Ronald.phillips

Microsoft has uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organizations in the United States. The attack is carried out by Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering. Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.

Volt Typhoon has been active since mid-2021 and has targeted critical infrastructure organizations in Guam and elsewhere in the United States. In this campaign, the affected organizations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. Observed behavior suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible. Microsoft is choosing to highlight this Volt Typhoon activity at this time because of our significant concern around the potential for further impact to our customers. Although our visibility into these threats has given us the ability to deploy detections to our customers, the lack of visibility into other parts of the actor’s activity compelled us to drive broader community awareness and further investigations and protections across the security ecosystem.

To achieve their objective, the threat actor puts strong emphasis on stealth in this campaign, relying almost exclusively on living-off-the-land techniques and hands-on-keyboard activity. They issue commands via the command line to (1) collect data, including credentials from local and network systems, (2) put the data into an archive file to stage it for exfiltration, and then (3) use the stolen valid credentials to maintain persistence. In addition, Volt Typhoon tries to blend into normal network activity by routing traffic through compromised small office and home office (SOHO) network equipment, including routers, firewalls, and VPN hardware. They have also been observed using custom versions of open-source tools to establish a command and control (C2) channel over proxy to further stay under the radar.

In this blog post, we share information on Volt Typhoon, their campaign targeting critical infrastructure providers, and their tactics for achieving and maintaining unauthorized access to target networks. Because this activity relies on valid accounts and living-off-the-land binaries (LOLBins), detecting and mitigating this attack could be challenging. Compromised accounts must be closed or changed. At the end of this blog post, we share more mitigation steps and best practices, as well as provide details on how Microsoft 365 Defender detects malicious and suspicious activity to protect organizations from such stealthy attacks. The National Security Agency (NSA) has also published a Cybersecurity Advisory [PDF] which contains a hunting guide for the tactics, techniques, and procedures (TTPs) discussed in this blog.

As with any observed nation-state actor activity, Microsoft has directly notified targeted or compromised customers, providing them with important information needed to secure their environments. To learn about Microsoft’s approach to threat actor tracking, read Microsoft shifts to a new threat actor naming taxonomy.

Initial access

Volt Typhoon achieves initial access to targeted organizations through internet-facing Fortinet FortiGuard devices. Microsoft continues to investigate Volt Typhoon’s methods for gaining access to these devices.

The threat actor attempts to leverage any privileges afforded by the Fortinet device, extracts credentials to an Active Directory account used by the device, and then attempts to authenticate to other devices on the network with those credentials.

Volt Typhoon proxies all its network traffic to its targets through compromised SOHO network edge devices (including routers). Microsoft has confirmed that many of the devices, which include those manufactured by ASUS, Cisco, D-Link, NETGEAR, and Zyxel, allow the owner to expose HTTP or SSH management interfaces to the internet. Owners of network edge devices should ensure that management interfaces are not exposed to the public internet in order to reduce their attack surface. By proxying through these devices, Volt Typhoon enhances the stealth of their operations and lowers overhead costs for acquiring infrastructure.

Post-compromise activity

Once Volt Typhoon gains access to a target environment, they begin conducting hands-on-keyboard activity via the command line. Some of these commands appear to be exploratory or experimental, as the operators adjust and repeat them multiple times.

Volt Typhoon rarely uses malware in their post-compromise activity. Instead, they rely on living-off-the-land commands to find information on the system, discover additional devices on the network, and exfiltrate data. We describe their activities in the following sections, including the most impactful actions that relate to credential access.

Credential access

If the account that Volt Typhoon compromises from the Fortinet device has privileged access, they use that account to perform the following credential access activities.

Microsoft has observed Volt Typhoon attempting to dump credentials through the Local Security Authority Subsystem Service (LSASS). The LSASS process memory space contains hashes for the current user’s operating system (OS) credentials.

Volt Typhoon also frequently attempts to use the command-line tool Ntdsutil.exe to create installation media from domain controllers, either remotely or locally. These media are intended to be used in the installation of new domain controllers. The files in the installation media contain usernames and password hashes that the threat actors can crack offline, giving them valid domain account credentials that they could use to regain access to a compromised organization if they lose access.

Discovery

Microsoft has observed Volt Typhoon discovering system information, including file system types; drive names, size, and free space; running processes; and open networks. They also attempt to discover other systems on the compromised network using PowerShell, Windows Management Instrumentation Command-line (WMIC), and the ping command. In a small number of cases, the threat actors run system checks to determine if they are operating within a virtualized environment.

Collection

In addition to operating system and domain credentials, Volt Typhoon dumps information from local web browser applications. Microsoft has also observed the threat actors staging collected data in password-protected archives.

Command and control

In most cases, Volt Typhoon accesses compromised systems by signing in with valid credentials, the same way authorized users do. However, in a small number of cases, Microsoft has observed Volt Typhoon operators creating proxies on compromised systems to facilitate access. They accomplish this with the built-in netsh portproxy command.

In rare cases, they also use custom versions of open-source tools Impacket and Fast Reverse Proxy (FRP) to establish a C2 channel over proxy.

Compromised organizations will observe C2 access in the form of successful sign-ins from unusual IP addresses. The same user account used for these sign-ins may be linked to command-line activity conducting further credential access. Microsoft will continue to monitor Volt Typhoon and track changes in their activity and tooling.

Mitigation and protection guidance

Mitigating risk from adversaries like Volt Typhoon that rely on valid accounts and living-off-the-land binaries (LOLBins) is particularly challenging. Detecting activity that uses normal sign-in channels and system binaries requires behavioral monitoring. Remediation requires closing or changing credentials for compromised accounts. Suspected compromised accounts or affected systems should be investigated:

• Identify LSASS dumping and domain controller installation media creation to identify affected accounts.
• Examine the activity of compromised accounts for any malicious actions or exposed data.
• Close or change credentials for all compromised accounts. Depending on the level of collection activity, many accounts may be affected.

Defending against this campaign

• Mitigate the risk of compromised valid accounts by enforcing strong multi-factor authentication (MFA) policies using hardware security keys or Microsoft Authenticator. Passwordless sign-in, password expiration rules, and deactivating unused accounts can also help mitigate risk from this access method.
• Reduce the attack surface. Microsoft customers can turn on the following attack surface reduction rules to block or audit some observed activity associated with this threat:
  • Block credential stealing from the Windows local security authority subsystem (lsass.exe).Block process creations originating from PSExec and WMI commands. Some organizations may experience compatibility issues with this rule on certain server systems but should deploy it to other systems to prevent lateral movement originating from PsExec and WMI.
  • Block execution of potentially obfuscated scripts.
• Harden the LSASS process by enabling Protective Process Light (PPL) for LSASS on Windows 11 devices. New, enterprise-joined Windows 11 (22H2 update) installs have this feature enabled by default. In addition, enable Windows Defender Credential Guard, which is also turned on by default for organizations using the Enterprise edition of Windows 11.
• Turn on cloud-delivered protection in Microsoft Defender Antivirus to cover rapidly evolving attacker tools, techniques, and behaviors such as those exhibited by Volt Typhoon.
• Run endpoint detection and response (EDR) in block mode so that Microsoft Defender for Endpoint can block malicious artifacts, even when your non-Microsoft antivirus does not detect the threat, or when Microsoft Defender Antivirus is running in passive mode. EDR in block mode works behind the scenes to remediate malicious artifacts that are detected post-compromise.

Detection details and hunting queries

Microsoft Defender Antivirus

Microsoft Defender Antivirus detects attempted post-compromise activity. Note, however, that these alerts can also be triggered by threat activity unrelated to Volt Typhoon. Turn on cloud-delivered protection to cover rapidly evolving attacker tools and techniques. Cloud-based machine learning protections block most new and unknown threats.

• Behavior:Win32/SuspNtdsUtilUsage.A
• Behavior:Win32/SuspPowershellExec.E
• Behavior:Win32/SuspRemoteCmdCommandParent.A
• Behavior:Win32/UNCFilePathOperation
• Behavior:Win32/VSSAmsiCaller.A
• Behavior:Win32/WinrsCommand.A
• Behavior:Win32/WmiSuspProcExec.J!se
• Behavior:Win32/WmicRemote.A
• Behavior:Win32/WmiprvseRemoteProc.B

Microsoft Defender for Endpoint

Microsoft Defender for Endpoint alerts with the following titles can indicate possible presence of Volt Typhoon activity.

• Volt Typhoon threat actor detected

The following alerts may also be associated with Volt Typhoon activity. Note, however, that these alerts can also be triggered by threat activity unrelated to Volt Typhoon.

• A machine was configured to forward traffic to a non-local address
• Ntdsutil collecting Active Directory information
• Password hashes dumped from LSASS memory
• Suspicious use of wmic.exe to execute code
• Impacket toolkit

Hunting queries

Microsoft 365 Defender

Volt Typhoon’s post-compromise activity usually includes distinctive commands. Searching for these can help to determine the scope and impact of an incident.

Find commands creating domain controller installation media

This query can identify domain controller installation media creation commands similar to those used by Volt Typhoon.

DeviceProcessEvents
| where ProcessCommandLine has_all ("ntdsutil", "create full", "pro")

Find commands establishing internal proxies

This query can identify commands that establish internal proxies similar to those used by Volt Typhoon.

DeviceProcessEvents
| where ProcessCommandLine has_all ("portproxy", "netsh", "wmic", "process call create", "v4tov4")

Find detections of custom FRP executables

This query can identify alerts on files that match the SHA-256 hashes of known Volt Typhoon custom FRP binaries.

AlertEvidence
| where SHA256 in 
('baeffeb5fdef2f42a752c65c2d2a52e84fb57efc906d981f89dd518c314e231c', 
'b4f7c5e3f14fb57be8b5f020377b993618b6e3532a4e1eb1eae9976d4130cc74', 
'4b0c4170601d6e922cf23b1caf096bba2fade3dfcf92f0ab895a5f0b9a310349', 
'c0fc29a52ec3202f71f6378d9f7f9a8a3a10eb19acb8765152d758aded98c76d', 
'd6ab36cb58c6c8c3527e788fc9239d8dcc97468b6999cf9ccd8a815c8b4a80af', 
'9dd101caee49c692e5df193b236f8d52a07a2030eed9bd858ed3aaccb406401a', 
'450437d49a7e5530c6fb04df2e56c3ab1553ada3712fab02bd1eeb1f1adbc267', 
'93ce3b6d2a18829c0212542751b309dacbdc8c1d950611efe2319aa715f3a066', 
'7939f67375e6b14dfa45ec70356e91823d12f28bbd84278992b99e0d2c12ace5', 
'389a497f27e1dd7484325e8e02bbdf656d53d5cf2601514e9b8d8974befddf61', 
'c4b185dbca490a7f93bc96eefb9a597684fdf532d5a04aa4d9b4d4b1552c283b', 
'e453e6efc5a002709057d8648dbe9998a49b9a12291dee390bb61c98a58b6e95', 
'6036390a2c81301a23c9452288e39cb34e577483d121711b6ba6230b29a3c9ff', 
'cd69e8a25a07318b153e01bba74a1ae60f8fc28eb3d56078f448461400baa984', 
'17506c2246551d401c43726bdaec800f8d41595d01311cf38a19140ad32da2f4', 
'8fa3e8fdbaa6ab5a9c44720de4514f19182adc0c9c6001c19cf159b79c0ae9c2', 
'd17317e1d5716b09cee904b8463a203dc6900d78ee2053276cc948e4f41c8295', 
'472ccfb865c81704562ea95870f60c08ef00bcd2ca1d7f09352398c05be5d05d', 
'3e9fc13fab3f8d8120bd01604ee50ff65a40121955a4150a6d2c007d34807642')

Microsoft Sentinel

Below are some suggested queries to assist Microsoft Sentinel customers in identifying Volt Typhoon activity in their environment:

• LSASS process memory dumping
• Potential Impacket execution
• Domain controller installation media creation commands similar to those used by Volt Typhoon
• Commands that set up internal proxies resembling the ones employed by Volt Typhoon

Microsoft customers can use the TI Mapping analytics (a series of analytics all prefixed with ‘TI map’) to automatically match the malicious hash indicators (related to the custom Fast Reverse Proxy binaries) mentioned in this blog post. These analytics are part of the Threat Intelligence solution and can be installed from the Microsoft Sentinel Content Hub if not currently deployed. More details on the Content Hub can be found here: https://learn.microsoft.com/azure/sentinel/sentinel-solutions-deploy.

Indicators of compromise (IOCs)

The below list provides IOCs observed during our investigation. We encourage our customers to investigate these indicators in their environments and implement detections and protection to identify past related activity and prevent future attacks against their systems.

Volt Typhoon custom FRP executable (SHA-256):

• baeffeb5fdef2f42a752c65c2d2a52e84fb57efc906d981f89dd518c314e231c
• b4f7c5e3f14fb57be8b5f020377b993618b6e3532a4e1eb1eae9976d4130cc74
• 4b0c4170601d6e922cf23b1caf096bba2fade3dfcf92f0ab895a5f0b9a310349
• c0fc29a52ec3202f71f6378d9f7f9a8a3a10eb19acb8765152d758aded98c76d
• d6ab36cb58c6c8c3527e788fc9239d8dcc97468b6999cf9ccd8a815c8b4a80af
• 9dd101caee49c692e5df193b236f8d52a07a2030eed9bd858ed3aaccb406401a
• 450437d49a7e5530c6fb04df2e56c3ab1553ada3712fab02bd1eeb1f1adbc267
• 93ce3b6d2a18829c0212542751b309dacbdc8c1d950611efe2319aa715f3a066
• 7939f67375e6b14dfa45ec70356e91823d12f28bbd84278992b99e0d2c12ace5
• 389a497f27e1dd7484325e8e02bbdf656d53d5cf2601514e9b8d8974befddf61
• c4b185dbca490a7f93bc96eefb9a597684fdf532d5a04aa4d9b4d4b1552c283b
• e453e6efc5a002709057d8648dbe9998a49b9a12291dee390bb61c98a58b6e95
• 6036390a2c81301a23c9452288e39cb34e577483d121711b6ba6230b29a3c9ff
• cd69e8a25a07318b153e01bba74a1ae60f8fc28eb3d56078f448461400baa984
• 17506c2246551d401c43726bdaec800f8d41595d01311cf38a19140ad32da2f4
• 8fa3e8fdbaa6ab5a9c44720de4514f19182adc0c9c6001c19cf159b79c0ae9c2
• d17317e1d5716b09cee904b8463a203dc6900d78ee2053276cc948e4f41c8295
• 472ccfb865c81704562ea95870f60c08ef00bcd2ca1d7f09352398c05be5d05d
• 3e9fc13fab3f8d8120bd01604ee50ff65a40121955a4150a6d2c007d34807642

The post Volt Typhoon targets US critical infrastructure with living-off-the-land techniques appeared first on Microsoft Security Blog.

This post contains spoilers for "Yellowjackets."

Season 2 of "Yellowjackets" is over and though it wasn't always paced to my liking, the last three episodes bowled me over. I think the season demonstrates how, for good or ill, character and structure are intertwined in storytelling. What made the 2021 storyline of "Yellowjackets" season 1 good was the characters. In the present day, there's less urgency and sustained mystery than in the 1996 wilderness storyline. So the characters' interactions, and all the intrigue and black comedy carried within them, were what sustained interest.

Watching the Yellowjackets plotting to find out who's blackmailing them or covering up the murder of Adam (Peter Gadiot) was just as exciting as seeing their teenage selves struggle to survive. The debut season's highlight was Misty following Natalie around like a poodle desperate for love — the manic Christina Ricci and dour Juliette Lewis was the salt-and-pepper, '90s screen queen pairing I never knew I needed. Unfortunately, season 2 spends the first two-thirds with these four all shuffled off in separate storylines.

Keeping The Band Together

Let's tally the storylines of "Yellowjackets" season 2, episodes 1-6. Shauna (Melanie Lynskey) is dealing with the fallout of Adam's murder and it starts affecting her family. Taissa (Tawny Cypress) is struggling with her mental health/dark visions and this eventually leads her back to Van (Lauren Ambrose). After being abducted, Natalie hangs around the self-care compound run by her old "friend" Lottie (Simone Kessell). Misty, the citizen detective that she is, investigates Natalie's disappearance alongside Walter (Elijah Wood).

Each woman has not only their own storyline but their own supporting cast. That's not to say those supporting casts are bad — I'm always down for more of Shauna and her dopey but well-meaning husband Jeff (Warren Kole). However, this results in a less cohesive series -- no story takes primacy over the others and so the episodes blend together. The reason "Yellowjackets" season 2 took a while to get going is that I couldn't discern its destination.

Thankfully, episode 6 ended with the adult survivors all reunited at Lottie's compound and the season found its footing; episodes 7, 8, and 9 are the strongest of this batch. There was just one story to follow and those devilishly fun character interactions came back. My personal favorite, episode 8 "It Chooses," was even about the Yellowjackets getting each other up to speed on what's happened in their corners of the story. Instead of just exposition, this felt like a culmination and the threads finally wove together.

When the "Yellowjackets" writers' room reassembles to plot out season 3, I hope they keep their chess pieces closer together on the board. This will not only give their lead cast more opportunities to bounce off each other like we all know they can but also result in a more compact, satisfying story.

"Yellowjackets" is streaming on Paramount+ and Showtime.

Read this next: Shows To Watch If You Miss Yellowjackets

The post Yellowjackets Is Best When The Leads Are Together appeared first on /Film.

Even though "Yellowjackets" fans are always hungry for more, the Showtime series' sophomore season has come to an end. Season 3 has already been confirmed, but it'll be a while before it airs; for what it's worth, the gap between seasons 1 and 2 was 16 months, the former beginning on November 14, 2021, and the latter on March 24, 2023.

Fear not, antler queens, because there's a movie out there perfect to tide you over. "Ravenous," directed by the late Antonia Bird. Released in 1999, the film's genre is just as hard to pin down as that of "Yellowjackets" — "Ravenous" oscillates from horror to bemused comedy, sometimes in the same scene. What the two works do have in common is that they're both stories about people on the edge of civilization, goaded by supernatural forces to devour their fellow man. 

Guy Pearce plays John Boyd, a cowardly soldier fighting in the Mexican-American war. Boyd became an accidental hero when he played dead during battle and was hauled behind enemy lines with his really-dead comrades. Boyd's commanding officer General Slauson (John Spencer), unsure whether to punish or reward him, reassigns him to the Sierra Nevada to keep him out of sight, out of mind. Boyd has barely had time to settle in at the sparsely-populated outpost when weary traveler F.W. Colqhoun (Robert Carlyle) shows up, claiming his traveling party is being held hostage by its guide, Colonel Ives, who went mad and cannibalistic.

Boyd and co. leave on a rescue mission and what follows is one of the wildest B-movie horror rides you'll ever take.

Folk Horror In The Woods

"Yellowjackets" and "Ravenous" take place over a century apart. Geographically, though, the settings are more simpatico: the wild, wintery woods of the North American West. The cautionary tale endemic to both is that when people are cut off from civilization, they become little more than beasts. Among beasts, the law of the jungle — eat or be eaten — rules.

"Yellowjackets" is folk horror, something that caught star Christina Ricci off guard. However, while season 2 got more explicit about the supernatural, the specifics of the thing in the woods that continues haunting the characters remain vague. Plus, the symbols related to it, from the mysterious insignia to the eyeless man that Taissa (Tawny Cypress), are fictitious. However, the mysterious antler queen gives a hint at where the series might be going and overlap with "Ravenous."

"Ravenous" draws on the real-life myth of the Wendigo. An evil spirit conceived of by Native Americans, the Wendigo is a humanoid monster that can possess humans and consume their flesh. Alternatively, men become Wendigos through cannibalism. The creature is often depicted with antlers in modern pop culture (despite that not being part of the original myths), so the choice in "Yellowjackets" to give a cannibal queen an antler crown seems pointed.

There is no monstrous, antlered Wendigo in "Ravenous." Rather, the film goes with the interpretation of the myth as men becoming monsters. Colonel Ives discovered that consuming human flesh grants superior strength and healing — cannibalism cured his tuberculosis — and now he intends to create a colony of Wendigos. As he tells Boyd, "Eat to live, don't live to eat."

Robert Carlyle Steals The Show

"Ravenous" has a fantastic supporting cast. Jeffrey Jones' presence as Colonel Hart is hard to stomach thanks to his sex offender status, but thankfully he's not the only character actor on set. Neal McDonough, David Arquette, and Jeremy Davies all have memorable parts, but small ones since none of their characters are long for the mortal plane. Nothing to fear, though, because their murderer steals the show.

Yes, it turns out that Colqhoun is none other than Ives himself. The prisoners he claimed "Ives" was keeping are already dead and he really went to the fort looking for more food -- as well as potentially some companions. 

It's hard to describe Carlyle's charm as an actor; he's charismatic but radiates a sinister presence. The charisma comes almost in spite of himself, You know you shouldn't like his characters, but part of you wants to. The film's second half is Ives trying to convince Boyd into joining him (the former is put in command of the fort by an unknowing General Slauson) so Carlyle's unique presence isn't just a bonus for the film, but an absolute necessity.

After "Ravenous," you'll be feeling voracious for more of Carlyle's villain performances and then upset when you learn your options are scant besides "Eragon" or "Once Upon A Time."

Black Comedy

"Ravenous" sounds a lot like a nasty little exploitation movie, akin to "Cannibal Holocaust." What keeps it from being pure grime is its sense of humor. It can toggle between those two moods with the flip of a switch.

Let's set the scene. Boyd and Private Reich (McDonough) have finished investigating the cannibal cave and realized the truth about Ives. They rush out of the cave in vain trying to warn their comrades, while Ives is digging through the ground for a knife he hid like a wolf retrieving a buried bone. The orchestral score keeps up a relentless pace as the editing deploys close-ups of all the characters in rapid succession, keeping the audience on their toes.

Then the suspense pays off with a burst of violence, Ives slaughtering everyone except Private Toffler (Davies). Instead, the Colonel dares the private to run. When the chase begins, gone is the ominous score that had been beating in the audience's eardrums. Instead, the score turns into a Banjo theme right out of a Benny Hill sketch.

"Yellowjackets" has a similarly dark, sometimes abrupt sense of humor. Take the scene in episode 8, "Flight of the Bumblebee," where Misty (Christina Ricci) barges into Natalie's (Juliette Lewis) hotel room to stop her from snorting coke. The scene's music stops when Misty bursts through the door, underlining the physical comedy of the scene, from Natalie following over headfirst to the two women throwing hands.

Whether in "Yellowjackets" or "Ravenous," these sudden tone shifts may get your jaw to drop, but they will definitely have you laughing

Queerness

There only woman in "Ravenous" is Martha (Sheila Tousey), sister of the fort's Native-American tracker George (Joseph Runningfox). On the other hand, women are the leads of "Yellowjackets" and the men are supporting characters. What the two works' gender dynamics have in common is queerness.

"Yellowjackets" has multiple gay characters. While such relationships are still taboo in 1996, Taissa (Jasmin Savoy Brown) and Van (Liv Hewson) are together — it turns out Coach Ben (Steven Krueger) is in the closet too. With the two timelines, the series tracks how social acceptance of queerness progressed from 1996 to 2021; the adult Taissa (Tawny Cypress) is married to Simone (Rukiya Bernard).

"Ravenous," owing to the setting and the era of its making, goes for queer coding instead; horror has always been the genre refuge for this. The second half of the film is about Ives trying to seduce Boyd, who is tempted but resistant. Moreover, the Colonel only seems interested in recruiting men as Wendigos; Hart is the first to join him and before Boyd's rebellion, Ives has eyes on Slouson as well.

Critics and fan artists alike have run with the idea that Ives and Boyd lust for each other. Samantha McLaren of Gayly Dreadful points to a scene where Ives sucks on Boyd's bleeding fingers; the sexual imagery is obvious, but it also evokes vampirism. Vampires are basically cannibals and Ives' attempts at converting Boyd recall how Vampires can create more of their kind with a sensual, penetrating bite to the neck. The coding comes full circle as Vampires have been reclaimed as a queer archetype. Bring on "Yellowjackets" season 3 to see if the series will traffic in bloodsucking symbolism with its cannibals.

"Yellowjackets" is available on Showtime and Paramount+. "Ravenous" is available to rent or buy on platforms including YouTube, Amazon Prime, Apple TV, Google Play, and VUDU.

Read this next: Horror Movies That Even Horror Fans Could Hardly Finish

The post If You Like Yellowjackets, Ravenous Will Help Curb Your Cannibal Horror Appetite appeared first on /Film.

Read more of this story at Slashdot.

Buying a home has consistently trended toward unaffordable in the last few years, but so has renting: The median rent across the U.S. in January 2020 sat at $1,585 and peaked at $2,053 just 2.5 years later. While rent prices have begun to level out and even drop in some areas, it’s still a burden for many.

Read more...

A wannabe "Jaws" rip-off theorized what would happen if a killer whale wreaked revenge on humanity -- "Orca" was a warning. Let's be honest: it's kind of a surprise that it's taken this long for killer whales to revolt against humans. We've poisoned their oceans, killed their young, and forced them into a life of showbiz in cramped theme park pools. Humans had a good run but it seems that orcas are the new mammals in charge.

Sailors working off the coast of Western Europe have reported a series of attacks by a group of orcas they said seemed to be "coordinated." This included striking and sinking a number of boats, although no human casualties have been reported. Some scientists said spikes in aggression may have been started by a female orca nicknamed White Gladis, who is believed to have suffered trauma after a collision with a sailboat.

While other experts are more skeptical and have noted that the vast majority of orcas are harmless to humans, this news has sparked many conversations about what these whales know and if they could possess a propensity for vengeance. We know that orcas are sophisticated animals who are fiercely devoted to their family pods. It doesn't seem unreasonable to imagine the true kings of the ocean getting revenge on the biped mouth-breathers who wronged them.

It would certainly make for fascinating entertainment, although pop culture typically views orcas as gentle giants and friends of cutesy human moppets, as with "Free Willy." "Jaws," they ain't, although "Orca" did dive into that possibility with fascinating results.

Orca Is A Blatant Jaws Rip-Off

It's easy to downplay just how much "Jaws" changed cinematic history. Steven Spielberg's beach thriller, adapted from a schlocky horror novel by Peter Benchley, exploded upon release and almost immediately became the highest-grossing film of all time. Alongside "Star Wars," it helped to define the entire concept of the summer blockbuster, and to this day, it's considered a classic.

As always happens in Hollywood, everyone saw the success of "Jaws" and decided to replicate it by essentially ripping off that film's concept of a killer shark attacking an unsuspecting community. "Mako: The Jaws of Death" focused on a man with a telepathic connection to sharks who sets out to protect them from cruel humans. "Grizzly" swapped out the shark for a bear with a taste for human flesh. Joe Dante and Joe Corman went more tongue-in-cheek with "Piranha," which earned the honor of being called "the best" of the "Jaws" rip-offs by Spielberg himself. Even the official "Jaws" sequels couldn't make lightning strike twice.

One mogul especially keen to cash in on the success of "Jaws" was Dino De Laurentiis, the infamous Italian producer who gave the world films as varied as "Blue Velvet," "Flash Gordon," "Army of Darkness," and the '70s "King Kong" remake where he climbs up the Twin Towers of the World Trade Center. He instructed his regular collaborator, producer Luciano Vincenzoni, to "find a fish tougher and more terrible than the great white."

That led him to the orca, an animal that, at the time, was seen as rather mysterious. There were, however, a number of documented orca attacks on humans in captivity, which included incidents such as a SeaWorld trainer being bitten on the legs and a Canadian aquarium trainer being dragged around the pool and almost drowning. And so, 1977's "Orca" was born.

Orca Is A Very Weird Movie

"Orca" was directed by Michael Anderson, the Oscar nominee behind "Around the World in 80 Days" and "The Dam Busters." With Richard Harris and Charlotte Rampling in the lead roles, it seemed at first like a far more prestige-driven project than that which it sought to copy. Of course, that didn't last long. The film follows a surly Irish Canadian sea captain named Nolan (Harris) who hunts marine animals for cash. After witnessing an orca attacking a shark -- see, "Orca" literally beats "Jaws" in this movie -- Nolan decides to entrap the whale. Things quickly go wrong when he harpoons a pregnant female, who then miscarries before dying herself. Her mate witnesses the murder and decides to wreak revenge on Nolan.

The orca's mission quickly becomes very intense. He dumps the corpse of his mate onto the shore as a warning sign to Nolan. He terrorizes the small town where Nolan lives, essentially destroying its fishing market until the villagers revolt against Nolan, and then blows up their fuel pipelines. At one point, he bites off Annie's (Bo Derek) leg, then wrecks Nolan's house. Soon, Nolan knows he has only one option left: to face the orca down, Spaghetti Western-style, atop the icebergs around the Newfoundland coast.

This story is already bonkers, with a whale basically becoming Dirty Harry without the guns, but it's made all the weirder by the direction of "Orca." Imagine the B-movie schlock of a Corman film, the portentous metaphors of "Moby-Dick," the revenge fantasy of "Death Wish," and the cinematographic elegance of a David Attenborough nature documentary, complete with a hauntingly beautiful score by Ennio Morricone. For a "Jaws" rip-off, it had some real ambition behind it.

Orca Is A Hardcore Tale Of Revenge And Guilt

The fingerprints of "Jaws" are obviously all over "Orca," and critics called that out the moment it was released. It certainly lacks Steven Spielberg's impeccable control of the camera and isn't helped by the fact that their leading man, Richard Harris, was reportedly extremely drunk during production (and kept performing his own stunts, which did not end well). Yet it's also aiming for something more literary than its biggest inspiration.

Nolan becomes the Ahab of "Moby-Dick" but reluctantly so, haunted by a whale who won't leave him be that represents the darkest recesses of his guilt. His descent into madness, a rare instance of a performance being positively aided by the actor's inebriation, feels raw and palpably real. The stakes are high, made all the more painful by the sheer visceral violence of "Orca." The scene where the female whale miscarries and dies is genuinely shocking, to the point where you wonder how the hell they got away with making it in the '70s.

Unlike other "Jaws" wannabes, which deliver their ocean madness with a wink and a nod, "Orca" takes its admittedly silly premise 100% seriously. It also sides entirely with the whale over the humans, even as Nolan reveals his own tragic backstory involving the deaths of his family. We're still living in the aftermath of "Jaws" and its demonization of sharks, which even Spielberg came to regret, with conservationists citing the film as a major reason for public fear of an animal that seldom ever kills humans.

With "Orca," the film wants you to root not just for the whale but for nature as a whole. Charlotte Rampling delivers monologues that wouldn't sound out of place at an animal rights protest while the whale all but blows up a coastal town, and he's not the bad guy here! By the end of "Orca," you get the sense that the humans got off lightly.

How Orcas Are Depicted In Film

"Orca" was a mild box office success, but it didn't come close to "Jaws" levels of money, nor did it inspire further orca-related revenge films. The orca's biggest moment in the cinematic spotlight came in 1993 with the family drama "Free Willy." That tale, of a captured orca forced into captivity at a theme park who befriends a young human boy, became an unexpected pop culture phenomenon. Several sequels followed, including a truly inexplicable kids' TV cartoon where the protagonist gains magical abilities to hear animals talk and Willy must fight an evil cyborg who dresses like the Phantom of the Opera.

Yet its legacy is complex. This was a film about the evils of capturing wild marine life for entertainment that was reliant on the involvement of a captured orca named Keiko. While the movie's success did lead to Keiko being freed and a failed reintegration into ocean life, it didn't quash the popularity of animal attractions at marine parks such as SeaWorld. Indeed, it may have bolstered them in some manner.

The most influential and perhaps most infamous film featuring an orca is "Blackfish," Gabriela Cowperthwaite's documentary on the captive orca Tilikum and the three people he killed, including a SeaWorld trainer named Dawn Brancheau. For many, this film was their first unflinching insight into the cruelty of holding such majestic creatures in captivity and training them to do shows. While SeaWorld claimed that "Blackfish" was "inaccurate and misleading," it was clear that the film made an impact.

Attendance to SeaWorld declined following its release, and legislation was introduced to ban orcas from being kept in captivity. In 2016, SeaWorld finally announced plans to end both the killer whale shows and its orca breeding programs. It was a long time coming. Orcas may not have been fully understood by the general public for decades, but culturally speaking, their intelligence and danger have never been hidden. When even a bonkers revenge film like "Orca" understands that point, you have to wonder why nobody saw the inevitable happening. If the whales truly come to wreck all of our s***, don't say we weren't warned.

Read this next: Every Steven Spielberg-Directed Horror Movie, Ranked

The post The Whales are Revolting Against Humanity and a Forgotten Jaws Rip-Off Warned Us appeared first on /Film.

The "Star Wars" sequels are often at the center of fandom controversy because opinions on the films are divisive, and I understand why. I can critique a lot too, but in the end, the story of Luke Skywalker (Mark Hamill) and Princess Leia (Carrie Fisher) has been a huge part of many of our lives. Whatever quibbles we've had about some of the choices, it's a decades-long story epic that means the world — if not the galaxy — to so many people. 

If you are one of those people, perhaps you understand why a tweet Mark Hamill wrote in 2019 made me cry when I saw it and again as I write this up today. It was very hard for many people to say goodbye to Luke, Leia, and Han, and one scene in particular both comforted fans and reminded them that no one is ever really gone. Not even the characters we love. 

Hamill's tweet was in response to a post from the account Star Wars Holo Side, which spoke about the scene from "Star Wars: Episode IX - The Last Jedi" that tugged on all of our heart strings, where the story of the core three "Star Wars" characters came full circle. Hamill wrote about how that impactful moment came to be. 

'No One Is Ever Really Gone'

In the tweet, Star Wars Holo Side posted a short behind-the-scenes video of the scene where Luke returns to speak with Leia one last time before he goes off to fight in "Star Wars: Episode IX - The Last Jedi." Luke shows up and has a quiet moment with his twin sister, telling her he's sorry about her son Ben, who she says she knows is gone from her. Luke reminds her that "no one is ever really gone," takes her hand, leaves Han's dice in it, and kisses her on the head. The tweet said: 

"This scene [...] between Leia & Luke must have been emotionally rich on the set for you @HamillHimself & @rianjohnson for 'The Last Jedi.' I really like [it] as a 'Star Wars' fan. [T]hank you really for what you provided with Luke & Leia, 'The Last Jedi.' Fabulous, thank you!"

Hamill responded to the tweet by saying:

"An emotionally charged day on set filming this because, knowing he was about to sacrifice his life for the greater good, Luke was saying goodbye ... forever. The kiss was unscripted & spontaneous in the moment, summarizing his/my feelings in a way words could never have conveyed."

Hamill improvised the kiss on the forehead to say goodbye, and here come the tears again. The thing that no one could have known when they were shooting "The Last Jedi" was that this would be Carrie Fisher's final "Star Wars" film, though footage of her was used to finish "Rise of Skywalker." She died at the age of 60 on December 27, 2016, and "The Last Jedi" was released on December 9, 2017. 

A Final Goodbye

Mark Hamill did something for fans that day that gave us comfort. He may have been saying goodbye to his sister in the story with this gesture, but what he gave us was a final goodbye for all of us. Yes, Leia did come back in the final film, but Carrie Fisher was gone. In a way, this let us mourn her passing in a way that was also a tribute to both this incredible woman and our Princess/Senator/General Leia. 

I want to take a moment to say something personal about what Princess Leia meant to me on this, the 40th anniversary of "Return of the Jedi." As a little girl, most of the women I saw in film were there as window dressing. They weren't the ones saving the world. They were there as a reward for the hero. Leia was different. She was tough. She directed her own escape. She stood up to Darth Vader face to face and defied him. She ran the Rebellion. She strangled her captor Jabba the Hutt. She rescued Han. She inspired me to be so much more than the world said I could be, and I'm not alone. Millions of children over the years saw a role model who could take care of herself, who loved her friends, and who did her best to save the galaxy, no matter what it cost her. I've carried that with me to this day. We all have. 

May the Force be with you. Always.

Read this next: 11 Villain Origin Stories We Want Next From The Star Wars Universe

The post Mark Hamill Improvised A Sentimental Luke And Leia Moment In Star Wars: The Last Jedi appeared first on /Film.

Cybersecurity is a major concern for individuals as well as small businesses, and there are several strategies bad actors use to exploit small businesses and their employees. In fact, around 60% of small businesses that experienced a data breach were forced to close their doors within six months of being hacked. 

From monitoring your network endpoints to routinely educating your employees, there are several proactive steps you can take to protect against cyber attacks. In this article, we’ll share six cybersecurity protection strategies to help protect your small business.

1. Implement Layered Security

According to the FBI’s Internet Crime Report, the cost of cybercrimes to small businesses reached $2.4 billion in 2021. Yet, many small business owners believe they are not in danger of an attack. Robust and layered security allows small businesses to contend with the barrage of hackers after their information.

According to IBM, there four main layers of security need to be addressed:

1. System Level Security. This is the security of the system you are using. For instance, many systems require a password to access their files. 
2. Network Level Security. This layer is where the system connects to the internet. Typically, a firewall is used to filter network traffic and halt suspicious activity. 
3. Application Level Security. Security is needed for any applications you choose to use to run your business, and should include safeguards for both the internal and the client side. 
4. Transmission Level Security. Data when it travels from network to network also needs to be protected. Virtual private networks (VPNs) can be used to safeguard information.

As a business, you should always operate on the principle of least privilege. This ensures that access at each of these levels of security is limited to only those necessary to do the task at hand and reduces the potential for breaches. It also can “limit the blast radius” in the event of a breach.

2. Use Multi-Factor Authentication

Multi-factor authentication (MFA) has become increasingly common, and many organizations now require it. So what is it? Multi-factor authentication requires at least two different forms of user verification to access a program, system, or application. Generally, a user must input their password. Then, they will be prompted to enter a code they receive via email or text. Push notifications may substitute email or text codes, while biometrics like fingerprints can substitute a password. 

The second step prevents unauthorized users from gaining entry even if login credentials have been compromised. Moreover, the code or push notification alerts the user of a potential breach—if you receive a notification when you did not initiate a login attempt, then you know your account has a vulnerability. 

3. Make Sure Your Tech Stack Is Configured Properly

When systems are misconfigured, they are vulnerable. Some examples of misconfiguration are when passwords are left as their system default, software is outdated, or security settings are not properly enabled. As businesses scale and upgrade their tools, they naturally add more complexity to their tech stacks. 

It’s important to run regular audits to make sure that IT best practices are being followed, and to make sure that all of your tools are working in harmony. (Bonus: regular audits of this type can result in OpEx savings since you may identify tools you no longer use in the process.)

4. Encrypt Your Data

Encryption uses an algorithm to apply a cipher to your data. The most commonly used algorithm is known as Advanced Encryption Standard (AES). AES can be used in authenticating website servers from both the server end and the client end, as well as to encrypt transferred files between users. This can also be extended to include digital documents, messaging histories, and so on. Using encryption is often necessary to meet compliance standards, some of which are stricter based on your or your customers’ geographic location or industry. 

Once it’s encrypted properly, data can only be accessed with an encryption key. There are two main types of encryption key: symmetric (private) and asymmetric (public).

Symmetric (Private) Encryption Keys

In this model, you use one key to both encode and decode your data. This means that it’s particularly important to keep this key secret—if it were obtained by a bad actor, they could use it to decrypt your data.

Asymmetric (Public) Encryption Keys

Using this method, you use one key to encrypt your data and another to decrypt it. You then make the decryption key public. This is a widely-used method, and makes internet security protocols like SSL and HTTPS possible.

Server Side Encryption (SSE)

Some providers are now offering a service known as server side encryption (SSE). SSE encrypts your data as it is stored, so stolen data is unable to be read or viewed, and even your data storage provider doesn’t have access to sensitive client information.  To make data even more secure when stored, you can also make it immutable by enabling Object Lock. This means you can set periods of time that the data cannot be changed—even by those who set the object lock rules. 

Combined with SSE, you can see how it would be key to protecting against a ransomware attack: Cyberattackers may access data, but it would be difficult to decrypt with SSE, and with object lock, they wouldn’t be able to delete or modify data.

5. Have a Breach Plan

Unfortunately, as cybercrime has increased, breaches have become nearly inevitable. To mitigate damage, it is paramount to have a disaster recovery (DR) plan in place. 

This plan starts with robust and layered security. For example, a cybercriminal may gain a user’s login information, but having MFA enabled would help ensure that they don’t gain access to the account. Or, if they do gain access to an account, by operating on the principle of least privilege, you have limited the amount of information the user can access or breach. Finally, if they do gain access to your data, SSE and Object Lock can prevent sensitive data from being read, modified, or deleted. 

Hopefully, you’ve set things up so that you have all the protections you need in place before an attack, but once you’re or in the midst of an attack (or you’ve discovered a previous breach), it’s important that everyone knows what to do. Here are a few best practices to help you develop your DR plan:

Back Up Regularly and Test Your Backups

The most important thing to do is to make sure that you can reconstitute your data to continue business operations as normal—and that means that you have a solid backup plan in place, and that you’ve tested your backups and your DR plan ahead of time.

Establish Procedures for Immediate Action

First and foremost, employees should immediately inform IT of suspicious activity. The old adage “if you see something, say something,” very much applies to security. And, there should also be clear discovery and escalation procedures in effect to both evaluate and address the incident. 

Change Credentials and Monitor Accounts

Next, it is crucial to change all passwords, and identify where and how the issue occurred. Each issue is unique, so this step takes careful information gathering. Having monitoring tools set up in advance of a breach will help you gain insight into what happened.

Support Employees

It may sound out of place to consider this, but given that employees are your first line of defense and the most targeted security vulnerability, there is a measurable impact from the stress of ransomware attacks. Once the dust has settled and your business is back online, good recovery includes both insightful and responsive training as well as employee support.

6. Use Trusted Services

Every business needs to rely on other businesses to operate smoothly, but it can also expose your business to risk if you don’t perform your due diligence. Whether it is a credit card processor, bank, supplier, or another support, you will need to select reliable, reputable, and businesses that also employ good security practices. Evaluating new tools should be a multi-faceted process that engages teams with different expertises, including the stakeholder teams, security, IT, finance, and anyone else who you deem appropriate. 

And, remember that more tools are being created all the time! Often, they make things easier on employees while also solving security conundrums. Some good examples are single sign on (SSO) services, password management tools, specialized vendors that evaluate harmful links, automatic workstation backup that runs in the background, and more. Staying up-to-date on the new frontier of tools can solve long-standing problems in innovative ways.

Cybersecurity Is An Ongoing Process

The prevalence of cyber crime means it is not a matter of if a breach will happen, but when a breach will happen. These prevention measures can reduce your risk of becoming the victim of a successful attack, but you should still be prepared for when one occurs. 

Bear in mind, cybersecurity is an ongoing process. Your strategies will need to be reviewed routinely, passwords need to be changed, and software and systems will need to be updated. Lastly, knowing what types of scams are prevalent and their signs will help keep you, your business, your employees, and your clients safe.

The post 6 Cybersecurity Strategies to Help Protect Your Small Business in 2023 appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

Last February, the Biden administration unveiled its $5 billion plan to expand EV charging infrastructure across the country. Not only with the Department of Transportation help states build half a million EV charging stations by 2030, the White House also convinced Tesla to share a portion of its existing Supercharger network with non-Tesla EVs. On Thursday, Ford became the first automaker to formalize that pact with Tesla, announcing during a Twitter Spaces event that "Ford electric vehicle customers access to more than 12,000 Tesla Superchargers across the U.S. and Canada," starting in Spring 2024, per the company release.

Because Teslas uses a proprietary charger port design for its vehicles, Ford owners will initially need to rely on a Tesla-developed adapter connected to the public charging cable in order to replenish their Ford F-150 Lightning, Mustang Mach-E and E-Transit vehicles. Ford also announced that, beginning with the 2025 model year, it will switch from the existing Combined Charging System (CCS) port to Tesla's now open-source NACS charge port. These 12,000 additional chargers will join Ford's 84,000-strong Blue Oval charging station network.   

“Tesla has led the industry in creating a large, reliable and efficient charging system and we are pleased to be able to join forces in a way that benefits customers and overall EV adoption,” Marin Gjaja, chief customer officer of Ford Model e, said in the release. “The Tesla Supercharger network has excellent reliability and the NACS plug is smaller and lighter. Overall, this provides a superior experience for customers.”

After the release of "Guardians of the Galaxy Vol. 3," it's never been more clear that these movies have essentially been one long love story ... just maybe not between the two characters we thought all along. In James Gunn's long-awaited threequel, Chris Pratt's Peter Quill is struggling mightily to come to terms with the fact that this post-"Avengers: Endgame" version of Gamora (Zoe Saldaña) isn't the same one Peter shared all those sweet (and feisty) memories with throughout the previous "Guardians" films. Killed at the hands of the Mad Titan Thanos and more or less replaced by an alternate universe version from an earlier point in the Marvel Cinematic Universe timeline, Quill means absolutely nothing to her. There's a funny moment when Star-Lord desperately recounts just what made him so attracted to the old Gamora in the first place, and Gamora retorts that his description sounds much more like her sister, Nebula (Karen Gillan).

The moment is played for laughs, with Quill and Nebula sharing an awkward moment where it seems like Quill actually is seeing Nebula in a new light, but that narrative beat doesn't really go anywhere (as interesting as it would've been). Instead, the rest of his arc in "Vol. 3" involves accepting that he and Gamora must go their separate ways. In a recent interview, Gunn provides some insight into his reasoning behind including that intriguing moment between the two Guardians.

But he also reveals that there's at least one person who still seems to be thinking about the potential of that pairing, and that's Karen Gillan herself.

An Unspoken Thing?

Since many people had never even heard of these characters before Marvel announced that James Gunn would be making a "Guardians of the Galaxy" movie due out in 2014, it's remarkable how much audiences became invested in this bunch of misfits and, specifically, the bond shared between Gamora and Peter. I can't imagine many shippers felt strongly that Quill should've ended up with the former-villain-turned-Guardian Nebula, and it doesn't seem like Gunn did, either. But in an interview with The New York Times, the writer/director admitted that Karen Gillan played the character as if she were nursing a small crush on the bumbling hero. When asked about the implications of the embarrassing exchange between Gamora, Quill, and Nebula in "Vol 3," Gunn had this to say:

"I never thought about fully going there, but do I think that Nebula, emotionally, is sort of that mean schoolgirl who's not going to show her feelings to anybody. Karen thinks that Nebula has a little bit of a crush on Quill that she doesn't quite know how to put together, and it makes sense because as we come to them in 'Vol. 3,' we realize that they are the two leaders of the Guardians. I think it's very normal in any close friendship to have some sort of occasional romantic or crush-like feelings."

The man's certainly not wrong about that, and I'm almost tempted to re-watch all of the "Guardians" movies (or at least from "Vol. 2" onwards, when Nebula truly becomes part of the team) to see whether Gillan's acting choice during scenes with Chris Pratt's Peter actually sticks out in retrospect. In any case, even without Gunn totally "going there," it's a neat bit of subtext in a very emotional movie.

"Vol. 3" is currently playing in theaters.

Read this next: With Guardians Of The Galaxy Vol. 3, The MCU Has A Ton Of Actors Playing More Than One Role

The post Karen Gillan Thinks Nebula Had a Crush On Star-Lord In Guardians of the Galaxy Vol. 3 appeared first on /Film.

At Microsoft Build 2023—an event for developers by developers—we’re going to announce exciting new features and technologies, share ideas, and help everyone boost their skills so we can all build a more secure future together. This year’s Microsoft Build offers a full program, both online and in-person, to suit every attendee, whether you’re a professional developer, data pro, or a brand-new coder. Not only is Microsoft Build a great opportunity to gain new knowledge and skills, but it’s also the place to meet and learn from other developers. If you haven’t registered yet, I invite you to visit the Microsoft Build event page.

Microsoft Build 2023

Browse virtual and in-person security sessions at Microsoft Build.

Register now

Below is a quick tour of a few security-related sessions and the new features and technologies they highlight.

New identity and access features in Microsoft Entra

Welcome to modern identity and access management with Microsoft Entra

Developers are in the business of building app features and capabilities. Most developers are not—and don’t want to be—identity security experts.

At Microsoft Build, we’re announcing the next generation customer identity access management platform: Microsoft Entra External ID, now in preview. Microsoft Entra External ID was purpose-built to personalize and secure access to applications while protecting any external identity and effectively controlling which resources they can access. It delivers a flexible, unified identity platform, personalized customer experiences, adaptive access policies, and built-in identity governance. In the session “Explore CIAM capabilities with External Identities in Microsoft Entra,” Yoel Horvitz, Senior Program Manager, Microsoft Azure Active Directory (Azure AD), and Namita Singh, Senior Software Engineer at Cloud Data Center Cybersecurity, Microsoft, will explore how easily you can create branded sign-up and sign-in app experiences. No more trade-offs between great security and great customer experiences. You’ll see how quickly you can add a strong sign-up or sign-in experience plus comprehensive onboarding flows that capture and validate customer information.

Partner identity scenarios (B2B Collaboration) remain in the same location on the Microsoft Entra admin portal within the Workforce tenant. Please note that there is no action for our current Azure AD business-to-consumer (B2C) customers required at this time as the next generation platform is currently in early preview only. We remain fully committed to support the current Azure AD B2C solution, and there are no requirements for B2C customers to migrate at this time and no plans to discontinue the current B2C service.

This next-generation expanded solution for customer and partner identities marks the next chapter in our customer identity solution, addressing critical customer feedback and building on top of our existing capabilities.

External ID now combines familiar B2B collaboration functionality in Microsoft Entra (generally available) with evolved and unified customer identity (CIAM) capabilities, targeting customer-facing applications, now in preview. Help us shape the future of this new platform with your participation in our preview.

Microsoft Entra Verified ID digital wallet SDK

Microsoft Entra Verified ID is an open standards-based verifiable credentials service that customers can use to automate the identity validation process while enabling privacy-protected interactions between organizations and users. You can integrate the upcoming release of the Verified ID Wallet Library into your mobile apps to store and share digital Verified ID cards. This allows you to issue verifiable credentials for dozens of use cases, such as reducing the risk for fraud and account takeovers, streamlining app sign-ins, creating self-service account recovery and helpdesk flows, and enabling rich partner rewards ecosystems. Be sure to check out the “Reduce fraud and improve engagement using Digital Wallets” session by Christer Ljung, Principal Program Manager, Microsoft, and Sydney Morton, Software Engineer, Microsoft, to learn more about Verified ID’s open source digital wallet SDK.

New capabilities for compliance and data automation in Microsoft Purview

General availability of machine learning-enabled source code classifier

Microsoft Purview Information Protection helps organizations automate data classification, labeling, and protection across multiple platforms. More than 35 pre-trained classifiers help quickly identify and protect some of the most sensitive data, such as intellectual property and trade secrets, material non-public information, sensitive health and medical files, business sensitive financial information, and personally identifiable information for General Data Protection Regulation (GDPR) compliance. Plus, an improved ready-to-use source code classifier that supports more than 70 file extensions and 23 programming languages can detect embedded and partial source code.  

New APIs available to help automate compliance workflows

You can take advantage of new Microsoft Graph APIs built specifically for Microsoft Purview eDiscovery and compliance scenarios to help organizations automate their litigation and investigation workflows. Join us for “Streamline eDiscovery with new innovations, including Microsoft Graph APIs,” a sequel to Microsoft Senior Product Marketing Manager Caitlin Fitzgerald’s Microsoft Build 2022 session, which will share recent examples of using APIs to ensure repeatable and predictable management of time-sensitive compliance processes.

Explore built-in security features in these Microsoft Build sessions

Unlocking the Power of Azure Security: Conversations with Experts, Q&A

In this Q&A session, Richard Diver, Technical Story Design Lead, Microsoft, will moderate a panel of experts who help secure the software supply chain within Microsoft Azure and other platforms. The session is based on a four-part blog series that includes Microsoft Azure’s defense-in-depth approach to cloud vulnerabilities and Cloud Variant Hunting. The panel will share Microsoft security best practices and how we’re enhancing our response process, extending our internal security research, and continually improving how we secure multitenant services.

Next-Level DevSecOps: Secure Supply Chain Consumption Framework, Q&A

Microsoft Build 2023

Join us in Seattle for Microsoft Build from May 23 to 25, 2023. We’ll stream online sessions May 23 and 24, 2023 during Pacific Time hours. Register now to reserve your spot and visit the Microsoft Build 2023 website to explore the session catalog and plan your experience. We look forward to connecting with you!

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹8th Annual State of the Software Supply Chain Report, Sonatype.

The post Microsoft Build 2023: Announcing new identity, compliance, and security features from Microsoft Security appeared first on Microsoft Security Blog.

Regardless of the use case your security organization is focused on, you’ll likely waste time and resources and make poor decisions if you don’t start with understanding your threat landscape.

The post Security Pros: Before You Do Anything, Understand Your Threat Landscape appeared first on SecurityWeek.

Although Google Play Store is largely free of any issues with its tight security and strict policies, every now and then, an app or two manages to slip through the cracks, and while it might seem harmless at best, you cannot say the same as it ends up doing some sort of damage. And today, we have news of another app that posed as a screen recorder, but underneath all that, there was a lot more that made the app dangerous, including malware.

Android and Google Play Store are under fire again as dangerous malware stayed on the store without anyone taking notice

Thankfully, the app has been removed ever since, but Play Store was home to an app called iRecorder, and the app stayed on the storefront for almost two years before it got removed. Judging by the name, you would assume you are looking at a seemingly harmless app that allows you to record your screen and share it with friends. However, after the 2022 update, a remote-control backdoor was added to the app.

According to the source, this backdoor code was a variant called AhRat, based on AhMyth, which happens to be spyware that has been found in other Android apps hosted on Play Store before, as well. This time around, however, AhMyth was used in the app in question, and the source mentions how the code mentioned to record audio snippets from the device that had the app installed. However, it gets scary. This code was also able to extract files of various formats from within the infected device. Worse still is that this Android malware was hidden so that it would not be easily detected, as the app itself would behave normally with all its functionality intact.

Thankfully, the source has claimed that they have not found the AhMyth, or AhRat, (a lightweight variant) anywhere so far, and the app in question has also been removed from the Google Play Store after it was reported. One thing to note, however, is that since Android allows sideloading of apps, you might be able to find the infected version somewhere on the third-party app, and I would highly advise against sideloading the app.

This is an issue that is very common with Android, and this is one of the reasons why Apple is against sideloading because the company is not in favor of compromising the security of its devices and the users.

Source: ESET

China may have conducted digital espionage against the US' Pacific interests. Microsoft and the National Security Agency (NSA) have revealed that an alleged state-sponsored Chinese hacking group, Volt Typhoon, installed surveillance malware in "critical" systems on the island of Guam and elsewhere in the US. The group has been operating since mid-2021 and reportedly compromised government organizations as well as communications, manufacturing, education and other sectors.

Volt Typhoon prioritizes stealth, according to the investigators. It uses "living off the land" techniques that rely on resources already present in the operating system, as well as direct "hands-on-keyboard" action. They use the command line to scrape credentials and other data, archive the info and use it to stay in targeted systems. They also try to mask their activity by sending data traffic through small and home office network hardware they control, such as routers. Custom tools help them set up a command and control channel through a proxy that keeps their info secret.

The malware hasn't been used for attacks, but the web shell-based approach could be used to damage infrastructure. Microsoft and the NSA are publishing info that could help potential victims detect and remove Volt Typhoon's work, but they warn that fending off intrusions could be "challenging" as it requires either closing or changing affected accounts.

US officials speaking to The New York Times believe the Guam infiltration is part of a larger Chinese intelligence collection system that includes the reported spy balloon that floated across American nuclear sites early this year. The focus Guam is concerning as it's home to Andersen Air Force Base, a major station that would likely be used for any US answer to a Chinese invasion of Taiwan. It's also a key hub for ships in the Pacific.

The Biden administration has stepped up efforts to protect critical infrastructure, including plans for common security requirements. The US fell prey to multiple attacks on vital systems in recent years, including gas pipelines and meat suppliers. The Volt Typhoon discovery underscores the importance of tougher defenses — malware like this could compromise the US military at a crucial moment.

While we’ve all been focused on growing a bee-friendly habitat in our gardens by planting pollinator friendly varieties, there’s something else that’s vital to the health of bees that often goes unmentioned: Bees need water. In their natural habitats, bees get water from ponds, pools, and puddles that naturally occur…

Read more...

While Pedro Pascal will now and forever be associated with "The Mandalorian," as he has helped bring the title character of the beloved "Star Wars" show to life, the actor is only owed partial credit these days. Pascal has confirmed that he is mostly just providing the voice for Mando these days, with the rest of the team doing the heavy lifting on set. So for those who may have been wondering how much time Pascal spends on set, the answer seems to be close to none at all.

Pascal recently participated in a roundtable with several other actors for The Hollywood Reporter, including Kieran Culkin ("Succession") and Jeff Bridges ("The Old Man"). During the conversation, was asked how he balanced being in both "The Last of Us" and "The Mandalorian." The actor was asked if his work in "Star Wars" can just be voiceover, and Pascal said, "For a lot of it, yeah." Culkin was surprised by this, jokingly replying, "It's all a lie!"

Brendan Wayne largely plays Din Djarin, aka Mando, on set these days, with Lateef Crowder handling a lot of the stunt work. After they do the tough stuff, Pascal can lend his voice to the character in post-production. Expounding further, Pascal explained how his reduced on-set workload came to be.

"There was an extended amount of experimentation, being in the suit for a lot of it, and frankly, my body wasn't up for the task as far as, like, the four months of it. But I was in it. I was in it a significant amount, an elastic amount [he pretends to tug at his neck, where the suit would chafe]. But now we've figured it out, which is super cool, and amazingly, it gave me the opportunity to be able to go and do something else."

That something else, of course, was HBO's "The Last of Us."

Not Uncommon In Star Wars History

Pascal has donned the armor before, with the actor showing his face in episodes like "The Rescue." But the helmet stayed on in "The Mandalorian" season 3, and now we know why. When asked if he now sees the show and if he would do things differently in the armor, Pascal described the work of Wayne and Crowder as "great." Though he also added, "There are things that you have to let go of in terms of what can be an OCD level of attention to detail" before concluding that "wanting your component of that to fit perfectly into the collage, you really have to give it all up."

Fans may feel some kind of way about the fact that Pascal is a smaller part of the show these days, but the fact of the matter is that "Star Wars" has been doing stuff like this since the very beginning. George Lucas cast the muscle-bound David Prowse to play Darth Vader on set, but James Earl Jones famously provided the voice for the beloved villain. The marriage of the two works perfectly. Similarly, Jeremy Bulloch played Boba Fett in "The Empire Strikes Back," while Jason Wingreen (and later Temuera Morrison) provided the voice. This is par for the course.

The lingering question, though, is whether or not this will be limiting in the future. "The Mandalorian" season 4 is already in the works, and Dave Filoni is working on a film that will be the culmination of the Mando-verse. What if Filoni and Jon Favreau want more of Din with his helmet off? Will Pascal be too busy doing other things? One imagines the actor would make time for what was required of him, but it certainly is worth considering. Either way, Pascal is being honest about his level of contribution these days, and we no longer have to wonder.

Read this next: Was The Mandalorian's Armorer Ever Part Of Death Watch? An Investigation

The post Pedro Pascal Confirms His Role on The Mandalorian is Pretty Much Only Voiceover These Days appeared first on /Film.

During a recent appearance on BBC's "The Adam Buxton Podcast," Tom Hanks turned the conversation towards AI and deep fake technology, which the actor will utilize in the upcoming Robert Zemeckis film based on Richard McGuire's graphic novel "Here." The company executing this effect will be Metaphysic, the same team that gave us twenty-something Mark Hamill in "The Book of Boba Fett."

The typical touchstones were hit upon in that conversation, like the legal and ethical question of what can be done with an actor's voice and image beyond the usual dictates of storytelling and whether or not that extends after the actor passes away. Hanks said, "I could be hit by a bus tomorrow and that's it, but performances can go on and on and on and on." He didn't say that as a good thing, by the way, but something that should be considered as the topic of AI and deep fake integration into storytelling is debated.

Part of making movies and ongoing series is an agreement between the audience and filmmakers to suspend some degree of disbelief. You know Mark Ruffalo doesn't really turn into The Hulk when you're watching a Marvel movie, just as you know that Tom Cruise has a hair and makeup team seeing to him just before he throws himself off of a cliff.

The really interesting question Hanks throws out has nothing to do with the many ways that greedy studios can abuse AI tech because we all know they will (and there's a WGA strike currently going on right now to try to curb some of that down the line). What Hanks asks is a more important question: Yes, you're going to see a ton more deep fake and AI-enhanced characters in movies, but will audiences care?

Where Is The Line Between Ghoulish And Cool?

That's the key question because if the audience is repulsed by AI actors in movies and the inevitable first AI-generated screenplay then this whole concern goes away. The studios care about money. All they do is chase success and that success is measured in the cost of the product versus how much it rakes in.

Tom Hanks comes to the conclusion that most of the audience will not care and I believe he's (mostly) right. Right now, deep fake is a tool to help tell stories in ways that make geeks lose their minds. De-aged Luke Skywalker in "The Mandalorian" and "The Book of Boba Fett" is a perfect example. As an extension of visual effects, the audience embraces these tools.

Where things start getting fuzzy is when these same tools are used to bring the dead back to roles that made them famous. You ask "Ghostbusters" fans what they thought of Harold Ramis' Egon Spengler being brought back for "Ghostbusters: Afterlife" and you'll get wildly varied responses. Some feel it was ghoulish, some thought it was a touching tribute to an old friend that was supported by and benefited his surviving family.

As the technology continues to grow and get better, you're going to see a lot more of this happening. This is why the guilds need to get rock-solid agreements in place before someone like Harrison Ford, for instance, who signed away his likeness rights to George Lucas almost 50 years ago, can now just be plopped into any random "Star Wars" property in realistic ways, speaking with AI-assisted voice replication, without Ford himself being involved for a single second.

Likeness As IP

I don't believe the tech is there yet, but it's already impressive in its infant state now and will only get harder and harder to spot as it gets more sophisticated. Right now, it's predominantly being used as an extension of practical and digital makeup, usually to trigger our nostalgia centers as we see the Indiana Jones and Luke Skywalkers of our childhoods, and I don't think most people have an issue with that.

But, as Tom Hanks posits, what will we think when we see 30-year-old Tom Hanks headlining a movie a decade after he passes? Will that be allowed? Should it be allowed? Will audiences find it ghoulish or just love to see and hear their favorite actor again?

Because that is where this is all going. Ownership of actors is old as the studio system itself. Back in the day, studio bosses would have exclusive contracts with their actors much like sports franchises today. The actors would have little to no say in what they would be in or if they'd be traded with another studio for an actor deemed to be of equal value.

We're on the cusp of studios owning actors like IPs and this debate will get much uglier before the dust settles. At the end of the day, it will be up to audiences to accept or reject a new reality in which we get our favorite actors looking photorealistic and sounding just like they did when they were young -- but what they bring to the screen boils down to simple looks and sounds. For lack of a better term, there's something innately human, a soul, we respond to when we see Harrison Ford in top form that no computer can or ever will replicate.

Read this next: The Greatest Misfires In Movie History

The post Tom Hanks Wonders Whether Audiences Will Actually Care If Hollywood Uses A.I. Acting appeared first on /Film.

With proactive steps to move toward Zero Trust, technology leaders can leverage an old, yet new, idea that must become the security norm.

The post Cutting Through the Noise: What is Zero Trust Security? appeared first on SecurityWeek.

David Grann's "Killers of the Flower Moon: The Osage Murders and the Birth of the FBI" is one of the finest nonfiction books of the 21st century. His account of a vile criminal conspiracy wherein members of the Osage tribe, who'd been awarded highly lucrative headrights to the oil deposits discovered on their land, were murdered by white Oklahomans is as absorbing as it is infuriating. Grann does a masterful job of blending the story of the Osage with the procedural tale of the investigation by the United States' newly formed Bureau of Investigation (soon to be the FBI). It's never less than gripping, but, even with the conviction of William Hale, who orchestrated the murder of his nephew's Osage wife and many of her family members, you're left fuming at the abject evil of these predators.

Grann's story is primarily driven by Tom White, a former Texas Ranger who's joined the FBI to probe the multitude of murders in and around the Osage's land. White was a virtuous lawman. He couldn't be bought. He was the perfect man to investigate the conspiracy, but as a film protagonist, that kind of character gets boring really quick (which is why Brian De Palma's "The Untouchables" provides Kevin Costner's Eliot Ness with a colorful beat-cop mentor in Sean Connery's Malone).

For Martin Scorsese, whose big-screen adaptation of Grann's book just premiered to mostly raves at the 2023 Cannes Film Festival, White proved to be something of a narrative dead end. So when Leonardo DiCaprio, who was set to play White, suggested a different way into the story, Scorsese leapt at it.

Turning A Procedural Into A Twisted Love Story

When Scorsese signed on to make "Killers of the Flower Moon," he envisioned DiCaprio as White because, well, he was the logical lead. Academy Award-winning screenwriter Eric Roth, who wrote one of the finest procedurals ever in "The Insider," set out to tell the tale of the White's meticulous take down of Hale.

But while the story was righteous in ways that are often showered with Oscars, something didn't sit right with DiCaprio. In an interview with Deadline, Scorsese recalled the moment the writing of the film took a completely unexpected turn. "Leo DiCaprio looked at me and said, 'Where's the heart in this movie?'" said the filmmaker. He immediately got it. Per Scorsese:

"Look, the minute the FBI comes in, and you see a character that would be played by Robert De Niro, Bill Hale, you know he's a bad guy. There's no mystery. So, what is it? A police procedural? Who cares! We've got fantastic ones on television."

Scorsese began researching, hoping to find some flaws in the man's character. There were none. The man was a boy scout. The director threw up his hands. "I finally said, 'What are we making? A film about Tom White, who comes in and saves everybody?'" (Jesse Plemons plays White in the final film.)

Scorsese then turned to the character of Ernest Burkhart, the enigmatic husband of Mollie Kyle, a full-blooded Osage who had a claim to considerable wealth. This would be DiCaprio's character, and it would transform the complexion of Scorsese's film.

A Portrait Of Unthinkable Betrayal

Ernest was William Hale's nephew, and he married Mollie at his nefarious uncle's urging. But the marriage wasn't strictly opportunistic. As Scorsese noted to Deadline, "The only person that has heart, besides Mollie Burkhart, is her husband Ernest, because they're in love."

This was backed up by Scorsese's meeting with the Osage at the Gray Horse settlement in Oklahoma. Upon learning that their romance was very real, the director realized he had a far more complex film on his hands. If Ernest truly loved Mollie, how could he follow his uncle's orders and try to poison her.

There wasn't much research on Ernest, which gave Scorsese and DiCaprio a tremendous amount of room to operate. They could perform their own, intimate investigation into an unthinkable betrayal. "If we did that," said Scorsese, "we'd take the script and turn it inside out, make it from the ground level out, rather than coming in from the outside. I said, 'Let's put ourselves in the mindset of the people who did this.'"

The early returns suggest that this approach was the right one, but we won't get to see for ourselves until "Killers of the Flower Moon" hits theaters on October 6, 2023. Judging from the trailer, you'll absolutely want to see this on the biggest screen possible.

Read this next: The 14 Best Film Acting Debuts Of All Time

The post A Simple Question From Leonardo DiCaprio Completely Changed Killers of the Flower Moon appeared first on /Film.

It's no secret that Sony have been making increasing efforts to bring their exclusive PlayStation games to PC over the last couple of years, but one thing they've never quite been clear about is when we can expect to see them. They said a few years ago that we obviously shouldn't expect a simultaneous launch release, but some such as Death Stranding and The Last Of Us Part 1 have taken as little as six to eight months to come across, while others such as Spider-Man and Uncharted 4 have taken several years.

According to PlayStation boss Jim Ryan, though, data from fans seem to suggest that the only "acceptable" route from a player point of view is a wait of two to three years. Outrageous, I say, but also: surely that means the long-sought-after Bloodborne must be next in line, right? Surely. It's been eight years, come on now.

Read more

I’m not wild about our current pop culture obsession with nostalgia, in part because we seem be reaching a point where a dearth of original cinematic fare is going to leave the nostalgia miners of the future with nothing to work with.

Read more...

After Google I/O and ahead of WWDC, it's Microsoft's turn to step up to the plate and host a developer conference. We'll learn a lot about where the company plans to go in the coming months, with the keynotes covering many of the major updates. The first keynote starts at noon ET today.

It won't be a surprise to anyone who's paid attentionto Microsoftthis year that AI is the focus of Build 2023. Today's keynotes will take place across three back-to-back sessions: "Microsoft Build opening," "The era of the AI Copilot" and "Next-generation AI for developers with the Microsoft Cloud." 

In the first 25-minute session, Microsoft CEO Satya Nadella will discuss some of the ways in which the company "is creating new opportunities for developers across our platforms in this new AI era." The second session will feature Open AI president and co-founder Greg Brockman. You can watch today's keynotes right here:

Microsoft has lined up another keynote for Wednesday, titled "Shaping the future of work with AI." Again, the keynote will start at noon Eastern Time. Microsoft executive vice president and chief product officer Panos Panay will take the stage along with Rajesh Jha, executive vice president of experiences and devices. They'll discuss "how developers can shape the future of work with Microsoft 365 Copilot and unlock a new era of AI and productivity with Windows 11." You'll be able to check out that keynote below:

Red Hat rolls out a new suite of tools and services to help mitigate vulnerabilities across every stage of the modern software supply chain.

The post Red Hat Pushes New Tools to Secure Software Supply Chain appeared first on SecurityWeek.

Rheinmetall confirms being hit by Black Basta ransomware group, but says its military business is not affected.

The post Rheinmetall Says Military Business Not Impacted by Ransomware Attack appeared first on SecurityWeek.

Iranian threat actors use a Windows kernel driver called ‘Wintapix’ in attacks against Middle East targets.

The post Iranian Hackers Using New Windows Kernel Driver in Attacks appeared first on SecurityWeek.

Microsoft Build, the company's annual developer conference is officially underway, and a product that is getting extra special attention at the event is the Microsoft Edge web browser. It is getting updated with a completely new design, and picking up several business-first features like the powerful Microsoft 365 AI Copilot in the sidebar to speed you through work-related tasks (which even will integrate with a Chat GPT plugin).