Nier Creator Yoko Taro Reportedly Teases Nier 3 At Series Orchestra Concert

Nier Creator Yoko Taro Reportedly Teases Nier 3 At Series Orchestra Concert

Nier series creator Yoko Taro reportedly teased a third Nier game during the Nier: Orchestra Concert earlier this month. As reported by Eurogamer, during the concert, which celebrated the Nier series’ music in London, Taro apparently made a surprise appearance and asked for people to clap and cheer as loudly as they could so that Square Enix president Takashi Kiryu – in attendance – could hear the demand for more Nier, according to one fan at the event. 

However, the biggest tease of the night came from an on-screen word that appeared multiple times throughout “the story of the show,” SanTheSly, the fan in attendance, writes on ResetEra

[embedded content]

“[The] word REPENT was shown repeatedly as part of some dialogue,” SanTheSly writes. “The final instance was spelled as R3PENT. Both me and the person I’d gone with picked up on it and wondered if this was a tease.” 

That sounds like a tease to us; otherwise, why else change the word “repent” to randomly feature a “3.” However, some fans of the series already consider Nier Reincarnataion, a mobile gacha game shutting down in April, to be the third game in the series. On that timeline, Nier (and its remastered Nier: Replicant counterpart) is the first in the franchise and Nier: Automata the second. If Nier Reincarnation isn’t the true third Nier game, perhaps Taro was teasing that could be on the way – Nier Repent does have a nice ring to it. 

[Source: Eurogamer]

Do you want a third Nier game? Let us know in the comments below!

Ender Lilies Sequel Ender Magnolia: Bloom of the Mist Enters Early Access Next Month

Ender Lilies Sequel Ender Magnolia: Bloom of the Mist Enters Early Access Next Month

During last week’s Nintendo Direct: Partner Showcase, it was revealed that the 2021 action Metroidvania Ender Lilies: Quietus of the Knight is getting a sequel in the form of Ender Magnolia: Bloom of the Mist. The initial trailer provided a vague 2024 launch window, but we now know it’s hitting Steam Early Access first on March 26. 

Ender Magnolia: Bloom in the Mist is set within the same universe as Ender Lilies but takes place in the magically saturated Land of Fumes. A mind-warping toxin has been unleashed from the magic-infused soil and dangerous Homunguli ravages the land. It’s up to protagonist Lilac, an “Attunder” capable of cleansing Homunguli, to save the day. You can check out the game’s new trailer below.

[embedded content]

Like Ender Lilies, Ender Magnolia is a dark fantasy Metroidvania in which Lilac is paired with another entity who actually handles the killing: a Spirit Reaper capable of killing Homunguli, which, in turn, adds their abilities to your arsenal. The sprawling 2D adventure tasks players with discovering hidden collectibles, gear, and items to bolster their ability to tackle a variety of bosses.

While it’s unknown exactly how long Ender Magnolia will be in Early Access, Ender Lilies also went through an Early Access phase that wound up working to the game’s benefit. Ender Magnolia: Bloom in the Mist is slated to launch for PlayStation and Xbox platforms as well as Switch later this year. In the meantime, you can read our positive review of the Ender Lilies: Quietus of the Knight here.

Pokémon Returns To Kalos With Legends: Z-A in 2025

Pokémon Returns To Kalos With Legends: Z-A in 2025

During today’s Pokémon Presents stream celebrating Pokémon Day, we got our first look at the next major title coming to the Nintendo Switch. Called Pokémon Legends: Z-A, the teaser suggests the game will be set in Lumiose City, a Paris-inspired area first seen in Pokémon X and Y. It’s not just a long-awaited follow up to Pokémon Legends: Arceus – it’s an overdue return to the world of Pokémon X and Y.

Check out some images from the trailer below:

The teaser, which does not contain any actual gameplay footage, shows a Pikachu hopping around a city made of glowing blue lines. While it’s not immediately clear that the city is Lumiose, eagle-eyed fans will notice many familiar friends from that generation of games, including Pyroar, Flabébé, Klefki, and Hawlucha. These images are juxtaposed with architectural sketches and the words “urban redevelopment plan.” This would suggest that Pokémon Legends Z might take place during the construction of Lumiose City, putting it in line with the historical setting we experienced with Pokémon Legends: Arceus.

Other than the teaser, details are scarce. We’ll have to wait until 2025 to see more. Speaking of 2025, we also recently heard reports that Nintendo’s Switch successor will come out no sooner than March of that year. For more Pokémon Legends, check out our review of Legends: Arceus, which we called “a worthwhile spin-off adventure.”

Are you excited for Pokémon Legends: Z-A? Let us know in the comments below!

Threat prevention & defense for government agencies – CyberTalk

Threat prevention & defense for government agencies – CyberTalk

Pete Nicoletti is a Field CISO for the Americas region at Check Point. Pete has 32 years of security, network, and MSSP experience and has been a hands-on CISO for the last 17 years. Pete’s cloud security deployments and designs have been rated by Garter as #1 and #2 and he literally “wrote the book” on secure cloud reference designs, as published by Intel Press: “Building the Infrastructure for Cloud Security: A Solutions View.” 

If you’ve noticed the recent, alarming surge in targeted phishing, successful ransomware attacks and exfiltrations plaguing government agencies, you’ll want to explore these crucial insights around proactive prevention and how to strengthen defenses.

In this interview with Check Point CISO Pete Nicoletti, discover why government agencies are prime hacker targets, delve into recent cyber security breaches, and find out about how to deftly avoid potentially ruinous cyber threats.

Tell us about the phishing and ransomware trends that you’re seeing among government agencies:

We now have millions more college-level English speakers and above-average Python programmers, as ChatGPT enables this for $20/month! ChatGPT can pass advanced English and has an IQ over 120!  Highly targeted phishing/whaling emails using previously exfiltrated information, combined with over-posted social media information, are enabling criminals to create familiarity with their target. Once accomplished, they add a sense of urgency and the result is a significant click rate on phishing emails.

Government agencies are losing….Why? They are the #1 target, and email is the #1 vulnerability/malware delivery vector.

Why have CISOs struggled to prevent nation-state attacks in the past?

  • Disparity in resources between offense vs. defense
    • As per Christopher Ray: Chinese Communist Party hacking resources are ~50 – 1 vs U.S. federal staff resources
  • Poor tool selection, not based on efficacy, but based on lowest price only
  • Dependency on substandard cloud service provider/email provider tools

Microsoft tools protecting Outlook are just not good enough…  

Can you share two or three best practices you’d like to see government agencies adopt?

  • Evolve from traditional gateway solutions to API-based architecture.
  • Don’t trust tools that are bolted onto your license. Again, they are not good enough.
  • Analyze tools for efficacy during the purchase phase. Demand 3rd party test results, test in your environment with real traffic and loads.

Why is phishing prevention through an AI-driven inline, API architecture most effective?

Security by obscurity: Hackers cannot easily determine what security technology is in use. Gateways are trivial to identify and then they test their phishing and malware against them.

Scalability: API-driven technology can scale with message volume and can be easily deployed, managed, and upgraded….or added in-line with other tools.

You must have AI-driven analysis to keep up with AI-driven threats. Old signature-based tools and end-user reporting of spam are not good enough to protect critical assets.

If you work for or with government agencies and would like more information from CISO Pete Nicoletti regarding cyber security best practices and technologies, please click here or join this webinar.  

Aussie data breach report exposes supply chain risks – CyberTalk

Aussie data breach report exposes supply chain risks – CyberTalk

EXECUTIVE SUMMARY:

Approximately 60% of Australian organizations lack a comprehensive understanding of third-party data breach risks, with over 50% failing to implement impactful measures to assist with long-term third-party risk management. Authorities are concerned…

The Office of the Australian Information Commissioner’s recent data breach report highlights growing concern over supply chain risks and breaches. The report reveals a significant number of multi-party incidents.

These often originate from cloud or software providers, raising questions about awareness of and efforts to mature supply chain security measures.

Commonly reported incidents, catalyzed by supply chain breaches, include phishing, compromised account credentials and ransomware.

OAIC response

The Office of the Australian Information Commissioner (OAIC) is intensifying its pursuit of regulatory actions against organizations that have experienced data breaches. Civil penalties are being exacted through the Federal Court.

In particular, Australia is prioritizing actions in cases where there were clear failures to adhere to reporting requirements and obvious lapses around protecting personal information. This includes situations where organizations have left data vulnerable by retaining it for undue lengths of time.

“As the guardians of Australians’ personal information, organisations must have security measures in place to minimise the risk of a data breach. If a data breach does occur, organisations should put the individual at the front and centre of their response, ensuring they are promptly told so their risk of harm can be minimized,” said Australian Information Commissioner Angelene Falk.

Steps for organizations

An organization’s third-party risk management approach should be unique to the given enterprise on account of who it works with, its role in the larger ecosystem, regulatory requirements, data protection requirements and risk tolerance.

There are numerous ways in which to go about being more proactive around third-party risk. As a strong initial step, the Office of the Australian Information Commissioner recommends, among other things, embedding risk management into third-party contractual agreements.

If your organization is just starting out in this area or would like to improve existing agreements, consider the following:

Define clear expectations and requirements

  • Establish well-defined SLAs. They should clearly outline cyber security expectations and requirements for all parties.
  • Specify ownership of data. Clearly define who is responsible for which data and how it can or cannot be used.
  • Address access and use of customer data. Ensure that data handling aligns you’re your organization’s privacy and security standards.
  • Call out data retention. Define how long data can be stored for. Specify when it should be securely deleted.

Create backup and contingency plans

  • Retain backup vendors for critical services. Should one provider fail for whatever reason, your organization will be able to quickly switch to an alternative without operational disruption.
  • Have a data breach response plan. Roles and responsibilities should be clearly defined. Establish communication channels and procedures for notifying affected parties, should a breach occur.

Regularly monitor and assess

  • Conduct risk assessments. Understand third-party security practices and evaluate risk posture.
  • Conduct compliance audits. Conduct audits in order to verify compliance with contractual obligations. Ensure that third-parties adhere to agreed upon cyber security measures.

Further thoughts

In our global business landscape, supply chain risk management is a critical practice. By limiting supply chain breaches, organizations protect their reputations, avoid emergency costs, and reduce the potential for risk management related lawsuits — Which, again, are about to affect a number of organizations in Australia.

If you’d like to get ahead of potential regulatory and legal challenges, be sure to read A CISO’s Guide to Preventing Downstream Effects (And Litigation) After a Breach.

7 best practices for tackling dangerous emails – CyberTalk

7 best practices for tackling dangerous emails – CyberTalk

EXECUTIVE SUMMARY:

Email is the #1 means of communication globally. It’s simple, affordable and easily available. However, email systems weren’t designed with security in mind. In the absence of first-rate security measures, email can become a hacker’s paradise, offering unfettered access to a host of tantalizingly lucrative opportunities.

Regarding email threat prevention, adherence to security best practices positively influences outcomes. In this article, discover seven unbeatable ways to tackle the issue of email security and dangerous emails. Reduce your organization’s risk, safeguard systems, and minimize your mean time to incident recovery.

7 best practices for tackling dangerous emails

1. Develop and enforce a corporate email policy. This document should provide guidelines around use and monitoring of corporate email services.

Specify that email communications should center around work tasks, work projects and official business. Excessive non-work related email is not acceptable, as it can introduce undue security risks.

Provide guidance around creating strong passwords, rotating them on a regular basis and avoidance of password sharing. Encourage employees to use unique passwords for corporate accounts.

An email policy might also note that in an effort to prevent insider threats, employees may be subject to monitoring of messages that reside on the mail server.

2. Implement an advanced email filtering system. Invest in technologies that can sift through emails before they reach the end-user. These technologies analyze patterns, identify anomalies and continuously adapt to new threats — providing your people with high-quality threat protection.

3. Incorporate AI-powered tools into your email security stack. AI and ML bring new capabilities to the table. They can identify threats that may be missed by more traditional tooling, blocking the most evasive and sophisticated of threats before they can evolve into intimidating multi-stage attacks.

4. Endpoint security. Ensure that devices used by employees to access email and network resources are secure. Install and regularly update endpoint security software. In addition, implement a password management policy and device encryption.

5. Leverage email encryption. By encrypting emails, your organization ensures that sensitive data remains impervious to interception and unauthorized access. Encryption means that only the intended recipient can open and read through the contents of messages.

This cuts down on the possibility that a bad actor will attempt to parse through data for social engineering purposes, and it reduces the potential for malware-based email attachment attacks, among other threat types.

6. Provide employees with awareness training. Ensure that employees are well-informed about corporate security policies, their responsibilities in helping to maintain organizational security, and common types of threats that they should look out for – many of which are email-based.

Explain recommended best practices and provide contact information for cyber security personnel, should they have any questions or encounter anything seemingly malicious.

7. Opt for an email security solution that goes beyond email. Because email-based threats can spread through an organization horizontally, consider an email security solution that covers all collaboration channels — think G Suite, Teams, Slack and OneDrive. Solutions like Avanan provide this service and offer free proof-of-value.

Bonus: While this isn’t a means of proactively tackling dangerous emails, it will assist with addressing dangerous emails after they’ve been opened or clicked on:

Have an incident response plan. If your organization can take swift action after learning of a threat, you may be able to avoid far-reaching damage and unexpected expenses.

Regularly evaluate and update an incident response plan. This will help ensure that your organization can combat new and emerging email threats. Check out our incident response resources, here.

Lastly, subscribe to the CyberTalk.org newsletter for timely insights, cutting-edge analyses and more, delivered straight to your inbox each week.