no fucking shit man! Level 3 my ass. This are not fake vampires but the real fucking deal. I’m not even sure Level 5’s would fare well. I like an unbalanced situation, it forces the party to approach things obliquely. I THINK things are handled well here. The wanderers are not 7HD vamps but guards, spiders, and the like. The one wandering vampire encounter is with some dinner guests looking for the dining room, something that can clearly be a social encounter. But man, that dining room! Thats the Steading feast hall on steroids!

More importantly though …

There’s something missing. A vibe? A feeling? A joie de viv? Something like IMAGINED rather than designed. But none of that is fair, for it it IS designed then designed in a way to put the imaginative forward. This is not a hack job of an adventure. It was tuned and tweaked and sweated over and that effort shows, easily. But it just feels like there’s something lacking. I don’t know what. Maybe it’s the timer, with the place disappearing in ten hours. Or the party hooks being a bit weak (It appears, go inside and X!) It’s context, and then moving the parts around to more relate to that context? This is a very, very good adventure and yet I’m struggling. The lack of whatever it is I can’t name would in NO way keep me from running this. It’s better than 99% of the adventures out there, easily. I dn’t know, someone will tell me and then I’ll know, I guess. It’s not something that one can put their finger on, or even recognize, I think, easily. Most people won’t care, and that’s fine, because this is a good adventure.

This is $7.50 at DriveThru. The preview is nine pages and shows you some interesting pages, to be sure, but none of the actual location pages. Bad Gnome! No mushrooms for you tonight!


Categories: Tabletop Gaming Blogs

Wednesday Comics: DC, March 1980 (part 1)

Sorcerer's Skull - Wed, 03/17/2021 - 11:00
I'm continuing my read through of DC Comics output from January 1980 (cover date) to Crisis. This week, I'm looking at the comics at newsstands around December 6,1979.
All-Out War #4: I'm still not impressed with the Viking Commando, but otherwise this is better than last issue, with a decent Black Eagle story, and a good Force 3 tale by Kanigher and Grandenetti. The non-series tales are better, to with the Korean War story "Road to Sunchon" by Archie Goodwin and evocative art by Ernesto Patricio tackling the common war comic theme of racism. Goodwin reaches for a little too much in the last panel, but it's otherwise solid.

Batman #321: This one starts off promising with a cover by José Luis García-López, and delivers a solid tale of the Joker's birthday by Wein and Walt Simonson. The best issue of Batman yet in the 1980s cover dates.
DC Comics Presents #19: O'Neil and Staton offers up a goofy yarn of a hawk-headed mutant psychically causing a violent reaction at a dinner party. Good thing Superman and Batgirl are there! O'Neil's script keeps referring to Batgirl as the "dominoed daredoll." I wonder if it bothered him that nickname never caught on?
Flash #283: Cary Bates is making each issue better than the last, I think, and Don Heck is supporting that. Not a lot has happened these 3 issues, admittedly, but they aren't decompressed, more like movie serial cliffhanger installments. Anyway, Reverse Flash tries to kill the Flash just as Flash is returning from the future with knowledge of Iris' killer. The Flash doesn't die of course, and lays into Reverse Flash who, in fact, is the murder. Of course, he gets away in the end, so everything is continued/
Ghosts #86: More ghostly tales with the conceit of being true. The most "high concept" (heh) tale has to be the one by Kashdan and Henson about a murderous stunt pilot who gets his comeuppeance when his dead partner's body drops into his airplane's cockpit decades later.

Jonah Hex #34: Our first Christmas story of the month! Fleischer and Dan Spiegle serve up and unusually humorous tale for the normally fairly grim world of Jonah Hex, where Hex is on the trail of some murderous robbers, and finds his father acting as sheriff in a haven for outlaws. He forces his no-account, abusive father to play Santa Claus for the kids at the orphanage.
Justice League of America #176: The whole JLA takes on Doctor Destiny in a classic "split in pairs and collect something" plot. Not terrible, but nothing special.
Men of War #26: Harris and Ayers give us a crossover. Gravedigger leads the combat-happy joes of Easy (minus Sgt. Rock) on a mission. Harris does a pretty good Kanigher imitation, but it's lightweight, late era, DC war stuff.
Secrets of Haunted House #22: Destiny narrates two tales. The most unusual of the two is by Kashdan and Ruben "Rubeny" Yandoc and is like Fantastic Voyage if the blood clot was a witch doctor.
Superboy Spectacular #1: This is mostly reprints, but it does include a map of Krypton, and a cutaway view of Superboy's house. The only new story is a "solve-it-yourself mystery" by Bridwell and Swan, which I won't spoil.
Superman #345: Time on Earth gets reversed due to the action of aliens. Conway and Swan serve up  a fairly Silver Age "puzzle" yarn.

Superman Family #200: This is a high-concept entry anthology, tales of the future at the "turn of the 21st Century" when Lois and Clark have a 16 year-old kid, and Linda "Superwoman" Danvers is governor of Florida. All the stories take place on the Kent's anniversary. Conway writes all of these stories but a number of artists appear.
Weird War Tales #85: J.M. DeMatteis and Tenny Henson deliver tale of alternate realities, where the enemy is various alternate United States. An interesting departure from the usual stuff from this comic.
Wonder Woman #265: An "untold tale" of Diana Prince's time with NASA, featuring a shuttle crash, aliens and dinosaurs by Conway and Delbo. The Wonder Girl backup has nice art by Ric Estrada.

Teen behind 2020 Twitter hack pleads guilty

Malwarebytes - Wed, 03/17/2021 - 10:00

The so-called “mastermind” behind the 2020 Twitter hack that compromised the accounts of several celebrities and public figures—including President Barack Obama, Bill Gates, and Elon Musk—pleaded guilty to several charges on Tuesday in a Florida court.

As part of an agreed-upon plea deal with prosecutors, Graham Clark will serve three years in juvenile prison, with an additional three years spent under probation.

First reported by 10 Tampa Bay WTSP-TV, Clark’s plea deal will include restrictions to “electronic devices,” with access only permitted by the Florida Department of Law Enforcement and by those supervising Clark during his eventual probation. According to 10 Tampa Bay, at 18 years old, Clark will also be sentenced as a “youthful offender,” which could allow him to serve some of his prison time in a “boot camp.” He will also earn credit for the 229 days that he has already spent in jail.

Clark’s plea deal represents a reversal of his earlier position on August 4, 2020, when he pleaded not guilty to 30 charges of fraud brought against him by state prosecutors in Florida for allegedly stealing Bitcoin payments from countless victims. According to Hillsborough State Attorney Andrew Warren at the time, the charges filed against Clark were for “scamming people across America.”

“These crimes were perpetrated using the names of famous people and celebrities, but they’re not the primary victims here,” Warren said. “This ‘Bit-Con’ was designed to steal money from regular Americans from all over the country, including here in Florida. This massive fraud was orchestrated right here in our backyard, and we will not stand for that.” 

Last year, Clark allegedly worked with two other individuals to compromise the accounts of about 130 Twitter users in a broader scheme to steal Bitcoin payments from unsuspecting victims. On July 15, the Twitter accounts of several celebrities and industry leaders began tweeting nearly the exact same message: Sparked by sudden gratitude, anyone who donated payments to a specific Bitcoin address would receive double those payments in return.

According to the public bitcoin ledger, at the time, the hackers conned people out of more than $100,000.

Nearly two weeks later, Clark was arrested at his apartment in Tampa. Two other men—Mason Shepperd from the UK and Nima Fazeli of Orlando—were also charged in connection with the hack. Shepperd was charged with wire fraud and money laundering, while Fazeli was charged with aiding and abetting.

At the time of the attack, many asked how such a small operation—led by a teenager—could have successfully breached the security of a major technology company. According to an investigation by The New York Times, Clark’s Twitter hack was not the work of an experienced hacker, but of a tried-and-true fraudster. Having bilked victims out of small sums of about $50 for years, Clark is alleged to have eventually worked his way into a scam that involved the theft of $856,000 worth of Bitcoin, at the age of 16.

After the theft, Clark posted photos of himself on Instagram wearing a Rolex watch.

To compromise Twitter, Clark used his practiced social engineering skills to gain access to an employee control panel. From there he was able to change users’ email addresses, and to use those new email addresses to reset passwords and disable two-factor authentication, giving him access to numerous user accounts, and their millions of followers.

The post Teen behind 2020 Twitter hack pleads guilty appeared first on Malwarebytes Labs.

Categories: Techie Feeds

'Playing Out In The Rocks' Cepheus Engine Rpg Session Report - Eye of the Storm Mission - Briefing

Swords & Stitchery - Wed, 03/17/2021 - 01:14
 In game time the New England Bouys have been in stasis for over a year in hypersleep chambers. The Buckingham the Colonial Frieghter their on makes its way towards a classified destination. They arrived tonight aboard 'the Hartford'. The New England Bouys are aboard the Hartford a city sized industrial complex factory on  the outer edge of the Solar System. They've been in sleep now a year or Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

The Loop Scoop #10: A Yarny Link Party!

Moogly - Wed, 03/17/2021 - 01:00

You can tell people are ready for spring in the latest Loop Scoop! This round features five fab and festive crochet patterns – perfect for March! Be sure to check out the new additions and links at the bottom as well, to help us decide what gets featured next round! What is The Loop Scoop?...

Read More

The post The Loop Scoop #10: A Yarny Link Party! appeared first on moogly. Please visit www.mooglyblog.com for this post. If you are viewing this on another site they have scraped the content from my website without permission. Thank you for your support.

Categories: Crochet Life

[TnT] Manessah the Fairy Wizard

Furiously Eclectic People - Wed, 03/17/2021 - 00:32

System: Deluxe Tunnels & Trolls

Manessah the Fairy (Male)
Height 6.1"; Weight 1.37lbs
Level 2 Wizard (note, normally Fairies can't become Wizards but Manessah is an exception)

03 Strength
03 Constitution
21 Dexterity
15 Luck
12 IQ
28 Wizardry (Kremm)
21 Charisma
14 Speed

14 Combat Adds

150 max Weight Units to still fly, 300 max walking.

Weapons: Blackjack 2d6, Blowpipe 1d6
Armour: Light Leather, Steel Cap

Equipment: 3 sewing needles, lockpicks, 1 gold piece, 9 silver pieces

Carrying 135 weight units.

Manessah wants some custom brass knuckles and an ice pick. He plans on increasing his Con, then some IQ to meet the requirements of 3rd level spells and then raise Wiz to 30. After that he'll work on Dex and Con.

image_blog: tweetbutton: 
Categories: Miscellaneous Blogs

ProxyLogon PoCs trigger a game of whack-a-mole

Malwarebytes - Tue, 03/16/2021 - 18:15

As we reported recently, the use of the Microsoft Exchange Server ProxyLogon vulnerabilities has gone from “limited and targeted attacks” to a full-size panic in no time.

Criminal activities, ranging in severity from planting crypto-miners to deploying ransomware, and conducted by numerous groups, have quickly followed the original exploitation by APT groups to spy on organizations.

With the focus of many security and IT professionals now firmly fixed on the world’s vulnerable Exchange servers, proof-of-concept exploits (PoCs) have surfaced left and right.

Some argue that since some attackers already possess exploit code, it’s only right for defenders to have it too, so they can test their systems by simulating what those attackers might do. Others say that PoC code doesn’t redress the balance because it’s a leg up for everyone, including criminals who haven’t created their own exploits yet.

And while most researchers deliberately omit specific components of a PoC, others feel compelled to publish full working exploits, enabling even the most technically challenged script-kiddies to use them maliciously.

All of which explains some people in the computer security community are busy tying to publish ProxyLogon PoCs, others are trying to stop them.

Purposely broken exploit

Bleeping Computer reports that a security researcher has released a proof-of-concept exploit that requires slight modification to install web shells on Microsoft Exchange servers vulnerable to the actively exploited ProxyLogon vulnerabilities.

“Firstly, the PoC I gave can not run correctly. It will be crashed with many of errors. Just for trolling the reader,” Jang told BleepingComputer.

Soon after the PoC was published, the publication reports that Jang received an email from Microsoft-owned GitHub stating that the PoC was being taken down as it violated the site’s Acceptable Use Policies.

GitHub under fire

GitHub received a ton of criticism for removing the proof-of-concept exploit. In a statement, the site said it took down the PoC to protect devices that are being actively exploited.

“We understand that the publication and distribution of proof of concept exploit code has educational and research value to the security community, and our goal is to balance that benefit with keeping the broader ecosystem safe. In accordance with our Acceptable Use Policies, GitHub disabled the gist following reports that it contains proof of concept code for a recently disclosed vulnerability that is being actively exploited.”

The main reason for criticism was that the vulnerability has a patch, so Microsoft had no reason to have the PoC removed. Some researchers also claimed GitHub has a double standard, since it has allowed PoC code for patched vulnerabilities affecting other organizations’ software in the past.

We have some sympathy with Microsoft here: a patch may be available but that doesn’t mean everyone is protected. A patch is only useful once it has been applied, and tens of thousands of servers are still unpatched.

Reverse engineering an exploit

To demonstrate how researchers go about turning a vulnerability into an exploit, Praetorian posted their methodology for a ProxyLogon attack chain.

By examining the differences (diffing) between a pre-patch binary and post-patch binary they were able to identify exactly what changes were made. These changes were then reverse engineered to assist in reproducing the original bug.

Cat is out of the bag

The problem with removing PoCs from a platform like GitHub is that the code will just re-surface elsewhere. It is very hard to make the Internet, as a collective brain, forget something.

Even if the author doesn’t post it somewhere else, there will always be that individual that has already copied the content before it was removed. Or another who is inspired to try to create their own.

For Malwarebytes Labs, one size doesn’t fit all. Sometimes a PoC can help to improve security, and sometimes some restraint is needed. Each situation needs to be judged on its merits.

The current situation is a crisis, and despite efforts to take down the emerging ProxyLogon PoCs, or neuter them by making them less than fully functional, you can bet they will be put to use by criminals. This while the owners of the remaining unpatched systems are scrambling to save what they can.

Other Malwarebytes posts on the ProxyLogon vulnerability:

Stay safe, everyone!

The post ProxyLogon PoCs trigger a game of whack-a-mole appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Careers in cybersecurity: Malwarebytes talks to teachers and students

Malwarebytes - Tue, 03/16/2021 - 17:40

Every year, I take part in talks for universities and schools. The theme is often breaking into infosec. I give advice to teens considering pursuing tech as a further area of study. I explain a typical working day for degree undergraduates. Sometimes I’m asked to give examples of conference talks. I get to dust off some oldies and give a snapshot of security research circa [insert year of choice here].

I’ve been doing this for about five years now, and it’s incredibly helpful for me and (hopefully) students too. I see real concerns from people who’ll end up being the next wave of researchers, writers, and communicators.

Get involved: benefits for the education space

If you work in security research and are considering doing something similar, you should! It’s helpful for many reasons:

  • It gives you a solid idea of what the next generation find interesting, research-wise. Which bits of tech do they love? What do they think will be an issue down the line? Maybe they prefer virtual machines to bare metal. Perhaps we’ll have an hour-long debate over the rights and wrongs of paying malware authors. You won’t know until you try it!
  • If you do any amount of public speaking, interviews, talks, whatever: it keeps you from going rusty. The Pandemic has shut down many conferences and sent more than a few online. If you’re unsure about doing online talks when your background is “real world only”, it’s helpful practice. Want to know what works in virtual spaces? This will definitely help.
  • Schools and universities really get a lot from these events. It’s usually quite difficult for them to get people booked in to speak about things. From experience, educators will absolutely appreciate any outreach or help you can give their students. It’s a win-win for everybody.
“I thought it was all code”

Something I emphasise is that information security has a huge number of different backgrounds in its overall makeup. I’ve met many despondent students who felt their coding skills weren’t up to scratch. The students’ impression is that everything is 100% coding or programming.

It’s true, coding and programming can be incredibly difficult things to understand. Skills like reverse engineering malware can take years to perfect. There’s no guarantee of being able to keep pace with malware developments in the meantime, either.

Well, there’s lots of fun ways issues like that can be addressed.

Even so, “I thought you had to be a qualified coder / programmer” is something I hear all the time. If not that, they often feel a lack of skills in one area negates everything else they’re good at.

It’s quite a relief for them to find out this doesn’t have to be the case.

The myth of the “expert at everything”

In media, security researchers are often presented as experts on all topics imaginable. The reality is people excel in their own little niche field and have a variable skillset for everything else. Experienced security pros know when to ask for help, and there’s absolutely nothing wrong with it. You really don’t have to know everything, all the time. This is another concern relayed to me by many students over the last few years.

The many paths to the security industry

When doing these sessions, a few key talking points come up time and again. Quite a few students have to be convinced that lots of security folk don’t necessarily even have technology qualifications. There’s also many roles which don’t involve any coding whatsoever. However, these are roles students haven’t considered, because they didn’t necessarily have any idea they existed.

Some of the deepest hardware knowledge I’ve come across is from people in sales teams. Do you like the idea of public-facing research? There’s blog and press opportunities for that. Is the idea of promoting your company’s research to a wide audience an exciting one? There’s probably a spot in marketing for you. At the furthest reaches of “no tech involvement whatsoever”, security organisations need people to design things. Maybe it’s time to dust off that design degree and start sending in your resume?

Whatever your skillset as a student, there is absolutely something you can do. That talent of yours will be a benefit to an organisation in the security space.

Thinking outside the box

One of the most interesting things about fresh talent is watching it pull apart new technology and highlight unforeseen dangers.

Look at some of the things we dig into on our very own blog. Web beacons, virtual/augmented reality, the Internet of Things, deepfakes, malign influence campaigns, securing accounts after someone’s died, and much more. The industry as a whole is more open to new / different research than it’s ever been. It has to be, or bad people will be getting away with virtual murder while everyone twiddles their thumbs.

In the last few days we’ve seen a run on art related NFT theft. Try telling someone that 12 months ago and see what the reaction would be. Someone out there has an idea for a solution to this kind of problem. They just don’t know it yet. It’s up to us to encourage them and see what kind of cool solutions they can come up with.

Talking with teachers: Holly Smylie

Computer Science teacher Holly Smylie, who sat in one of our talks, has given some insight into how the industry can help students:

Open days and talks are great in terms of giving students access to positive role models from the industry such as yourself. It essentially gives them an exposure to experiences of infosec that they may otherwise not have had from their environment, meaning that it can make a massive difference in terms of their future career aspirations and later life chances. 

I think that one of the greatest take away from your talk for my students was that although qualifications are obviously important, they aren’t the be all and end all. There are still other routes into the sector without the “usual qualifications”. It allows them to think beyond an exact route into something they want to know more about. Also, I think that there is more that our industry could do in terms of addressing the gender imbalance – whether this is providing talks or networking between students and female experts in the industry.

Again, these role models for students at school and even uni-level via talks, open days, visiting companies, etc can often be the tipping point for female students who do not believe that they would succeed in this industry (as it is still very male dominated). Again, I think this just fits in with broadening female students’ horizons to the world of infosec and giving them confidence that they will be just as valued as our male colleagues.

Closing thoughts

According to some predictions, there’s a huge number of jobs which will go unfilled into the next year. I’m not convinced the numbers will be as big as that. Even so, helping students of all ages with paths into the security industry can only be a good thing. The pandemic hasn’t made technology learning easy over the last year. I’m glad we at Malwarebytes have been able to pitch in and give students some possible careers to think about.

Special thanks to Holly, and the schools and Universities we’ve run these sessions for. We wish your students success in the years to come.

The post Careers in cybersecurity: Malwarebytes talks to teachers and students appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Happy Birthday Charlotte

Yarn Harlot - Tue, 03/16/2021 - 16:10

I woke up very early this morning and it was almost exactly the time that Charlotte was born.  I wished her a  silent Happy Birthday, and lay there thinking about that beautiful morning.

As this day approached, I have been working hard on my heart. It is so easy to let myself slide into heartbreak and loss, and while there’s no getting around that,  I really wanted today to have some measure of joy, to focus on all that went right that day and how perfect things were for a little while, and spend time thinking of how lucky we were.


I remind myself that some people never get to know that kind of happiness, the kind I felt when I watched Meg give birth to Charlotte, when Alex held his daughter for the first time, when Elliot welcomed her – when she settled warm and soft into my arms, so heavy and perfect and present. I don’t think I’ll ever forget exactly how it all was.

Not everyone gets that, I remind myself. Some people will never be that happy. Even as we have dragged ourselves through this horrible pandemic grief year, I have never wished that day away – I’ve never wished it didn’t happen. It has been hard to watch my daughter suffer, but I know that for all the pain she’s endured, she’s grateful for every moment we had with Charlotte too. No matter how much it hurts now?

Goodness, what a wonderful day that was.

Happy Birthday my little Charlotte.

Categories: Knitting Feeds

Top Comments – Pages 1485 – 1486

Looking For Group - Tue, 03/16/2021 - 15:43

Tuesday, YOU are the star! We curate our favourite comments from the previous week’s comments on lfg.co and Facebook and remind you how clever you are. Here are your top comments for Looking For Group pages 1485 – 1486 Looking […]

The post Top Comments – Pages 1485 – 1486 appeared first on Looking For Group.

Categories: Web Comics


Subscribe to Furiously Eclectic People aggregator