Please tell your friends about federated social media site that speaks several fediverse protocols thus serving as a hub uniting them, hubzilla.eskimo.com, also check out friendica.eskimo.com, federated
macroblogging social media site, mastodon.eskimo.com a federated microblogging site, and yacy.eskimo.com an uncensored federated search engine. All Free!
An IT security guy at a place I once worked said the executives were the biggest security vulnerability the company had because they wanted what they wanted and didn't care much about security. I think that's what tool Maersk down a few years ago - some exec installed malware that spread to the entire network.
"they normally put big all caps bold red warning if the person is a VIP, eg C suite, so they get VIP service - ie anything goes."
UPDATE: NARA has taken this down/rescinded, and stated that it had "many inaccuracies."
This is NOT GOOD. #archives " Restricted-Access Federal Facility, Effective July 7, 2025 Effective July 7, 2025, the National Archives at College Park, MD, will become a restricted-access federal facility with access only for visitors with a legitimate business need. It will no longer be open to the general public." archives.gov/college-park
We hold permanent records created by Federal agencies that include: Textual records from civilian agencies Army unit records dating from WW1 Navy unit records dating from WW2 Still pictures Electronic records Cartographic and architectural holdings …
People keep telling me that X11 doesn’t support DPI scaling, or fractional scaling, or multiple monitors, or something. There’s nothing you can do to make it work. I find this surprising. Why doesn’t it work? I figure the best way to find out is try the impossible and see how far we get.
I’m just going to draw a two inch circle on the screen. This screen, that screen, any screen, the circle should always be two inches. Perhaps not the most exciting task, but I figure it’s isomorphic to any other scaling challenge. Just imagine it’s the letter o or a button we wish to draw at a certain size.
I have gathered around me a few screens of different sizes and resolutions. My laptop screen, and then a bit to the right a desktop monitor, and then somewhere over that way a nice big TV. Specifically:
$ xrandr | grep \ connected
eDP connected primary 2880x1800+0+0 (normal left inverted right x axis y axis) 302mm x 189mm
DisplayPort-0 connected 2560x1440+2880+0 (normal left inverted right x axis y axis) 590mm x 334mm
DisplayPort-1 connected 3840x2160+5440+0 (normal left inverted right x axis y axis) 1600mm x 900mm
I think I just spoiled the ending, but here we go anyway.
I’m going to draw the circle with OpenGL, using a simple shader and OBT. There’s a bunch of not very exciting code to create a window and a GLX context, but eventually we’re going to be looking at the shader. This may not be the best way to draw a circle, but it’s my way. For reference, the full code is in circle.c.
I got a little carried away and made a pretty color wheel instead of a flat circle.
The key variable is radius which tells us how many pixels from the center the circle should be. But where does the shader get this from?
glUniform1f(0, radius);
Okay, but seriously. We listen for configure events. This is the X server telling us our window has been moved or resized. Something has changed, so we should figure out where we are and adjust accordingly.
It’s somewhat annoying that physical width and virtual width are in different structures, and we have to put the puzzle back together, but there it is.
Some more code to handle expose events, the draw loop, etc., and that’s it. A beautiful circle sized just right. Drag it over onto the next monitor, and it changes size. Or rather, it maintains its size. Send it over to the next monitor, and same as before.
Time for the visual proof. A nice pretty circle on my laptop. Another circle on my monitor. And despite the 4K resolution, a somewhat pixely circle on my TV. Turns out the hardest part of this adventure was trying to hold an uncooperative tape measure in place with one hand while trying to get a decent, or not, photo with the other.
We were so close to perfection. Somebody at the factory screwed up, and my TV is actually 66.5” wide, not the claimed 63 inches. So if we learn anything today, it’s that you shouldn’t use a consumer LG TV for accurately measuring the scale of structural engineering diagrams, at least not without further calibration.
The good news is we’ve done the impossible. Even better, I didn’t mention that I wasn’t actually running this program on my laptop. It was running on my router in another room, but everything worked as if by MIT-MAGIC-COOKIE-1. Alas, we are still no closer to understanding why people say this is impossible.
Anyway, I think the point is we should probably ignore the people who can’t do something when they tell us we can’t do it either. I woke up this morning not knowing precisely how to draw a scaled circle, having never done so before, but armed with a vague sense that surely it must be possible, because come on of course it is, I got it working. And now look at me, driven insane by the relentless stare of three unblinking eyes.
With my new knowledge, I also wrote an onscreen ruler using the shape extension. Somewhat tautological for measuring the two inch circle, but in the event anyone asks, I can now tell them my terminal line height is 1/8”, and yes, I measured.
DragonForce Ransomware Cartel are claiming credit for attacks on Marks and Spencer, Co-op and Harrods and say more victim orgs are coming bloomberg.com/news/articles/20…
@se I wonder... maybe the Palo Alto Global Protect firewalls are somehow related to the breach perhaps? That particular software product has had some well documented (CVE) vulnerabilities in the past year related to VPN, plus there's been some pretty serious PAN-OS RCE issues too. Hope everything was patched!
Attached: 1 image
Co-op Group have shut down some systems due to a cyber incident, however retail stores are still trading uninterrupted (which is core to their business).
Co-op Group have now admitted a significant amount of member (customer) information has been stolen by DragonForce Ransomware Cartel, saying they "accessed data relating to a significant number of our current and past members" - around 20 million people. The Membership database, basically. That includes home addresses and phone numbers etc.
Up until now Co-op hadn't even used the words cyber or threat actor, referring to an "IT issue" and "third party" in comms.
for someone who is unfamiliar with the UK retail market, do you happen to know if Co-op is at all related to the Swedish company Coop that suffered from a major ransomware attack a couple of years ago?
The individuals operating under the DragonForce banner and attacking UK high street retailers are using social engineering for entry. I think it’s in the public interest to break down what is…
"Advanced Persistant Toerags", as Ian Levy would put it. Basics don't sell boxes, and when the narrative is controlled by the box-sellers, the basics get neglected.
Was reading your "Actions for Defenders", pt #1 - what are some good suggestions for IT/helpdesk to vet the legitimacy of an "employee" - when was the last time you called the helpdesk? who is your boss's boss? how many times have you worked from home/used VPN in the past month? like what else would be a surefire thing that ONLY a legit employee would know... that the helpdesk could look up that an intruder wouldn't be able to?
Regarding IOCs around the UK retailer activity - there’s loads doing the rounds, and they’re almost all not useful.
Eg hundreds of dynamic VPN IPs from 2022. If you google them you’ll find them on vendor blogs from years ago for Scattered Spider - people are recycling in panic and passing around in panic.
Don’t hunt on random IOCs. IP addresses change. Strengthen foundational controls. Review sign in logs for abnormal activity etc.
UK cyber security at private firms tends to be very poor on average but social engineering remains the hacker's most effective tool.
Slack and Teams access in particular seems like a large attack vector. I believe the Twitter hack a few years back - when it was Twitter - was facillitated by superuser creds being pinned to a slack channel.
Rebuilding business is prioritised by importance. If the online shop is a small side hustle compared to the brick&mortar ones (or is much slower), then it’s lower priority.
Communicating the current status and expected progress is better, builds trust.
Wages usually are handled as lump payment, i.e. the same sum as last mont - and corrected later when the HR systems are back online.
The incidence response team should cover IT forensics, BCM and communication.
When I was in an M&S yesterday they had card payment working fine but they were having obvious fresh stock problems. While M&S online shopping is probably large for them, they also have a deal with Ocado to do M&S food deliveries, so I suspect that might still be partially going.
“a former chief executive at another firm and had to deal with a data breach” is an awkward way to say “overpaid jackass who was fired for his handling of a data breach”
There's a report on ITV News that Co-op member data is available on the Dark Web(tm), but as far as I know this isn't accurate. DragonForce's portal hasn't been available for over a week.
Here's the ITV News report anyhoo, logline: "ITV News understands the the ongoing cyberattack faced by the supermarket has worsened since Friday, impacting the ordering system, drivers and warehouse staff."
I'm not sure people realise that "members" are mutual owners, but "customers" are anyone using co-op services, whether members or not. Not sure which are in the data breach - perhaps both? I think the members' db is probably separate.
Sunday Times has a piece looking into ransomware incident at Marks and Spencer. It's pretty good, goes into their contain and eradicate focus.
"By shutting down parts of the IT estate, Higham’s team had worked to prevent the attack from spreading, but had also stopped parts of its digital operations from functioning. This was considered a worthy trade-off."
One error in the article - lack of recovery doesn't mean no ransomware paid. Paying is not quick restoration.
There’s a piece in The Sunday Times today about the DragonForce ransomware incident at Marks and Spencer which caught my eye. It’s a great piece, e.g. it looks at M&S containing the threat to…
Sky News quote a source in M&S head office saying Marks and Spencer have no ransomware incident plan so they are making it up as they go along apparently, with staff sleeping in the office and communicating via WhatsApp.
M&S dispute this, saying they have robust business continuity plans.
One of the points of exploitation of large orgs is they usually outsource their Service Desk to somewhere cheap offshore who don’t know the org staff, and when you call and say your name, they normally put big all caps bold red warning if the person is a VIP, eg C suite, so they get VIP service - ie anything goes.
Co-op Group appear to be trying to course correct with their cyber incident comms.
They’re calling it a cyber incident now, and have put a statement on the front page of their website, along with an FAQ. They haven’t yet emailed members (they should). Edit: they’ve started emailing members.
It sounds like the situation at Co-op has got worse. They’ve stopped taking card payments in some stores, it’s cash only. telegraph.co.uk/business/2025/…
One thing for media covering the Co-op thing - attackers are not impersonating IT help desks to gain access. They’re impersonating *staff* calling in to the IT help desks - they’re different things.
The Co-op is redirecting food and drink supplies to stores in rural and remote areas in a bid to protect isolated communities from shortages following a serious cyber attack.
I just did a Shodan Safari on Co-op - basically all their Windows and Linux systems in their core DCs at network boundary are down, it's not just EDI. It's been like that for just under a week, prior to that things were still online.
I feel really bad for them as it's a great org. Also their CEO is basically the only one who stood up like this for trans people.
If you're wondering about Marks and Spencer - I just did a Shodan Safari of their network boundary, Palo-Alto GlobalProtect VPN remote access access is still offline, 15 days later.
Online orders are still not working, and the store stock checker is disabled now.
Marks and Spencer’s online shopping is still offline 3 weeks later. It is thought they have lost around £63m so far, excluding IR, BCP and ransom payment costs. drapersonline.com/news/ms-onli…
The activity we have observed has been attributed to a threat group that Microsoft tracks as DEV-0537, also known as LAPSUS$. DEV-0537 is known for using a pure extortion and destruction model without deploying ransomware payloads.
For anybody wondering what 'dial into the incident response bridge' means, it means they'll literally Teams call into cyber IR bridges as themselves and just extort you to your face. They'll also call CISOs etc. Bad Times at the El Royale.
Marks & Spencer bureau de change staff are being forced to use pen and paper to serve customers as a result of the cyber attack on the retailer and cannot accept card payment. thisismoney.co.uk/money/market…
M&S bureau de change staff are being forced to use pen and paper to serve customers. The travel money desks are also unable to accept card payments in some cases.
Co-op Group have provided some more detail about what it’s doing about remote lifeline stores (ones where they’re the main/only retailer on an island):
“From Monday, 12 of the most remote lifeline stores will receive treble the volume of available product, and another 20 lifeline stores will get double the volume.” bbc.com/news/articles/c071e7x8…
Explore exciting job opportunities at M&S across various sectors: In-Store, Digital & Tech, Clothing, Food, Support, and Logistics. Be part of Britain's best-loved brand, championing sustainability, inclusion, and innovation.
I think Co-op may have stopped recruitment too, they’re a big employer so usually have hundreds of open positions - currently they have 17, and most close today and the rest in a few days.
U.K. retailer the Co-op is still having trouble with keeping grocery shelves stocked as it continues to respond to an attempted cyberattack that forced it to shut down some systems two weeks ago.
Allianz supplies Marks and Spencer's cyber insurance, and will apparently suffer a full tower loss (i.e. it's going to be expensive) insuranceinsider.com/article/2…
Co-op stores in Sheffield, Badenoch, Dunfermline and many other places are apparently running out of produce - it's not possible to keep up with the local media reports but they're basically bored reporters get sent out to photograph half empty fridges.
This ITV News report linking the Co-op and M&S breaches to SIM swapping is not accurate, no source given. itv.com/news/2025-05-12/sim-sw…
They also have a report today saying Co-op stores are restocked, which is also not accurate - that one is sourced from Co-op, but obviously doesn’t stack up to looking in Co-op stores.
If anybody is wondering, all of Marks and Spencer's Palo-Alto GlobalProtect VPN boxes are still offline, 3 weeks later. Pretty good containment method to keep attackers out.
Attached: 1 image
M&S use Palo-Alto GlobalProtect for VPN, they took all the endpoints offline days ago (usually first stage containment for ransomware/extortion groups).
M&S confirm my toot from 3 days ago that a significant amount of customer and staff data was stolen. They’ve known for weeks but opted not to tell anybody. bbc.com/news/articles/c62v34zv…
Re the Co-op Group breach, Co-op say home addresses of customers were exfiltrated (it was the membership database). This one dates back to my May 2nd toot upthread re home addresses - at the time, they didn't specify home addresses.
Co-op's AGM is this weekend, and M&S yearly results and investor contact are next week.
Gonna be awkward for different reasons, e.g. Co-op is member (customer) owned, so the people's data Co-op had stolen are effectively the shareholders and are invited.
The Channel Islands Coop, which is different to Co-op Group, has been able to restock shelves by moving away from Co-op Group for supply distribution and moving to local suppliers. bbc.co.uk/news/articles/c3d4xv…
The Grocer reports Nisa and Costcutter are running out of fruit & veg, fresh meat and poultry, dairy products, chilled ready meals, snacks and desserts.
Nisa and Costcutter are supplied by Co-op Wholesale, which is dependent on Co-op Group.
“It’s really poor. I feel bad for them but what makes it worse is their hush-hush mentality about it. There’s no proper level of communication and we get random updates.”
In communications sent to retailers, the symbol groups listed products that were either ‘temporarily unavailable’ or ‘out of stock’ as a result of supplier issues
Co-op Group have told their suppliers that "systemic-based orders will resume for ambient, fresh, and frozen products commencing Wednesday 14 May". They say forecasting system will still be impacted.
Financial Times report Marks and Spencer expect to claim £100m on their cyber insurance, the maximum allowed, suggesting losses probably more. ft.com/content/723b6195-1ce7-4…
If you want figures for your board to set expectations in big game ransomware incidents, Co-op containment just over 2 weeks, M&S just over 3 weeks so far - recovery comes after.
In terms of external assistance, Co-op have Microsoft Incident Response (DART), KPMG and crisis comms. M&S have CrowdStrike, Microsoft, Fenix and crisis comms.
The threat actor at Co-op says Co-op shut systems down, which appears to have really pissed off the threat actor. This was the right, and smart, thing to do.
While I was at Co-op we did a rehearsal of ransomware deployment on point of sale devices with the retail team, and the outcome was a business ending event due to the inability to take payments for a prolonged period of time. So early intervention with containment was the right thing to do, 100%.
Marks and Spencer say food distribution to their stores is returning to normal. It follows Co-op's announcement yesterday that food and drink distribution will begin to return to normal from the weekend. reuters.com/business/retail-co…
The link in the article to Vectra Cognito AI has a Coop Sweden logo on it, and the Coop Sweden CISO is named. Coop Sweden is different company. Coop Sweden went on to have a ransomware attack that crippled the org, including point of sale, so I don't think it's a good sales point. Same with Silverfort.
Google AI has ingested the article and now uses it to claim Co-op Group use the tools.
The Times reports M&S were breached through a contractor and that human error is to blame. (Both M&S and Co-op use TCS for their IT Service Desk).
The threat actor went undetected for 52 hours. (I suspect detection was when their ESXi cluster got encrypted).
M&S have told the Times they had no “direct” communication with DragonForce, which is code for they’re using a third party to negotiate - standard practice.
M&S looks to be moving to reposition their incident as a third party failure, which I imagine will help redirect some of the blame (they present their financial results during the week to investors): bbc.co.uk/news/articles/cpqe21…
Both M&S and Co-op outsourced their IT, including their Service Desk (helpdesk), to TCS (Tata) around 2018, as part of cost savings.
There's nothing to suggest TCS itself have a breach btw.
Basically, if you go for the lowest cost helpdesk - you might want to follow the NCSC advice on authenticating password and MFA token resets.
I've put a 3 part deep dive blog series coming out probably next week called Living-Off-The-Company, which is about how teenagers have realised large orgs have outsourced to MSPs who follow the same format of SOP documentation, use of cloud services etc. Orgs have introduced commonality to surf.
The Office of the Privacy Commissioner for Personal Data (PCPD) has confirmed that Marks and Spencer (M&S) Hong Kong has not informed it of a recent customer data leak, nor responded to its enquiries. hongkongfp.com/2025/05/19/ms-h…
The Office of the Privacy Commissioner for Personal Data says M&S Hong Kong has not informed it of a recent customer data leak, nor responded to its enquiries.
"Cyber analysts and retail executives said the company had been the victim of a ransomware attack, had refused to pay - following government advice - and was working to reinstall all of its computer systems."
Not sure who those analysts are, but since DragonForce haven't released any data and M&S won't comment other than to say they haven't had any "direct" contact with DragonForce, I wouldn't make that assumption.
There's also a line in the article from an cyber industry person saying "if it can happen to M&S, it can happen to anyone" - it's ridiculous and defeatist given Marks and Spencer haven't shared any technical information about how it happened, other than to tell The Sunday Times it was "human error"
The Air Safety version of cyber industry would be a plane crashing into 14 other planes, and industry air safety people going "Gosh, if that can happen to British Airways it could happen to anybody!"
I made this point a few weeks ago, but... outsourcing all your IT, Networks, Service Desk (helpdesk) and operational cybersecurity is a temporary cost saving and basically paints a ticking timebomb on the org, IMHO.
M&S say online ordering will be stopped until sometime in July, and it has taken a £300m hit, far higher than analysts had predicted. bbc.co.uk/news/articles/c93llk…
The NCA has confirmed on the record that the investigation into the M&S and Co-op hack is focused on English teenagers. I could toot the names of the people I think they’ll pick up, but won’t.
The CEO of M&S has declined to comment if they have paid a ransom. For the record: I’ve heard they have, in secret, via their insurance. reuters.com/business/retail-co…
I guess it's low risk since the electronic displays are basically paper - Dumb eink displays that you update via RFID from a handheld. (The ones I saw in the local coop worked that way anyway.)
This stuff is brilliant. Based on e-paper and runs on Zigbee.
And they can raise the prices between you picking things off the shelf and going through the checkout and you'll have no proof that it was offered at a lower price.
e-paper price labels are apparently extremely common in mainland Europe. The UK is extremely slow to adopt things like this.
*In theory*, during an incident, the labels would remain as-is until they receive a new price. So TAs would specifically need to target the pricing database prior to wiping.
TCS has a security incident running around the M&S breach.
Interestingly the source claims TCS aren't involved in Co-op's IT - which is categorically false, they took over most of it while I worked there, including the helpdesk, and my team (SecOps) after I left.
While Co-op have restored every customer facing system and internal systems like recruitment and remote working, M&S still don't even have recruitment back.
I'm reliably told they paid the ransom, so they'll be target #1 basically forever with other ransomware groups now due to resiliency woes and willingness to pay.
Marks and Spencer's remuneration committee have opted not to dock the CEOs pay as expected and prior reported over the cyber incident, but instead increased it by £2m. bbc.co.uk/news/articles/c23mz5…
Marks & Spencer is holding walk-in in-store recruitment open days to fill vacant roles while its online hiring system remains offline following its ransomware attack in April. thegrocer.co.uk/news/mands-sto…
This Daily Mail piece about security leaders thinking work-from-home means they will be crippled is horseshit, I'm not linking it.
They've taken a survey about how security people think their businesses couldn't survive ransomware, and linked it to working from home. WFH isn't the problem: business IT and resilience being built on quicksand is the problem.
The 'WFH' allegations seem in especially bad faith given the suspected entry point for the M&S compromise: the outsourced helpdesk.
Those guys are even more compliant labor than work-not-from-home employees, so the Daily Heil isn't going to say anything; but lack even the (informal; but in practice often at least reasonably effective) "does the IT person you just poked recognize who is interrupting with a password question?" ID verification step with onsite workers and onsite IT.
I could draft an opposing headline about how ransomware and cyber threats will naturally proliferate faster and more easily within a physical network than it will in a distributed environment. It wouldn't be the whole story either, but it's just as true.
I WFH 100% of the time. I never connect to an office "network". The only way I could spread any form of malicious payload to my colleagues is through shared communications platforms which not only requires ME to fuck up so that my account is used to send that payload to others, but it then requires the recipients to ALSO screw up and make mistakes like open dodgy links or attachments. WFH provises an additional buffer to protect an organisation, in my opinion.
I think they did a great job. They do call it a "highly sophisticated attack", which, frankly.. isn't true and may come out in open court later if the suspects are ever caught.
6 weeks from containment to "near full" recovery, for statto nerds like me who track this stuff.
I'm sure the logic of 'work from home' being an existential threat while extensive exposure to outsourced managed services is just good sense must only baffle me because I'm not the sort of person who deserves a bonus that brings me up to £7 million for the year; not because it's questionable.
TCS have told shareholders their systems were not compromised in the hack of M&S.
As an explainer here (not in the article): TCS IT systems weren't compromised. Their helpdesk service (they're AD admins at M&S) was used to gain access to M&S. They manage M&S IT systems. reuters.com/business/media-tel…
M&S haven't been able to supply sales data - so the British Retail Consortium (BRC) - used by the UK government as as economic indicator - basically made up figures for M&S and didn't tell people they had done this.
Ultra spicy post claiming to be from UK retailer employee (M&S or Co-op) about their experience with TCS on their security incident. reddit.com/r/cybersecurity/com…
I'd be very curious to know what the breakdown is between TCS dropping the ball and lying about it and M&S/Co-op not actually insisting on adequate procedure.
It's not terribly uncommon for people to only care about time-to-resolution with some lip service to user satisfaction when it comes to helpdesk metrics; and tacitly discourage things that are slow and unpleasant like hassling people for ID, at least until that becomes a visibly terrible idea.
as someone who has been subjected to Tata on multiple occasions going back over a decade?
This isn't nearly spicy enough. I don't even describe them as a 'body shop' because they'd gladly route you to a corpse and try to charge extra for '24x7 coverage.'
When one employer did a basic security audit of their helpdesk services, Tata failed so severely that the contract was pulled for cause before the audit was even completed. They moved it all back in-house.
The root problem here isn't that TCS are shockingly bad (they are, just about everyone knows that).
The root problem is that "management decisions" constantly overrule those that raise concerns about their service and tell any remaining internal IT and security staff to "deal with it as best you can."
I'm very much of the view that, yes, the outsourced provider can be the cause of an incident, they can provide a shockingly bad service, they can cost your business millions of pounds. But the decision to continue to use them when you already know this is a real possibility - that's a decision by senior management within the company. That's on you.
ATOS in the past have operated in a similar way (my experience). But if a post mortem investigation finds that the IT contractor was at fault and created an attack vector, as perhaps is being implied here, then I believe that any current business insurance policy might not cover the financial losses. I guess that the affected businesses might need to pursue legal action. What a mess 🤦
Interesting. I don't have the background on this specific attack, but I'm reminded of the Target credit card theft. An HVAC company near me was the point of entry for the attackers; they had high-access keys to Target's intranet because they install and maintain shopping-mall-grade HVAC and can remote-override it for maintenance and schedule reasons (nation-scale chain stores with giant footprints save not-inconsequential money on things like "Don't power up the HVAC to normal capacity on days nobody is here").
They had the keys on the same machine running their webserver.
(Meanwhile, Target actually did get an SEC slap-on-the-wrist for one specific thing: the HVAC intranet piece wasn't firewalled from the financial transactions and cash register source code pieces).
I’m certainly no IT security expert, but if your system is getting popped by three kids, does that perhaps indicate that you may have missed a few opportunities for improvement in the past? 🤔
If you ever doubted the link between Scattered Spider(tm) and LAPSUS$ - one of the people arrested today was a key part of the LAPSUS$ attacks a few years ago.
Authorities in the United Kingdom this week arrested four alleged members of "Scattered Spider," a prolific data theft and extortion group whose recent victims include multiple airlines and the U.K. retail chain Marks & Spencer.
Co-op finally admitted the entire membership database was stolen
I had this in the thread months ago, they originally tried to deny it entirely then tried to say ‘some’ data was accessed when they knew it was the whole thing.
Personally I think Co-op did a really good job getting out of that situation and minimising impact.
I definitely think if you have a LAPSUS$ style advanced persistent teenagers situation, tilt towards open and honest comms as those kids will use secrecy against ya. It’s 2025, it’s okay to say you got hacked, people largely understand. Also, in IR, lawyers are usually stuck in 1980 advice - it’s just advice, they ain’t yo boss.
When GDPR was being introduced, I got to see *so much* bad advice being given to companies by their lawyers that it made me realise how many lawyers really are making it up in the spot as much as everyone else - and therefore bringing their own biases and misapplied experiences.
It’s 2025, it’s okay to say you got hacked, people largely understand.
Probably the most damning indictment of the entire computing industry that I've seen for a long time.
I don't disagree at all. But this absolutely should not be the case and wouldn't be if we weren't still building core infrastructure around ideas that were known to be bad by the mid 1980s.
Four young people who were arrested for their suspected involvement in the damaging cyber attacks against Marks & Spencer, the Co-op and Harrods, have been bailed.
at this point I'm much more surprised when someone over 25 gets picked up for hacking stuff, I think some dude was helping gangs smuggle drugs into Rotterdam via hacking into the port logistical systems, they were like 41 with kids, that was way more unexpected to me lol
Europe’s commercial ports are top entry points for cocaine flooding in at record rates. The work of a Dutch hacker, who was hired by drug traffickers to penetrate port IT networks, reveals how this type of smuggling has become easier than ever.
The term 'user' in "no TCS systems or users compromised" could be more interesting to argue on in a civil liabilities case.
If a TCS staff member falls for social engineering (even if the action they take is within an assigned M&S tenant account...), is that not the same as a TCS user being compromised?
Anyway... I'm sure that statement won't at all be like rubbing salt in M&S's wounds.
I keep reminding people who mention this that M&S outsourced their IT services to the cheapest possible option. That immediately tells you how much they care about your data safety and security. It’s so important to them that they phone it in. Absolute joke.
Still didn’t have any Percy Pigs at the last store I checked either. Staff told me they don’t know what they’re going to receive one delivery to the next.
the daily mail publishing click bait headlines with sensationalist takes that fit the narrative the rich and powerful want to push? Who could have predicted that ahead of time?
bankers are so afraid of WFH destroying the commercial real estate market, they'll pay for all kinds of bogus studies and make sure they get published and repeated far and wide to attempt to stop the wave of progress and modernization that is WFH. WFH is better for EVERYONE except the bankers who own your office. Fuck them. Fuck companies that capitulate to bankers and enact RTO policies to get preferential lending rates. Stay home
Marks and Spencer abandoned my city to take themselves out in the sticks where the only way to get to them from here, is by car, so I have abandoned Marks and Spencer's, they have nothing really original anyway.
I took that to mean that they (or more likely the analysts they hired) have concluded it's cheaper/quicker/safer to rebuild new systems from scratch than to continue any further recovery. So drawing a line in a financial & investigative sense, rather than saying that £300 million is just a scratch.
And rebuilding from the ground up would seem to tie in with their statement about online orders being unavailable until at least July and then "ramping up" after that.
unless maybe you outsource, but to a bunch of different providers, spreading risk? ie use local OpenLDAP as an organisation management tool (does not eerste a huge amount of resources, then set up mail with A, storage with B, web with C, etc. ?
when I got my business degree, one of my management profs said that the instant you outsource, you give up control. To the service provider, you move from income to liability on the balance sheet because you now are costing them money, and to eke out any profit they need to cut costs related to providing service to you.
They are still within the contract sla period for a response from the outsourced help desk. Sorry. But the contract sla only covers time to first response to the ticket not when the ticket will be done. Also orders for that many new machines exceeds the average % of requests and so is subject to delays from the equipment supplier
One of the big MSP's from India was adamant: 1. Personnel is not allowed to store passwords. 2. Must use unique passwords for every service. 3. Passwords must rotate every X days. 4. Only sanctioned apps are allowed. 5. No password manager is sanctioned or installed by default.
I have memories of those exercises 😅 (particularly logistics chiming in with 'erm, we'd need to kill all supplier orders asap' and the room going quiet 😳) Just glad some of the lessons sank in....
the thieves could probably show up at the AGM and present themselves as a member, since they have access to all the information the Co-Op has on it's membership...number, address, etc.
Short of checking govt. ID or requiring a hard copy of the meeting invite that was mailed to their address. Even then, the thieves might've gotten away with that too.
I wonder if the M&S and Co-op PR departments are constantly waiting for the other to announce something so that they themselves can push out an announcement and hope theirs goes under the radar?
I can only hope this data breach is the kick up the arse needed to abolish the common practice of using date of birth as an (immutable!) security password. Once it’s public knowledge it’s beyond useless… it’s a liability. Especially in banks.
Today they apparently emailed all customers that have ever purchased items from their online store. I received two such emails, an apologetic one from Stuart (CEO), and a slightly more explanatory one from Jayne Wall (Customer Services).
I was on holidays in Brodick (Arran, Scotland) last sunday, I can confirm the Co-op was low on products, with only potatoes available as fresh vegetables 😬
I though it was because it was a sunday late afternoon, but reading your thread it was clearly linked to the cyber incident
I am hoping that the local Co-Ops might be able to bypass the Co-Op Group for some items if the problem persists. The Southern Co-Op shops sell local/regional items where a nearby "Manchester" Co-op (as I have heard some of the Southern staff refer to the Co-op Group) shop doesn't.
When will the world learn: IT opsec is everything. More important than the countless millions they spend on physical security in terms of potential incident costs....
maybe by hybrid, they mean a workforce consisting of vastly overpaid & mostly useless execs, and grossly understaffed, underpaid, & unappreciated workers trying to keep the wheels from falling off?
you don't understand, I lost at least 700 million to the drugs I had to buy to help my paranoia because I can't watch my wageslaves Imean workers do their job
Ehm, they're doing both things. The easiest way to get physical access to most companies is to pretend being an employee of their it service contractor. They often just open all of the doors and show you the way right into the server room or ask you if they should log out before you take over (followed by if you'd like tea or coffee). At most what you as an attacker risk is getting also tasked with fixing the printer or copy machine "now that you're already here"...
Well, that's an easy one. Just say that you are calling regarding the reported problem with Outlook.
On the one hand you have a ~90% Chance, that the called person had.a Problem in the last Week, and on the other hand will hand you over the username as well as the password immediately.
I'm somewhat surprised, that this had not been tried earlier.
noticed the shelves in my local Co-op were not looking good this evening. Looks like they are struggling getting items ordered via their fallback methods.
Can also confirm, from several years ago, that sometimes there is also an Executive Assistant with a flag in some systems to ‘call on behalf of’ C-Suite/VPs.
It’s like a privilege escalation on people exploit 🤣😂
The cult of “it’s an exec!” and thus able to bypass normal protocols has always made me cry - especially seeing as how they’re the ones with access to the juicy stuff and (usually) have low IT literacy and awareness.
Often, when I’ve worked with an org to help strengthen the help desk, the push back has been from the service desk management (scared that they’ll been seen as impeding the exec in the course of Important Work). Usually asking the question “would you rather be responsible for an extra 60 seconds on a call, or for the entire company being breached?” helps them to see the light.
The other source of friction is from the admin assistants of the execs who seem even more entitled than the execs themselves. An appeal to vanity (“we have to be extra careful when you call in because you’re in a very privileged position”) can work wonders.
Every time I’ve spoken directly with said execs and explained exactly why they are going to be asked to positively ID themselves for any interaction they have been 100% supportive.
This is basically the plan for most businesses in reality.
It's fine to talk about stuff being "widely known best practice," but when IT shows up with big expenses for backups and security, the MBA's always decide it's more important to rightsize the headcount and operate lean. Many IT departments report up through an MBA and not a technical person, and many IT people are terrible at communicating risk dramatically enough to get money.
The thing that gets me is that the two statements are probably true for the people who said them. The Security group may have wargamed and prepared for malware attacks, and done so in a way that no one else in the technical stack even noticed happening (beyond some new agent installs being requested). So when the attack comes, the Security plan swings into action and no one outside of Security knows what it is or has practiced it.
This is high visibility. Executives step in to make Declarations, complicating the response. This is an incident big enough to need sub-commands to track various workflows, reporting up to a rotating incident command. Everyone wants to help, the workflows aren't well defined yet, and people help on their own authority (thanks to Command not having a clear picture yet and guiding where help would be good) and maybe make things worse in a few spots.
In fairness, I don't think I've ever believed a ransomware incident response plan would *actually* be used in any meaningful circumstance beyond an ISO audit anyway.
@ollie_whitehouse Do egress filtering (esp. for servers) with alerting. If there is unknown communication, then you have either a misconfiguration or a problem.
Keep critical IT infrastructure (network, firewalls, SAN/NAS, virtualisation, backups) separated from Active Directory.
Do not couple internet-facing systems (including VPN and M365) with your local AD.
@ollie_whitehouse One Entra Conditional Access policy to block high risk logins, a second policy to block high risk users. You most likely want to do both, and need to do them in separate policies
I agree with most of your arguments. (In fact, the only one I take exception with is comparing ransomware with climate change. Ransomware is a much more real and urgent problem.) Those are pretty much arguments I've used myself when advising customers hit by ransomware not to pay.
But, ultimately, it's the company's decision. Even if the company makes the wrong decision, the government shouldn't be the one who decides for them.
The Ransomware-as-a-service (RaaS) model has not recovered from law enforcement disruption, and the entrance of novice actors along with non-Russian state-linked cybercriminals has led to uncertain outcomes for victims.
superb summary. Surprising it still hasn't been made mandatory to report incidents, and clearly payments to criminal groups should have been outlawed before now. You'd have thought that would easily have fallen foul of the existing anti-money laundering/anti corruption regs.
My thought after reading this is very old school. When the first indication appears, shut everything down. I have seen banks do this, and watched tellers calmly tell customers "I'm sorry, but the system is temporarily shut down" and start from there. If the breach is stopped quickly enough, you may have a chance. Also, what about off site storage, that would not be accessible to the attacker? Ultimately, the decision is a risk management decision, to evaluate as quickly as you can
I caught a typo similar to ones I make, hope this helps. "Travelex aren’t alone. When I covered the Capita ransomware, they paid quietly paid" maybe delete one of the "paid"s
it's good to make that known, i remember reading pieces about how professional the "commercial" side of these groups were and how companies found it so compeling to pay for the "service", that gave me an impression of a much better argument for doing so (with the downside that it does fund crime and rewards it).
it absolutely blows my mind that *anybody* pays ransomware attackers off, *ever.* Taking your lumps is better even WITHOUT the fact that you're literally funding them to continue attacking people, and that eventually (if not much, MUCH sooner) they're going to come right back to YOU again for another handout. Very likely, for the same damn attack you just paid them to keep quiet about in the first place.
Stuart Machin had been looking forward to a long weekend. It was Easter Saturday and the chief executive of Marks & Spencer had retired to his south London home for the evening, after a long day inspecting the aisles of his local M&S branch — somethi…
Multiple explosions were heard in the Iraqi capital, Baghdad, particularly at Camp Taji, a military installation used by Iraqi and the US-led coalition forces.
if you suspect that an enemy is about to make a move on you, what do you do? A. prepare defenses? B. attack first? C. do what the enemy wanted before they get a chance to do it?
Lets keep blaming it all on the Jews when Lucifarians set this shit up. All three of these pieces of shit worship Lucifer. Motherfuckers smell like sulphur.
Anarchism is the great liberator of man from the phantoms that have held him captive; it is the arbiter and pacifier of the two forces for individual and social harmony. -- Emma Goldman
Chinese President Xi Jinping will attend a gathering marking the 80th anniversary of the victory in the Chinese People's War of Resistance Against Japanese Aggression and the World Anti-Fascist War.
Al-Qassam Brigades, the military wing of the Islamic Resistance Movement (Hamas), announced on Tuesday that its fighters carried out a complex ambush targeting a Zionist force entrenched inside a house south of Khan Younis in the southern Gaza Strip.
Ahmed, a rail worker, told WSWS, “The attack on Iran is totally unjustified, it’s also a total threat to democracy… Before we know it, we won’t be able to protest.”
The reason this zine is called "The Secret Rules of the Terminal" is that I learned more useful things while writing this zine than when writing any other zine, even though I've been using the terminal every day for 20 years.
It really left me feeling like the terminal is full of hidden secrets -- because "the terminal" is made up of so many different pieces, there's no single terminal manual you can read!
Here's the table of contents (which as a bonus shows the components of the terminal!)
just picked up my copy! I remembered excitedly that I actually own a color printer now, so I'll be printing this and other ones that I've picked up previously 😁
got it, thanks for all the hard work compiling all this info. I'm digging the cover art, trying to catch every piece of visual language, like the obvious fish in the bowl but also the glob in a globe, color pallete and other fun details.
The ruling isn't a guarantee for how similar cases will proceed, but it lays the foundations for a precedent that would side with tech companies over creatives.
These Labour cuts will push 250,000 more people into poverty, including 50,000 children.
This isn't what anyone voted for.
The UK is a wealthy country, but that wealth is hoarded by a tiny few. The answer isn't to take more from the already struggling, it's to tax the rich.
QUE RETENIR DES 12 JOURS DE CONFRONTATION ENTRE L’IRAN ET ISRAËL ? Infos Brutes- 24/06/25
La confrontation inédite entre l’Iran et Israël aura duré près de deux semaines, marquant une rupture majeure dans la dynamique régionale. Le cessez-le-feu, initié par les États-Unis, témoigne de la volonté israélienne d’éviter une désavantageuse guerre d'usure. Cette initiative reflète en réalité un signal d'essoufflement d’Israël. Mais que nous enseignent réellement ces douze jours d’échanges de frappes ?
Sur le plan politique interne iranien
L’attaque israélienne, justifiée par le prétexte nucléaire, n’a pas affaibli la République islamique. Au contraire, elle a consolidé la cohésion nationale. Face à l’agression, le peuple iranien a resserré les rangs autour du régime, démontrant que la capacité de résistance d’une Nation repose avant tout sur l’unité de son peuple.
Sur le plan technologique – Iran
L’Iran a pu tester grandeur nature ses missiles balistiques à longue portée. Au-delà de la démonstration de puissance, c’est une opportunité d’ajustement technique. L’expérience de terrain servira à perfectionner ces armes, à les rendre plus précises et potentiellement plus dissuasives à l’avenir.
Sur le plan technologique – Israël
La supériorité technologique israélienne, longtemps considérée comme un acquis, a été sérieusement mise à rude épreuve. Malgré la présence du Dôme de Fer, des systèmes avancés de défense antimissile et la puissance de son aviation, les missiles iraniens ont percé les « rideaux de protection » et atteint des cibles stratégiques, ébranlant la confiance dans ces boucliers.
Des décennies d’assassinats ciblés de scientifiques iraniens n’auront pas empêché l’Iran de maîtriser la technologie nucléaire. Les bombardements israéliens, en partie aveugles, n’ont pas détruit les capacités et le savoir-faire nucléaires de l’Iran. La centrale nucléaire de Bushehr n'a pas été touchée et l'incertitude demeure sur l'efficacité des frappes sur les infrastructures souterraines. Pire encore, le stock d'uranium hautement enrichi dissimulé ne finira pas de hanter Tel-Aviv.
L’image d’invincibilité d’Israël en sort affaiblie. Pour la première fois, un État souverain a revendiqué et exécuté des frappes en profondeur sur le territoire israélien avec un lourd bilan humain et des dégâts considérables. Cette brèche stratégique aura un impact durable sur la perception de la superpuissance militaire d'Israël.
Sur le plan tactique – Iran
L’Iran s’attellera désormais à renforcer considérablement ses systèmes de défense aérienne. L’investissement dans des technologies hypersoniques et furtives deviendra une priorité, tout comme la dissimulation accrue des infrastructures militaires stratégiques pour renforcer sa dissuasion et sa capacité de projection.
Sur le plan de la retenue iranienne
Malgré sa capacité à infliger des dégâts considérables, l’Iran a fait preuve de retenue stratégique. Il aurait pu viser la centrale nucléaire de Dimona ou les installations de dessalement, provoquant une catastrophe humanitaire et écologique. Ce choix délibéré de ne pas franchir certaines lignes rouges montre une volonté de ne pas provoquer une guerre totale.
Bien que la Russie et la Chine aient ouvertement condamné les frappes israéliennes, leur soutien concret se veut plus discret. La présence de scientifiques russes sur certains sites iraniens suggère une collaboration étroite dans le nucléaire et le militaire. Les missiles iraniens devenus subitement performants prouvent l'efficacité de la coopération militaire et technologique avec la Russie, la Chine, la Corée du Nord et le Pakistan.
La situation ramène paradoxalement le dossier nucléaire iranien à son point de départ: la voie diplomatique. L’Iran se retrouve en position de force pour relancer les négociations avec ses conditions ou, au contraire, accélérer discrètement sa transition vers le nucléaire militaire, s'il est considéré par Téhéran comme seule garantie de sécurité face à des menaces existentielles.
Sur le plan militaire israélien
Habitué à affronter des groupes non étatiques comme le Hezbollah ou le Hamas, Israël découvre les limites de sa stratégie face à un État organisé, disposant de moyens balistiques conséquents. L’option militaire perd de son attractivité stratégique, et la confiance dans les systèmes d’alerte précoce et de défense est sérieusement entamée.
Sur le plan des pertes humaines et matérielles
Malgré une communication strictement contrôlée par Tel-Aviv, de nombreux observateurs remettent en question le bilan humain en raison de l’ampleur des dégâts. L'étendue des destructions à Haïfa, Tel-Aviv ou Beersheba , associée aux indemnisations civiles et au coût des interceptions, pèsera lourdement sur l'économie israélienne, même avec le soutien américain.
Sur le plan de la politique intérieure israélienne
#Netanyahou a momentanément renforcé sa position en détournant l’attention de ses ennuis judiciaires et à se maintenir au pouvoir. Mais l’opinion publique, d’abord favorable à l’attaque, pourrait basculer face aux limites révélées par la riposte iranienne. La paix avec les voisins s'imposera désormais comme une option crédible.
Sur le rapport de force régional
Cette confrontation aura des effets durables sur l’équilibre régional. Les États arabes observeront avec attention la capacité d’un État comme l’Iran à tenir tête militairement à Israël. Cela pourrait redessiner les alliances, refroidir certaines normalisations diplomatiques, et réactiver des dynamiques de dissuasion nucléaire au #Moyen-Orient.
Sur le plan du droit international
L’agression israélienne contre l’ #Iran, sans justification reconnue par le droit international, viole la Charte des Nations unies. Pourtant, les États occidentaux n’ont ni condamné cette action ni rappelé les principes de souveraineté. En invoquant une « guerre préventive » — non reconnue juridiquement — pour justifier l’attaque, ils valident un double standard. Or selon leur propre définition, les États qui ne respectent pas le droit international sont qualifiés d'«États voyous».
Chaque message de Van der Leyen est une raison de quitter l'UE
Commentaire peu politiquement correct de Hal Turner, qui a posté cette chose imprimée par la Présidente (non élue) de la C.E. : "La Gauleiter Ursula von der Führer annonce simultanément que l'Iran ne doit jamais se doter de la bombe (même s'il n'existe aucune preuve qu'il tente d'en fabriquer une), et affirme que le droit international doit être respecté et que l'Iran doit s'engager dans une solution diplomatique crédible.
Ceci après que l'Iran a déjà été bombardé sans déclaration de guerre à deux reprises au cours des dix derniers jours, sans mentionner toutes les frappes aériennes qu'il a subies, ses hôpitaux et ses ambulances délibérément ciblés, et après avoir tenté de négocier uniquement pour que les autres parties bombardent leurs diplomates et attaquent leur territoire pendant les négociations. C'est une chose pour von der Leyen d'être un serpent nazi, une escroc corrompu et une menteuse congénitale, mais ici, avec son message, nous atteignons de nouveaux sommets de schizophrénie."
Isra(h)ël(l) refuse de signer le traité de non prolifération un lanceur d'alerte israélien a fait 18 ans de prison et maintenant il lui est interdit de quitter le territoire ( voir sur investig'action) les médias main stream aux mains des milliardaires s'alignent sur Israël et les médias publics ne font pas mieux(il n'y a plus de distanciation comme le faisait Charles Anderlin), seuls quelques médias indépendants et privés (comme la dépêche par exemple) ont un autre regard
C'est juste.... Et quand les médias, la Hyène, Potichon et Mersatz, et autres affirment qu'"Israël a le droit de se défendre", ça vérifie encore une fois que "dans un monde réellement renversé, le vrai est un moment du faux", comme l'avait déclaré Guy Debord. La tautologie évidente "Israël a le droit..." est l'once de vérité théorique noyé dans l'odieuse réalité de l'aggression permanente, du génocide et de la dictature régionale que poursuit Israël, tous événements dont les prémisses ont pu être perçu en 1948. D'ailleurs, un lord anglais qui voulait s'assurer des faits et recadrer les israeliens tous neufs s'est fait assassiner.... Mais comme l'UE, les milliardaires serrent trop fort et toujours les mêmes. Ils sont en train de scier les forces vives, les enthousiasmes, les dynamiques sociétales dont ils se repassaissent, en vrais vampires qu'ils sont. Et ça va les tuer, pour peu qu'on les aide un peu à se péter la gueule.
Il y a un élément qui nous échappe; et qui tourne en notre faveur; c'est leur "trop-plein" de fric qui commence à leur poser problème. Le fric finit par puer la mort. C'est des soucis. Bien sûr il y a du pouvoir mais ce pouvoir rend malade... Il faut s'en rendre compte sinon on ne perçoit pas notre victoire...
Israelis are flocking to Cyprus like it was promised to them in a 3,000 year old book. Cypriots are freaking out about the loss of sovereignty as Zionists buy up huge chunks of real estate, in case they lose occupied Palestine. It could be a matter of time until Cypriots are forced out of their homes into concentration camps and called "antisemites" for objecting. The world let Zionists get away with this once so don't doubt it would let it happen a second time.
Péonia on X: La prophétie de Todd sur la guerre en Ukraine: pourquoi la Russie a déjà gagné et pourquoi l'Europe s'autodétruit.
via Strategic Culture
📍Il y a des voix qui, dans le grand fracas de l’histoire, murmurent des vérités que personne ne veut entendre. Et puis, il y a celle d’Emmanuel Todd. Historien, démographe, essayiste, Todd n’est pas un commentateur ordinaire. C’est l’homme qui, en analysant les taux de mortalité infantile et les structures familiales, a prédit l’effondrement de l’Union soviétique alors que tous la croyaient éternelle. Un « détective de la démographie » capable de discerner les fissures profondes sous la surface des empires.
Aujourd’hui, cette voix s’exprime à nouveau, avec une clarté brutale qui ébranle nos certitudes. Dans une récente interview explosive accordée à la presse germanophone, Todd ne mâche pas ses mots. Le sujet est la guerre en Ukraine, mais son analyse va bien au-delà du champ de bataille. Elle parle de nous. De notre avenir. Sa thèse, simple et terrifiante, est la suivante : la Russie a gagné la guerre, et l’Occident, perdu dans un labyrinthe d’illusions, ne s’en est même pas rendu compte. Il ne s’agit pas de l’opinion d’un « idiot utile » du Kremlin, comme il s’attend lui-même à être qualifié. C’est le diagnostic implacable d’un médecin observant son patient – l’Europe – s’infliger des blessures mortelles, persuadé de lutter pour son salut. C’est un voyage au cœur des ténèbres de notre époque, une analyse que nous devons avoir le courage d’écouter.
📍Le choc de la normalité : un voyage à Moscou
Pour comprendre le raisonnement de Todd, il faut commencer par là : Moscou. Invité à une série de conférences, l’intellectuel français s’attendait à trouver une capitale assiégée, écrasée par les sanctions et le poids d’une guerre totale. Au lieu de cela, il a vécu ce qu’il appelle un « choc de normalité ».
Imaginez la scène. Les rues grouillent de vie, les regards rivés sur les smartphones. Les magasins sont pleins, les paiements s’effectuent par carte bancaire, les trottinettes électriques filent comme à Paris. Todd relève un détail presque comique, mais révélateur : « La grande différence, c’est que tous les escalators et ascenseurs fonctionnaient. » Ce n’est pas l’image d’un régime au bord de l’effondrement. C’est celle d’un pays qui a absorbé le choc, s’est réorganisé et continue de vivre. Cette « normalité » n’est pas anecdotique, mais constitue le premier pilier de sa thèse. Alors que l’Ukraine mène une guerre existentielle pour sa survie, pour la Russie, il s’agit d’une opération stratégique qui, malgré un coût humain terrible, n’a pas déstabilisé le cœur du système. Les sanctions, selon Todd, ont même eu un effet paradoxal : elles ont contraint Poutine à mettre en œuvre des mesures d’autarcie économique et à renforcer des liens commerciaux alternatifs, des politiques qu’il n’aurait jamais pu imposer en temps de paix. La Russie s’est adaptée.
📍L’Occident, en revanche, semble avoir perdu le contact avec la réalité.
L’Apocalypse comme révélation : la défaite de l’Amérique et le déclin de l’Occident Quand Todd affirme que la Russie a gagné la guerre, il ne parle pas d’un défilé triomphal à Kiev. Son analyse est stratégique. L’objectif premier des États-Unis, explique-t-il, était d’utiliser l’armée ukrainienne comme un intermédiaire pour infliger une défaite stratégique à Moscou, l’affaiblir et provoquer son effondrement. Ce plan a échoué. Consciente de l’impossibilité de faire plier la Russie sur le terrain, l’Amérique a changé de cap et déclaré une guerre commerciale ouverte à la Chine. Pour Todd, c’est là le véritable tournant. C’est le début de l’Apocalypse, non pas au sens de la fin du monde, mais dans son acception biblique originelle : une « révélation ». La guerre en Ukraine a mis au jour une vérité cachée : la puissance américaine n’est plus absolue.
Les arsenaux se vident, la capacité de production militaire est en difficulté, et le contrôle du système financier mondial commence à vaciller.
Dans ce grand jeu, l’Europe est la véritable victime, la véritable perdante. Ses dirigeants, de Macron à Merz, s’agitent, promettent des armes, prononcent des discours enflammés, mais n’ont aucun poids dans la conduite de la guerre. « Ils sont les marionnettes des Ukrainiens et des Américains », assène Todd, « mais ils n’ont pas encore compris que la guerre est perdue. » Ils fournissent armes et argent, mais sont exclus des décisions importantes. Ils rêvent de poursuivre une guerre que d’autres ont déjà décidé d’abandonner.
📍L’envie de suicide : le psychodrame d’une Europe à la dérive
C’est ici que l’analyse de Todd devient plus sombre et plus inquiétante. Observant l’Europe de l’extérieur, il perçoit les signes d’une pathologie profonde, une sorte de folie collective qu’il décrit par une expression glaçante : « une soif de suicide » (Sehnsucht nach Selbstmord). Il ne s’agit pas d’une exagération, mais d’un diagnostic étayé par des décisions politiques qui semblent inexplicables, sinon comme des actes d’automutilation :
• Des sanctions contre la Russie qui ont porté bien plus de préjudice à l’industrie européenne qu’à l’industrie russe.
• La décision de l’Allemagne d’abandonner l’énergie nucléaire en pleine crise énergétique, qualifiée d’« absurde » par Todd.
• Le renoncement volontaire au gaz russe bon marché, pilier de la compétitivité industrielle allemande, sans plan B durable.
Pour Todd, ce n’est pas de la politique. C’est une « maladie des classes dirigeantes », une élite qui a perdu tout sens des réalités et des responsabilités, prisonnière d’un moralisme abstrait qui la pousse à prendre des décisions contraires à ses propres intérêts vitaux. C’est un continent qui, sous couvert de défendre des valeurs pacifistes, prolonge une guerre sanglante. Un paradoxe révélateur d’une profonde crise identitaire.
📍L’ombre de l’Allemagne : le danger que nous refusons de voir
Si l’Europe est la grande perdante, l’Allemagne en est le cœur problématique. L’analyse de Todd sur le rôle de l’Allemagne est peut-être la partie la plus originale et la plus alarmante de son entretien. Selon lui, l’Allemagne a perdu sa souveraineté. Le silence assourdissant de ses institutions et de ses médias sur le sabotage de Nord Stream en est la preuve la plus flagrante. « L’Allemagne est à nouveau un pays occupé », affirme-t-il, « et sa véritable capitale est Ramstein », la plus grande base aérienne américaine en Europe.
Mais c’est l’avenir qui l’inquiète le plus. L’idée, portée par le nouvel establishment politique allemand (incarné par Friedrich Merz), de construire « l’armée la plus puissante d’Europe » est perçue par Todd comme un acte d’« irresponsabilité historique ». Pourquoi ? Parce que, contrairement à la France ou à la Grande-Bretagne, l’Allemagne dispose d’un immense potentiel industriel. Si ce potentiel était mis au service d’un réarmement massif, la perception de la menace en Europe changerait radicalement.
Todd rappelle un fait historique que l’Occident semble vouloir oublier : l’Allemagne est responsable de la mort de 25 millions de Russes pendant la Seconde Guerre mondiale. Que l’Allemagne, plus que quiconque, envisage aujourd’hui de se réarmer contre la Russie est un fait qui ne passe pas inaperçu à Moscou. Face à ce qu’elle perçoit comme une menace existentielle, la doctrine militaire russe prévoit le recours à des armes nucléaires tactiques. Le scénario cauchemardesque de Todd va encore plus loin. Il craint que, sous couvert d’un antifascisme de façade, l’Allemagne n’adopte des méthodes illibérales contre la dissidence interne, à l’image de l’AfD. Sa vision est terrifiante : une Europe où, bientôt, les Français et les Polonais pourraient redouter davantage les Allemands que les Russes. La fin de la mondialisation et le retour de l’histoire. Tout cela – la guerre, la crise européenne, le réarmement allemand – ne sont pas des événements isolés. Ils sont les symptômes d’un processus bien plus vaste : la fin de la mondialisation. Le mythe d’un monde plat, sans frontières, où les cultures sont interchangeables et où seul le marché compte, s’effondre sous nos yeux.
Le Brexit, Trump et le succès des forces populistes en Europe ne sont pas des accidents, mais la preuve que les peuples veulent redevenir eux-mêmes. « Il s’avérera que les gens sont très différents », affirme Todd. « Les Italiens sont italiens, et les Français sont français. » Cette « implosion de la mondialisation » est la deuxième Apocalypse, la deuxième révélation : le retour des nations, avec leurs identités, leurs intérêts et leurs peurs ancestrales. Et cela, prévient-il, pourrait conduire à l’effondrement de l’Union européenne.
Qu’est-ce que cela signifie pour l’avenir ? Cela signifie que la Russie ne fait plus confiance à l’Occident et ne croit plus aux traités. Poutine, selon Todd, poursuivra ses objectifs stratégiques : la conquête de toute l’Ukraine orientale jusqu’au Dniepr, y compris Odessa, pour sécuriser la flotte russe, et la neutralisation complète de ce qui reste de l’État ukrainien. Les thèses d’Emmanuel Todd sont dérangeantes.
Provocatrices. Pour beaucoup, inacceptables. Mais la question n’est pas de savoir si elles nous plaisent. La question est : et s’il avait raison ? Et si, avec notre présomption morale et notre aveuglement stratégique, nous étions les artisans de notre propre ruine ? Ignorer son analyse est un luxe que nous ne pouvons peut-être plus nous permettre.
Ci sono voci che, nel grande frastuono della storia, sussurrano verità che nessuno vuole ascoltare. E poi c’è la voce di Emmanuel Todd. Storico, demografo,…
Also abgesehen davon, dass niemand Bock auf Baustellen hat, hätte ich kein Problem mit einer Stromtrasse in der Nähe. Wäre definitiv leiser und weniger geruchsintensiv als die Kuhwiese um die Ecke.
Un rapport publié par Harvard révèle que d'après les données fournies par Tsahal, environ 377 000 Gazaouis auraient disparu entre octobre 2023 et juin 2025. Un chiffre glaçant, qui confirme l'ampleur du génocide en cours à Gaza.
Le très regretté Bernard Stiegler explique dans cette vidéo que la prolétarisation c'est le moment où le savoir est externalisé dans des machines, et où l'opérateur devient un prolétaire asservi par le propriétaire de la machine.
If you're making music that can even obliquely be considered "protest music," I'd love to help you get it out there by mixing and mastering for cheap (or even free, depending on your financial circumstances).
Art made by conscientious people is very good for the world.
I've already mixed and mastered one protest song from a mutual here on fedi. 😀 Allow me to help, if you need. Send me a DM or find my email from my website.
La Ville de Lyon va progressivement remplacer la suite Microsoft par des logiciels bureautiques libres, dont « Only Office pour la bureautique, ainsi que Linux et PostgreSQL pour les systèmes et bases de données ».
La Ville de Lyon va progressivement remplacer la suite Microsoft par des logiciels bureautiques libres, dont « Only Office pour la bureautique, ainsi que Linux et PostgreSQL pour les systèmes et bases de données ».
@Emmanuel Florac Truth be known, I've only ever used Microsoft or any propriety software for only a brief four year period. Ever since then I've gone my own way, using free and open source software. I like to learn, so I'm not intimidated, nor frustrated when it's time to fix or make things work. Plus it gives one the perception of being in control. If there is such a thing, as being in control.
@Carter Braxton I've used Microsoft at work in the 90s, but already in 1996 I was interested in OS/2, then discovered Unix (IRIX then). I've installed my first Linux in 1997, and I ditched my last Windows gaming machine in 2003.
Russian Federation Council Speaker Konstantin Kosachev told RT that Iran has repeatedly stated its commitment to non-proliferation and there's still no proof Tehran is developing nuclear weapons despi...
i don't think enough people realize that when you make a phone call to someone else, the other phone literally stops what it is doing and makes a noise and shakes, it's very distracting, please do not make phone calls
@drchaos In fact, I keep my smartphone turned off unless I explicitly need it for a specific purpose. I check for important email, vm, etc. at intervals.
@nanook @ernestoDuracelli @lauren I cannot talk for the op, but I'm not buying a tablet because they are way too big for me.
Unfortunately my 7" tablet has a bad battery and is... ancient (for such a device, and slow, and actually an Intel device). The thing is that size is an issue. Phones are getting too big to put in my pockets, and tablets are too big. Maybe I'll convert an e-reader (or actually get a cheap phablet). Though a tablet would just be a "nice to have" now.
'At least 46 people waiting for aid have been killed by Israeli fire in two incidents in central and southern Gaza, according to rescuers and hospitals.
UN agencies have condemned the US and Israel-backed food distribution system, with one official calling it "an abomination" and "a death trap".'
okay, still kind of stuck on the iran israel war, bc fog of war and censorship and media bias makes it hard to fill in some of the blanks...
the palestine chronicle published this article with a photo that is allegedly a screen grab from a photo of the iranian attack on al-udeid air base in qatar.
from whati saw reportrd, no missiles landed in qatar, they were all destroyed in the air. Also, that is a distinctive skyline, maybe compare it with a search to verify where it was. I remember a drone strike landing in a former american base in iraq.....
@doublemonkeyfun thats definitely not iraq. both trump and qatar said one missile landed, the iranians claimed 6. so i think 1 hitting is fair to assume.
it might be somewhere outside the middle east if the skyline doesn't match qatar. Some people were posting images from the ukraine claiming it was iran.
they're usually good. it's a small entity. i don't think malice or disinformation is at play here, and literally all outlets have shared some type of crap in the past. that being said, always double check important information.
As Prime Minister, Rutte was known for forgetting things ('I do not have an active memory of that') and for deleting text messages from his phone ('It does not have enough memory').
There are people here defending Rutte, saying flattery is needed to keep Trump 'on our side'. For me, there are legal and moral limits to such tactics, and ignoring international law is one of those. Also, when you keep telling a bully he's the greatest, he'll take his bullying to the next level.
Blowing up NATO's foundation, right before its Summit:
"Trump refused to give a clear commitment to NATO’s Article 5 — its collective defense clause — as he departed for The Hague, raising fresh concerns about his stance on one of NATO’s core princi…
Further making a fool of himself & NATO, and emboldening the bully, Rutte now called Trump 'daddy'...
Your daddy supports genocide, bombs Iran while negotiating, betrays Ukraine, holds razzias in the US, ignores Supreme Court rulings, kills climate action. Get a spine.
• Subscribe to ITV News on YouTube: http://bit.ly/2lOHmNj • Get breaking news and more stories at http://www.itv.com/newsFollow ITV News on TikTok https://ww...
Dutch media frame Rutte's shameful behavior towards Trump ("We really loved your bombs on Iran, daddy!") as successful. Because European NATO members agreed they'll spend "5%" of GDP on defense (let's wait and see) and Trump firmly recommitted to Article 5 (in your dreams).
I don't think many of former Trump employees or collaborators who did his dirty work can boast that he stood by them when their dirty hands landed them in trouble. So getting him on our side won't help us on the long term, probably not even in the short term.
this is absolutely insane. we absolutely must free ourselves of US protection, we cannot be dependent on sending that kind of narcissistic bait to a madman for survival.
this is clearly sarcasm that mocks the infantile American President, so explicitly that it would be obvious to an average person, but he will be too simple and too narcissistic to appreciate. Right?
The other option, Trump made up the message and Rutte didn't have the guts to tell the word Trump is a liar (that may break up NATO), could also be true.
Especially as we know Rutte has a hard time having 'active memories' of facts.
I hope mark rutte’s apple get poisoned and his bike stolen. What’s next? Mark driving a Tesla. Not with the text “ I bought this before Elon went crazy” but with the text “proud to be fucked up the ass by trump”
Stephen Miller, the influential Trump administration aide behind its hardline immigration policies, holds a substantial financial stake in Palantir Technologies — a key tech contractor for U.S. Immigration and Customs Enforcement — raising new ethics questions, according to a report published Tuesday by the Project on Government Oversight.
They don’t sell seeds. They don’t own tractors. They don’t run warehouses or ship grain. But BlackRock, Vanguard and State Street are among the most powerful actors in global agriculture. Together,…
A suspected fed. agent is seen exiting a Dodge Charger @ an intersection & pointing his gun @ members of the public. Acc. to #Pasadena officials, the vehicle's license plate is a "cold plate," or untraceable, which is typically used by law enforcement in undercover criminal operations. "One question is this a law enforcement agent or someone pretending to be a law enforcement agent, & there is no good answer" (Mayor Gordo).
Local police have little or no insight into where the federal enforcement actions are taking place. In some cases, local cops have been mistaken for federal ...
Like I've been saying, and now elected officials are saying it, we can't tell that they're police officers? How do we know they're not faking it? And if we don't know if they are or not, are we not obligated to assume they aren't cops and stop it?
This really is the end of trust in law and order for what might be a sufficiently critical mass to start the process of abolition
Tucker Carlson's recent interview with Ted Cruz surprised many with his strong critique of the U.S.-Israeli alliance. But Carlson's "woke right" view has a long history in conservative politics and should not be mistaken for Palestine solidarity.
Tucker Carlson’s recent interview with Ted Cruz surprised many with his strong critique of the U.S.-Israeli alliance. But Carlson’s “woke right” view has a long history in conservative politics and should not be mistaken for Palestine solidarity.
European countries have based their social stability on the low cost of energy and know it will all fall apart if oil/gas spikes and blows it all to pieces. Is so, Syria might look like a kids party compared to civil disorder in EU, with population density as it is.
Supertramp have such a unique sound and have created tons of amazing hits and we LOVE The Logical Song written and sung by the amazing Rodger Hodgson. We lea...
Attached: 1 image
NATO boss Rutte (fmr Dutch PM) sends app to Trump, who promptly publishes it.
"Wow, your bombing of Iran was great; it makes the world a safer place!"
Straight from The Hague, formerly known as the International City of Peace an…
can we kick the Dutch out of Europe yet or do we need another ten years of them responding to any debate by saying that southern and eastern Europeans are lazy because we have inferior genes?
If you’ve fallen victim to a fake investment platform and thought your money was gone for good, don’t give up just yet. I was in that exact position — until I came across Mrs. Adelynn Richardson. Thanks to her expertise, I was able to r°e°c°o°v°e°r my lost funds. She’s helped many others too, and I highly r°e°c°o°m°m°e°n°d reaching out if you need support. Contact her on W°h°a°t°s°A°p°p at +1 (820) 201-7380.
#Smooth-Operator by @SadeSME performed by The #Graystones (4 min) March 14, 2025 #TheGraystones #music #video We love Sade... and Smooth Operator is such an iconic song. Her voice is so effortless and silky and the groove is great. We worked really hard on this song to get it right. We hope you enjoy it!
(We wanted to say that the audio in our live performances is overwhelmingly live and, on many videos, is 100% live. To some select songs, we may add layers of sound, such as harmonies or string parts. But the original live sound as the foundation for our videos, and then we might decide to add/replace some parts, if we feel it would help to bring the song even closer to the original that we’re honoring - but always in service of the art! With love, The Graystones)
We love Sade... and Smooth Operator is such an iconic song. Her voice is so effortless and silky and the groove is great. We worked really hard on this song ...
Rep. Al Green (D-Texas) filed an article of impeachment against President Trump on Tuesday, accusing the president of failing to notify or seek authorization from Congress before the U.S. launched strikes on three Iranian nuclear sites over the weekend.
The resolution alleges “abuse of presidential powers by disregarding the separation of powers—devolving American democracy into authoritarianism by unconstitutionally usurping Congress’s power to declare war.”
“President Trump’s unilateral, unprovoked use of force without congressional authorization or notice constitutes an abuse of power when there was no imminent threat to the United States, which facilitates the devolution of American democracy into authoritarianism,” Green’s resolution reads.
Congress has the sole power to “declare war” under the Article 1 of the U.S. Constitution. Presidents of both parties have struck adversaries without approval from the legislature.
Pretty easy to argue this comes under 'official duties' too. Surely there's a thousand other reasons he could be impeached that would stick.
I agree they'll never get the votes to pass anything, but they should keep doing it anyway. Flood the zone back at these arseholes and put them on the back foot.
Senate rules process strips SNAP cuts, other GOP priorities from ‘big, beautiful bill’ tucsonsentinel.com/nationworld… U.S. Senate Democrats have succeeded in eliminating more than a dozen policy changes from Republicans’ “big, beautiful bill” after successfully arguing that the elements didn’t comply with the strict rules that go along with writing a budget reconciliation bill. #Tucson #Arizona
U.S. Senate Democrats have succeeded in eliminating more than a dozen policy changes from Republicans’ “big, beautiful bill” after successfully arguing that the elements didn’t comply with the strict rules that go along with writing a budget reconcil…
In Gaza, death is no longer an event... It's a daily routine. We passed through the cemetery's door 600 times, and returned bearing new names for mourning.
VessOnSecurity
in reply to Kevin Beaumont • • •cybernerd
Unknown parent • • •JaxxAI
Unknown parent • • •Simon B
Unknown parent • • •Kevin Beaumont
in reply to Kevin Beaumont • • •I'm going to make this the new ongoing megathread for DragonForce Ransomware Cartel's attack on UK retailers as they're all connected.
Why it matters: these are some of the UK's largest retailers, think Target or some such in a US sense.
Prior threads
M&S: cyberplace.social/@GossiTheDog…
Co-op: cyberplace.social/@GossiTheDog…
Harrods:
cyberplace.social/@GossiTheDog…
Kevin Beaumont (@GossiTheDog@cyberplace.social)
CyberplaceKevin Beaumont
in reply to Kevin Beaumont • • •The individuals operating under the DragonForce banner are using social engineering for entry.
Defenders should urgently make sure they have read the CISA briefs on Scattered Spider and LAPSUS$ as it's a repeat of the 2022-2023 activity.
Links: cisa.gov/sites/default/files/2…
cisa.gov/sites/default/files/2…
I would also suggest these NCSC guides on incident management: ncsc.gov.uk/collection/inciden…
and effective cyber crisis comms: ncsc.gov.uk/guidance/effective…
🌱 Ligniform
in reply to Kevin Beaumont • • •VessOnSecurity
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Co-op Group have now admitted a significant amount of member (customer) information has been stolen by DragonForce Ransomware Cartel, saying they "accessed data relating to a significant number of our current and past members" - around 20 million people. The Membership database, basically. That includes home addresses and phone numbers etc.
Up until now Co-op hadn't even used the words cyber or threat actor, referring to an "IT issue" and "third party" in comms.
bbc.co.uk/news/articles/crkx3v…
Co-op DragonForce cyber attack includes customer data, firm admits
Joe Tidy (BBC News)Linus Lagerhjelm
in reply to Kevin Beaumont • • •for someone who is unfamiliar with the UK retail market, do you happen to know if Co-op is at all related to the Swedish company Coop that suffered from a major ransomware attack a couple of years ago?
bbc.com/news/technology-577075…
Swedish Coop supermarkets shut due to US ransomware cyber-attack
Joe Tidy (BBC News)Kevin Beaumont
in reply to Kevin Beaumont • • •New by me - breaking down the attacks on UK highstreet retailers
doublepulsar.com/dragonforce-r…
DragonForce Ransomware Cartel attacks on UK high street retailers: walking in the front door
Kevin Beaumont (DoublePulsar)Tryst 🏴
in reply to Kevin Beaumont • • •Third spruce tree on the left
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Regarding IOCs around the UK retailer activity - there’s loads doing the rounds, and they’re almost all not useful.
Eg hundreds of dynamic VPN IPs from 2022. If you google them you’ll find them on vendor blogs from years ago for Scattered Spider - people are recycling in panic and passing around in panic.
Don’t hunt on random IOCs. IP addresses change. Strengthen foundational controls. Review sign in logs for abnormal activity etc.
Dave 🐶
in reply to Kevin Beaumont • • •Snoop
in reply to Kevin Beaumont • • •Orgs need to review their password reset process, share awareness to individuals who conduct password reset requests (IT helpdesk).
No IOC will help you identify social engineering activity.
Kevin Beaumont
in reply to Kevin Beaumont • • •Kevin Karhan
in reply to Kevin Beaumont • • •groff
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Bleeping Computer have more on the Co-op breach bleepingcomputer.com/news/secu…
#threatintel #ransomware
../../nyanbinary
in reply to Kevin Beaumont • • •steeznson
in reply to Kevin Beaumont • • •UK cyber security at private firms tends to be very poor on average but social engineering remains the hacker's most effective tool.
Slack and Teams access in particular seems like a large attack vector. I believe the Twitter hack a few years back - when it was Twitter - was facillitated by superuser creds being pinned to a slack channel.
Kevin Beaumont
in reply to Kevin Beaumont • • •One of M&S’ biggest suppliers have said they have reverted to pen and paper for orders due to M&S lacking IT.
Additionally, M&S staff are raising concern about how they will be paid due to lack of IT systems.
M&S are over a week into a ransomware incident and still don’t have their online store working.
bbc.com/news/articles/cvgnyplv…
#threatintel #ransomware
M&S supplier back to pen and paper after cyber attack
Emma Simpson (BBC News)vampirdaddy
in reply to Kevin Beaumont • • •Rebuilding business is prioritised by importance. If the online shop is a small side hustle compared to the brick&mortar ones (or is much slower), then it’s lower priority.
Communicating the current status and expected progress is better, builds trust.
Wages usually are handled as lump payment, i.e. the same sum as last mont - and corrected later when the HR systems are back online.
The incidence response team should cover IT forensics, BCM and communication.
rickf
in reply to Kevin Beaumont • • •@metacurity
Mr. Rumbold is sure going to be busy…
penguin42
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Mark Shane Hayden
in reply to Kevin Beaumont • • •🌬️
in reply to Kevin Beaumont • • •Dave 🐶
in reply to Kevin Beaumont • • •Tom DB 🦣
in reply to Kevin Beaumont • • •0xC0DEC0DE07E9
in reply to Kevin Beaumont • • •Pongolyn
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Here's the ITV News report anyhoo, logline: "ITV News understands the the ongoing cyberattack faced by the supermarket has worsened since Friday, impacting the ordering system, drivers and warehouse staff."
itv.com/news/2025-05-03/worsen…
AnneH
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Sunday Times has a piece looking into ransomware incident at Marks and Spencer. It's pretty good, goes into their contain and eradicate focus.
"By shutting down parts of the IT estate, Higham’s team had worked to prevent the attack from spreading, but had also stopped parts of its digital operations from functioning. This was considered a worthy trade-off."
One error in the article - lack of recovery doesn't mean no ransomware paid. Paying is not quick restoration.
thetimes.com/business-money/co…
Icare4America reshared this.
Kevin Beaumont
in reply to Kevin Beaumont • • •Big Game Ransomware: the myths experts tell board members
Kevin Beaumont (DoublePulsar)Kevin Beaumont
in reply to Kevin Beaumont • • •Great NCSC piece by @ollie_whitehouse
I’d add - block by Entra policy specifically High risk logins (below is too FP prone), and SOC monitor them. SOC playbook = account probably compromised. How?
ncsc.gov.uk/blog-post/incident…
Kevin Beaumont
in reply to Kevin Beaumont • • •Sky News quote a source in M&S head office saying Marks and Spencer have no ransomware incident plan so they are making it up as they go along apparently, with staff sleeping in the office and communicating via WhatsApp.
M&S dispute this, saying they have robust business continuity plans.
news.sky.com/story/amp/mands-h…
M&S 'had no plan' for cyber attacks, insider claims, with 'staff left sleeping in the office amid paranoia and chaos'
Tom Cheshire (Sky News)Kevin Beaumont
in reply to Kevin Beaumont • • •Beware phony IT calls after Co-op and M&S hacks, says UK cyber centre
Joe Tidy (BBC News)Kevin Beaumont
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Co-op Group appear to be trying to course correct with their cyber incident comms.
They’re calling it a cyber incident now, and have put a statement on the front page of their website, along with an FAQ. They haven’t yet emailed members (they should). Edit: they’ve started emailing members.
coop.co.uk/cyber-incident
Pardon Our Interruption
www.coop.co.ukKevin Beaumont
in reply to Kevin Beaumont • • •Co-op shops stop taking card payments amid cyber attack
Daniel Woolfson (The Telegraph)Kevin Beaumont
in reply to Kevin Beaumont • • •People are also taking to social media to post pictures of apparently emptying store shelves.
The Co-op website claims it is down to "technical issues".
Kevin Beaumont
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Co-op Group are redirecting supplies from their urban stores to remote and island locations due to stock shortages.
The article mentions their EDI platform is suffering “technical issues”. retailgazette.co.uk/blog/2025/…
Co-op reroutes stock to rural stores amid cyber attack disruptions - Retail Gazette
Georgia Wright (Retail Gazette)Kevin Beaumont
in reply to Kevin Beaumont • • •I just did a Shodan Safari on Co-op - basically all their Windows and Linux systems in their core DCs at network boundary are down, it's not just EDI. It's been like that for just under a week, prior to that things were still online.
I feel really bad for them as it's a great org. Also their CEO is basically the only one who stood up like this for trans people.
telegraph.co.uk/business/2025/…
Co-op boss vows to ‘protect trans people to the end’
Hannah Boland (The Telegraph)Kevin Beaumont
in reply to Kevin Beaumont • • •If you're wondering about Marks and Spencer - I just did a Shodan Safari of their network boundary, Palo-Alto GlobalProtect VPN remote access access is still offline, 15 days later.
Online orders are still not working, and the store stock checker is disabled now.
Kevin Beaumont
in reply to Kevin Beaumont • • •Co-op pauses deliveries of non-essential items amid cyber attack - Retail Gazette
Eloise Hill (Retail Gazette)Kevin Beaumont
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •M&S online shopping outage enters third week
Sabina Weston (Drapers)Kevin Beaumont
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •The Grocer reports 4 regional Co-ops, who aren’t part of Co-op Group, are suffering stock shortages as they are supplied by Co-op Group.
They expect customers to start to see availability issues on shelves in the coming days.
thegrocer.co.uk/news/co-op-soc…
Co-op societies hit by availability issues amid cyberattack
Alice Leader (The Grocer)Kevin Beaumont
in reply to Kevin Beaumont • • •For orgs looking for defence tips for the attacks on UK retailers, this blog from 2022 about the UK teenagers in LAPSUS$ has relevance.
As a plot twist - not documented anywhere online, but LAPSUS$ first attacks in 2021 were against UK high street retailers.
microsoft.com/en-us/security/b…
DEV-0537 criminal actor targeting organizations for data exfiltration and destruction | Microsoft Security Blog
Microsoft Threat Intelligence (Microsoft Security Blog)Kevin Beaumont
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Hack rocks Marks & Spencer bureau de change
John-Paul Ford Rojas (This Is Money)Kevin Beaumont
in reply to Kevin Beaumont • • •Co-op Group have provided some more detail about what it’s doing about remote lifeline stores (ones where they’re the main/only retailer on an island):
“From Monday, 12 of the most remote lifeline stores will receive treble the volume of available product, and another 20 lifeline stores will get double the volume.” bbc.com/news/articles/c071e7x8…
Co-op cyber attack: Islanders facing empty shelves say 'get the people fed'
Paul Ward and Lorna Gordon (BBC News)Kevin Beaumont
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Home
jobs.marksandspencer.comKevin Beaumont
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Fears 'hackers still in the system' leave Co-op shelves running empty across UK
Alexander Martin (The Record)Kevin Beaumont
in reply to Kevin Beaumont • • •Allianz leads cyber cover for M&S ransomware attack
Abbie Day (Insurance Insider)Kevin Beaumont
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •This ITV News report linking the Co-op and M&S breaches to SIM swapping is not accurate, no source given. itv.com/news/2025-05-12/sim-sw…
They also have a report today saying Co-op stores are restocked, which is also not accurate - that one is sourced from Co-op, but obviously doesn’t stack up to looking in Co-op stores.
Kevin Beaumont
in reply to Kevin Beaumont • • •If anybody is wondering, all of Marks and Spencer's Palo-Alto GlobalProtect VPN boxes are still offline, 3 weeks later. Pretty good containment method to keep attackers out.
Co-op's VDE environment is still down, too.
cyberplace.social/@GossiTheDog…
Kevin Beaumont (@GossiTheDog@cyberplace.social)
CyberplaceKevin Beaumont
in reply to Kevin Beaumont • • •M&S says personal customer data stolen in recent cyber attack
Michael Race & Joe Tidy (BBC News)Kevin Beaumont
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Co-op's AGM is this weekend, and M&S yearly results and investor contact are next week.
Gonna be awkward for different reasons, e.g. Co-op is member (customer) owned, so the people's data Co-op had stolen are effectively the shareholders and are invited.
Kevin Beaumont
in reply to Kevin Beaumont • • •CI Coop secures local supplies amid stock shortages
Caitlin Klein (BBC News)Kevin Beaumont
in reply to Kevin Beaumont • • •The Grocer reports Nisa and Costcutter are running out of fruit & veg, fresh meat and poultry, dairy products, chilled ready meals, snacks and desserts.
Nisa and Costcutter are supplied by Co-op Wholesale, which is dependent on Co-op Group.
“It’s really poor. I feel bad for them but what makes it worse is their hush-hush mentality about it. There’s no proper level of communication and we get random updates.”
Co-op Wholesale claim there are no problems. thegrocer.co.uk/news/nisa-and-…
Nisa and Costcutter hit by Co-op cyberattack stock shortages
Alice Leader (The Grocer)Kevin Beaumont
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Co-op Group have told their suppliers that "systemic-based orders will resume for ambient, fresh, and frozen products commencing Wednesday 14 May". They say forecasting system will still be impacted.
thegrocer.co.uk/news/co-op-to-…
Co-op to get systems back on track after cyberattack
Alice Leader (The Grocer)Kevin Beaumont
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •M&S cyber insurance payout to be worth up to £100mn
Laura Onita (Financial Times)Kevin Beaumont
in reply to Kevin Beaumont • • •Co-op Group say they have exited containment and begun recovery phase theguardian.com/business/2025/…
Marks and Spencer are still in containment
If you want figures for your board to set expectations in big game ransomware incidents, Co-op containment just over 2 weeks, M&S just over 3 weeks so far - recovery comes after.
In terms of external assistance, Co-op have Microsoft Incident Response (DART), KPMG and crisis comms. M&S have CrowdStrike, Microsoft, Fenix and crisis comms.
Co-op cyber-attack: stock availability in stores ‘will not improve until weekend’
Sarah Butler (The Guardian)Kevin Beaumont
in reply to Kevin Beaumont • • •The threat actor at Co-op says Co-op shut systems down, which appears to have really pissed off the threat actor. This was the right, and smart, thing to do.
While I was at Co-op we did a rehearsal of ransomware deployment on point of sale devices with the retail team, and the outcome was a business ending event due to the inability to take payments for a prolonged period of time. So early intervention with containment was the right thing to do, 100%.
bbc.co.uk/news/articles/cwy382…
'They yanked their own plug': How Co-op averted an even worse cyber attack
Joe Tidy (BBC News)Kevin Beaumont
in reply to Kevin Beaumont • • •Co-op External Career Section Careers
Co-op External Career SectionKevin Beaumont
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •M&S have finally told staff that data about themselves was stolen: telegraph.co.uk/business/2025/…
You may notice I said they had staff data stolen on May 9th in this thread.
M&S staff data stolen by hackers in cyber attack
Matthew Field (The Telegraph)Kevin Beaumont
in reply to Kevin Beaumont • • •For the record, the tools listed in this article aren't used by Co-op.
computing.co.uk/news/2025/secu…
The link in the article to Vectra Cognito AI has a Coop Sweden logo on it, and the Coop Sweden CISO is named. Coop Sweden is different company. Coop Sweden went on to have a ransomware attack that crippled the org, including point of sale, so I don't think it's a good sales point. Same with Silverfort.
Google AI has ingested the article and now uses it to claim Co-op Group use the tools.
Here are the cyber tools Co-op used to help defeat its recent ransomware attack
www.computing.co.ukKevin Beaumont
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •M&S chief executive faces £1.1mn pay hit after cyber attack
Laura Onita (Financial Times)Kevin Beaumont
in reply to Kevin Beaumont • • •The Times reports M&S were breached through a contractor and that human error is to blame. (Both M&S and Co-op use TCS for their IT Service Desk).
The threat actor went undetected for 52 hours. (I suspect detection was when their ESXi cluster got encrypted).
M&S have told the Times they had no “direct” communication with DragonForce, which is code for they’re using a third party to negotiate - standard practice.
thetimes.com/uk/technology-uk/…
Kevin Beaumont
in reply to Kevin Beaumont • • •M&S looks to be moving to reposition their incident as a third party failure, which I imagine will help redirect some of the blame (they present their financial results during the week to investors): bbc.co.uk/news/articles/cpqe21…
Both M&S and Co-op outsourced their IT, including their Service Desk (helpdesk), to TCS (Tata) around 2018, as part of cost savings.
M&S hackers believed to have gained access through third party
Emma Simpson (BBC News)Kevin Beaumont
in reply to Kevin Beaumont • • •There's nothing to suggest TCS itself have a breach btw.
Basically, if you go for the lowest cost helpdesk - you might want to follow the NCSC advice on authenticating password and MFA token resets.
I've put a 3 part deep dive blog series coming out probably next week called Living-Off-The-Company, which is about how teenagers have realised large orgs have outsourced to MSPs who follow the same format of SOP documentation, use of cloud services etc. Orgs have introduced commonality to surf.
Kevin Beaumont
in reply to Kevin Beaumont • • •M&S Hong Kong not responding to Privacy Commissioner's Office after online customer data breach
Tom Grundy (Hong Kong Free Press HKFP)Kevin Beaumont
in reply to Kevin Beaumont • • •"Cyber analysts and retail executives said the company had been the victim of a ransomware attack, had refused to pay - following government advice - and was working to reinstall all of its computer systems."
Not sure who those analysts are, but since DragonForce haven't released any data and M&S won't comment other than to say they haven't had any "direct" contact with DragonForce, I wouldn't make that assumption.
reuters.com/business/retail-co…
Kevin Beaumont
in reply to Kevin Beaumont • • •There's also a line in the article from an cyber industry person saying "if it can happen to M&S, it can happen to anyone" - it's ridiculous and defeatist given Marks and Spencer haven't shared any technical information about how it happened, other than to tell The Sunday Times it was "human error"
The Air Safety version of cyber industry would be a plane crashing into 14 other planes, and industry air safety people going "Gosh, if that can happen to British Airways it could happen to anybody!"
Kevin Beaumont
in reply to Kevin Beaumont • • •Tomorrow it’s one month since Marks and Spencer started containment, it’s also their financial results day.
Online ordering still down, all recruitment stopped, Palo-Alto VPNs still offline.
Kevin Beaumont
in reply to Kevin Beaumont • • •TCS have been linked to the Marks and Spencer breach, at least in part.
reuters.com/business/retail-co…
Kevin Beaumont
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •M&S cyber-attack disruption to last until July and cost £300m
Lucy Hooker (BBC News)Kevin Beaumont
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •The NCA has confirmed on the record that the investigation into the M&S and Co-op hack is focused on English teenagers. I could toot the names of the people I think they’ll pick up, but won’t.
bbc.co.uk/news/articles/ckgnnd…
M&S and Co-op hacks: Scattered Spider is focus of police investigation
Joe Tidy (BBC News)Kevin Beaumont
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Newk
in reply to Kevin Beaumont • • •Ivor Hewitt
in reply to Kevin Beaumont • • •Alda Vigdís
in reply to Kevin Beaumont • • •This stuff is brilliant. Based on e-paper and runs on Zigbee.
And they can raise the prices between you picking things off the shelf and going through the checkout and you'll have no proof that it was offered at a lower price.
Simon Zerafa
in reply to Kevin Beaumont • • •Brian Smith
in reply to Kevin Beaumont • • •Has been done since the ransomware incident.
Philip Johansson 🏴☠️💜
in reply to Kevin Beaumont • • •pssscht. Like that would ever happen lol
bbc.com/news/technology-577075…
Swedish Coop supermarkets shut due to US ransomware cyber-attack
By Joe Tidy (BBC News)ISO8601
in reply to Kevin Beaumont • • •e-paper price labels are apparently extremely common in mainland Europe. The UK is extremely slow to adopt things like this.
*In theory*, during an incident, the labels would remain as-is until they receive a new price. So TAs would specifically need to target the pricing database prior to wiping.
b3lt3r
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •TCS has a security incident running around the M&S breach.
Interestingly the source claims TCS aren't involved in Co-op's IT - which is categorically false, they took over most of it while I worked there, including the helpdesk, and my team (SecOps) after I left.
ft.com/content/c658645d-289d-4…
Tata Consultancy Services carries out internal probe into M&S hack
Chris Kay (Financial Times)Dave 🐶
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Insurance Insider say Co-op Group have no cyber insurance policy.
It’s got the insurance industry hard as they think they can ambulance chase other orgs with it.
insuranceinsider.com/article/2…
M&S attacks could be the key to winning new cyber business
Abbie Day (Insurance Insider)AnneH
in reply to Kevin Beaumont • • •musevg
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •cybernerd
in reply to Kevin Beaumont • • •DragonForce actors target SimpleHelp vulnerabilities to attack MSP, customers
Sophos NewsJP
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •While Co-op have restored every customer facing system and internal systems like recruitment and remote working, M&S still don't even have recruitment back.
I'm reliably told they paid the ransom, so they'll be target #1 basically forever with other ransomware groups now due to resiliency woes and willingness to pay.
Otte Homan - remember Geordie
in reply to Kevin Beaumont • • •Alan Miller 🇺🇦
in reply to Kevin Beaumont • • •groff
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •bbc.co.uk/news/articles/c23mz5…
M&S boss's pay hits £7m before cyber attack chaos
BBC Newsfuzzyfuzzyfungus
in reply to Kevin Beaumont • • •VessOnSecurity
in reply to Kevin Beaumont • • •sigi714
in reply to Kevin Beaumont • • •Joel Michael
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •M&S staging walk-in recruitment open days amid cyberattack disruption
Steve Farrell (The Grocer)Jason Stuart
in reply to Kevin Beaumont • • •David Penington
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •This Daily Mail piece about security leaders thinking work-from-home means they will be crippled is horseshit, I'm not linking it.
They've taken a survey about how security people think their businesses couldn't survive ransomware, and linked it to working from home. WFH isn't the problem: business IT and resilience being built on quicksand is the problem.
SecureWaffle🧇
in reply to Kevin Beaumont • • •fuzzyfuzzyfungus
in reply to Kevin Beaumont • • •Looks like a product of the "a good lie contains as much truth as possible" school.
The connection to WFH is spurious; but only two thirds sounds low for "We don't really understand our problems; but they are probably apocalyptic".
fuzzyfuzzyfungus
in reply to Kevin Beaumont • • •The 'WFH' allegations seem in especially bad faith given the suspected entry point for the M&S compromise: the outsourced helpdesk.
Those guys are even more compliant labor than work-not-from-home employees, so the Daily Heil isn't going to say anything; but lack even the (informal; but in practice often at least reasonably effective) "does the IT person you just poked recognize who is interrupting with a password question?" ID verification step with onsite workers and onsite IT.
VessOnSecurity
in reply to Kevin Beaumont • • •Alun Jones
in reply to Kevin Beaumont • • •It wouldn't be the whole story either, but it's just as true.
Pino Carafa
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Co-op say they have largely completed recovery, and have removed the cyber attack banner and statement from their website
retailgazette.co.uk/blog/2025/…
I think they did a great job. They do call it a "highly sophisticated attack", which, frankly.. isn't true and may come out in open court later if the suspects are ever caught.
6 weeks from containment to "near full" recovery, for statto nerds like me who track this stuff.
Co-op nears ‘complete recovery’ from cyber attack - Retail Gazette
Aoife Morgan (Retail Gazette)Simon B
in reply to Kevin Beaumont • • •Jasper
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •M&S had their ransomware incident communicated via internal email - from the account of a staff member who works for TCS.
The way TCS work is you give them accounts on your AD.
bbc.co.uk/news/articles/cr58pq…
M&S hackers sent abuse and ransom demand directly to CEO
Joe Tidy (BBC News)fuzzyfuzzyfungus
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Marks and Spencer have started partial online shopping again.
For statto nerds, around 7 weeks from containment to partial recovery
bbc.co.uk/news/articles/c4gevk…
M&S restarts online orders after cyber attack
Michael Race (BBC News)Martin Seeger
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •TCS have told shareholders their systems were not compromised in the hack of M&S.
As an explainer here (not in the article): TCS IT systems weren't compromised. Their helpdesk service (they're AD admins at M&S) was used to gain access to M&S. They manage M&S IT systems.
reuters.com/business/media-tel…
Kevin Beaumont
in reply to Kevin Beaumont • • •Latest Marks and Spencer update is pretty crazy.
M&S haven't been able to supply sales data - so the British Retail Consortium (BRC) - used by the UK government as as economic indicator - basically made up figures for M&S and didn't tell people they had done this.
telegraph.co.uk/business/2025/…
Retail lobby group accused of M&S cyber cover-up
Hannah Boland (The Telegraph)Kevin Beaumont
in reply to Kevin Beaumont • • •Reddit - The heart of the internet
www.reddit.comEstiqaatsi
in reply to Kevin Beaumont • • •AnneH
in reply to Kevin Beaumont • • •fuzzyfuzzyfungus
in reply to Kevin Beaumont • • •I'd be very curious to know what the breakdown is between TCS dropping the ball and lying about it and M&S/Co-op not actually insisting on adequate procedure.
It's not terribly uncommon for people to only care about time-to-resolution with some lip service to user satisfaction when it comes to helpdesk metrics; and tacitly discourage things that are slow and unpleasant like hassling people for ID, at least until that becomes a visibly terrible idea.
RichBartlett
in reply to Kevin Beaumont • • •Simon Zerafa
in reply to Kevin Beaumont • • •"M-SThrowaway" might indicate M&S?
Or is that too obvious or deliberate obfuscation? 🙂🤷♂️
RootWyrm 🇺🇦
in reply to Kevin Beaumont • • •as someone who has been subjected to Tata on multiple occasions going back over a decade?
This isn't nearly spicy enough. I don't even describe them as a 'body shop' because they'd gladly route you to a corpse and try to charge extra for '24x7 coverage.'
When one employer did a basic security audit of their helpdesk services, Tata failed so severely that the contract was pulled for cause before the audit was even completed. They moved it all back in-house.
Dave 🐶
in reply to Kevin Beaumont • • •The root problem here isn't that TCS are shockingly bad (they are, just about everyone knows that).
The root problem is that "management decisions" constantly overrule those that raise concerns about their service and tell any remaining internal IT and security staff to "deal with it as best you can."
I'm very much of the view that, yes, the outsourced provider can be the cause of an incident, they can provide a shockingly bad service, they can cost your business millions of pounds. But the decision to continue to use them when you already know this is a real possibility - that's a decision by senior management within the company. That's on you.
Tony
in reply to Kevin Beaumont • • •Mark T. Tomczak
in reply to Kevin Beaumont • • •Interesting. I don't have the background on this specific attack, but I'm reminded of the Target credit card theft. An HVAC company near me was the point of entry for the attackers; they had high-access keys to Target's intranet because they install and maintain shopping-mall-grade HVAC and can remote-override it for maintenance and schedule reasons (nation-scale chain stores with giant footprints save not-inconsequential money on things like "Don't power up the HVAC to normal capacity on days nobody is here").
They had the keys on the same machine running their webserver.
(Meanwhile, Target actually did get an SEC slap-on-the-wrist for one specific thing: the HVAC intranet piece wasn't firewalled from the financial transactions and cash register source code pieces).
Brian Clark
in reply to Kevin Beaumont • • •Colin Haynes
in reply to Kevin Beaumont • • •Einhörnchen
in reply to Kevin Beaumont • • •Mike
in reply to Kevin Beaumont • • •K. Krithivasan, also known as Krithi, aka the face of quality IT, that you can trust.
Hash tag
These Indian, "IT", call centers probably do double time as scamming operations.
Hilarious twist would be that it was an inside job, faked to look like a compromise.
Kevin Beaumont
in reply to Kevin Beaumont • • •Marks and Spencer’s CEO says half of their online ordering is still offline after their ransomware incident, they hope to get open in next 4 weeks.
They are also rebuilding internal systems and hope a majority of that will be done by August.
Lesson: mass contain early. M&S didn’t. Co-op did.
reuters.com/business/retail-co…
penguin42
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •17 and two 19 year old teens picked up over Co-op and M&S hacks, and a 20 year old woman.
Pretend to be surprised.
bbc.com/news/articles/cwykgrv3…
Four arrested in connection with M&S and Co-op cyber attacks
Joe Tidy (BBC News)Rocketman
in reply to Kevin Beaumont • • •ian
in reply to Kevin Beaumont • • •kids these days 🙄
Just stay away from my bins!
aliengasmask
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Wouter Hindriks
in reply to Kevin Beaumont • • •Simon B
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •raspberryswirl
in reply to Kevin Beaumont • • •F4GRX Sébastien
in reply to Kevin Beaumont • • •AJCxZ0
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •. @briankrebs has broken the story that the key member (and teenager) of LAPSUS$ runs Scattered Spider
krebsonsecurity.com/2025/07/uk…
UK Charges Four in ‘Scattered Spider’ Ransom Group
krebsonsecurity.comGraham Sutherland / Polynomial
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Co-op finally admitted the entire membership database was stolen
I had this in the thread months ago, they originally tried to deny it entirely then tried to say ‘some’ data was accessed when they knew it was the whole thing.
bbc.co.uk/news/articles/cql0pl…
Co-op boss says sorry to 6.5m people who had data stolen in hack
Joe Tidy (BBC News)Kevin Beaumont
in reply to Kevin Beaumont • • •Personally I think Co-op did a really good job getting out of that situation and minimising impact.
I definitely think if you have a LAPSUS$ style advanced persistent teenagers situation, tilt towards open and honest comms as those kids will use secrecy against ya. It’s 2025, it’s okay to say you got hacked, people largely understand. Also, in IR, lawyers are usually stuck in 1980 advice - it’s just advice, they ain’t yo boss.
Dave 🐶
in reply to Kevin Beaumont • • •David Chisnall (*Now with 50% more sarcasm!*)
in reply to Kevin Beaumont • • •Probably the most damning indictment of the entire computing industry that I've seen for a long time.
I don't disagree at all. But this absolutely should not be the case and wouldn't be if we weren't still building core infrastructure around ideas that were known to be bad by the mid 1980s.
AnneH
in reply to Kevin Beaumont • • •tomwilescx
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •The people arrested as part of the Co-op and M&S hack investigation have been released on bail.
nation.cymru/news/four-people-…
Previously when this happened with LAPSUS$, they just continued hacking stuff.
Four people bailed after arrests over cyber attacks on M&S, Co-op and Harrods
Emily Price (Nation.Cymru)Martin Seeger
in reply to Kevin Beaumont • • •Rairii
in reply to Kevin Beaumont • • •CyberFrog
in reply to Kevin Beaumont • • •at this point I'm much more surprised when someone over 25 gets picked up for hacking stuff, I think some dude was helping gangs smuggle drugs into Rotterdam via hacking into the port logistical systems, they were like 41 with kids, that was way more unexpected to me lol
occrp.org/en/project/narcofile…
Inside Job: How a Hacker Helped Cocaine Traffickers Infiltrate Europe’s Biggest Ports
OCCRPAndy Davies
in reply to Kevin Beaumont • • •@tdp_org
If it is the case then the leaders of businesses like M&S who outsource these services to the lowest cost providers should also be held to account
It’s typical of British business management to know the cost of technology but not the value of it
Resuna
in reply to Kevin Beaumont • • •Bert Driehuis
in reply to Kevin Beaumont • • •In other words, their wetware was targeted.
"Our staff is our most valued asset. We depreciate on it."
Michael Weiss
in reply to Kevin Beaumont • • •Adrian Sanabria
in reply to Kevin Beaumont • • •Dave 🐶
in reply to Kevin Beaumont • • •The term 'user' in "no TCS systems or users compromised" could be more interesting to argue on in a civil liabilities case.
If a TCS staff member falls for social engineering (even if the action they take is within an assigned M&S tenant account...), is that not the same as a TCS user being compromised?
Anyway... I'm sure that statement won't at all be like rubbing salt in M&S's wounds.
Ret
in reply to Kevin Beaumont • • •CryptoMoose
in reply to Kevin Beaumont • • •Pete
in reply to Kevin Beaumont • • •Craig Stewart
in reply to Kevin Beaumont • • •Bebadefabo
in reply to Kevin Beaumont • • •lfzz
in reply to Kevin Beaumont • • •wasn't there some event, maybe 5 years ago, that meant a lot of WFH? Or did I hallucinate those times.
Is it suddenly a problem now or this is the same RTO bullshit being peddled?
Martin Vermeer FCD
in reply to Kevin Beaumont • • •Merry Christmas
in reply to Kevin Beaumont • • •RichBartlett
in reply to Kevin Beaumont • • •Richard Bairwell
in reply to Kevin Beaumont • • •Rairii
in reply to Kevin Beaumont • • •Simon Zerafa
in reply to Kevin Beaumont • • •Jason Stuart
in reply to Kevin Beaumont • • •Flippin' 'eck, Tucker!
in reply to Kevin Beaumont • • •Flippin' 'eck, Tucker!
in reply to Flippin' 'eck, Tucker! • • •Simon Zerafa
in reply to Kevin Beaumont • • •Graham Sutherland / Polynomial
in reply to Kevin Beaumont • • •Fennix
in reply to Kevin Beaumont • • •Dave 🐶
in reply to Kevin Beaumont • • •Otte Homan - remember Geordie
in reply to Kevin Beaumont • • •Michael Kohlman
in reply to Kevin Beaumont • • •Want to guess how much of my IT leadership career has been focused on building in-house expertise and dialing back the presence of MSPs?
Enough that it's made for a pretty good living...
Indieterminacy
in reply to Kevin Beaumont • • •Joel Michael
in reply to Kevin Beaumont • • •Ray—Golden Retriever Whisperer—🔝Insights
in reply to Kevin Beaumont • • •when I got my business degree, one of my management profs said that the instant you outsource, you give up control. To the service provider, you move from income to liability on the balance sheet because you now are costing them money, and to eke out any profit they need to cut costs related to providing service to you.
Thus you get all this *gestures vaguely*
Colin Macleod
in reply to Kevin Beaumont • • •"paints a ticking timebomb" - bit of a mixed metaphor, could be "paints a target" or "plants a ticking timebomb" ? 😎
The shortsightedness of outsourcing everything is undeniable though!
O'Schell
in reply to Kevin Beaumont • • •JP
in reply to Kevin Beaumont • • •Alex
in reply to Kevin Beaumont • • •I would love for IT to publish accident investigation reports in the same way as aviation.
No blame, no liability, no finger pointing, just lessons for everyone to learn and hopefully avoid the same.
(I know there have been some like the Irish Health Service that were excellent.)
Misuse Case
in reply to Kevin Beaumont • • •*sigh*Ber nard
in reply to Kevin Beaumont • • •1. Personnel is not allowed to store passwords.
2. Must use unique passwords for every service.
3. Passwords must rotate every X days.
4. Only sanctioned apps are allowed.
5. No password manager is sanctioned or installed by default.
*sigh*Ber nard
in reply to Kevin Beaumont • • •I recall it was a "TCS_80_ip" list in Entra Id marked "Trusted"/"MFA exempt" that contained 80 ranges from /15 to /24...
Yet happily pivoting through 3 layer deep RDP to get to a system to manage
AnneH
in reply to Kevin Beaumont • • •Fritz Adalis
in reply to Kevin Beaumont • • •sunflowerinrain
in reply to Kevin Beaumont • • •⊥ᵒᵚ⁄Cᵸᵎᶺᵋᶫ∸ᵒᵘ ☑️
in reply to Kevin Beaumont • • •caskfan
in reply to Kevin Beaumont • • •MattChippytea
in reply to Kevin Beaumont • • •Joel Michael
in reply to Kevin Beaumont • • •“we aren’t a computer company, so off to India / China / Vietnam / Philippines / etc for all this non-core-business shit”
…
“Why company not run without computers? Who did this?”
Michael Weiss
in reply to Kevin Beaumont • • •Adrian Sanabria
in reply to Kevin Beaumont • • •to be fair, IIRC, Coop Sweden went down because their payment provider used Kaseya.
So, it was ransomware on a fourth party, nothing Coop Sweden had any direct control over
Rob\Viewdata UK
in reply to Kevin Beaumont • • •Gary Parker
in reply to Kevin Beaumont • • •Ben Hardill
in reply to Kevin Beaumont • • •VessOnSecurity
in reply to Kevin Beaumont • • •Philipp Blum
in reply to Kevin Beaumont • • •Ben Hammond
in reply to Kevin Beaumont • • •The quote
> They torched shareholder value
made me laugh
they have no idea what the Coop is
John Kelly
in reply to Kevin Beaumont • • •Just glad some of the lessons sank in....
Damien
in reply to Kevin Beaumont • • •Dave 🐶
in reply to Kevin Beaumont • • •Dr. Christopher Kunz
in reply to Kevin Beaumont • • •Ivor Hewitt
in reply to Kevin Beaumont • • •Dave 🐶
in reply to Kevin Beaumont • • •lambtor
in reply to Kevin Beaumont • • •thanne
in reply to Kevin Beaumont • • •lp0 on fire
in reply to Kevin Beaumont • • •@GossiTheDog, TP;DR.
(Too portrait; didn't watch.)
CabbageBeets
in reply to Kevin Beaumont • • •Dave 🐶
in reply to Kevin Beaumont • • •Phil
in reply to Kevin Beaumont • • •John Francis 🦫🇨🇦🍁💪⬆️
in reply to Kevin Beaumont • • •the thieves could probably show up at the AGM and present themselves as a member, since they have access to all the information the Co-Op has on it's membership...number, address, etc.
Short of checking govt. ID or requiring a hard copy of the meeting invite that was mailed to their address. Even then, the thieves might've gotten away with that too.
Hywel Mallett
in reply to Kevin Beaumont • • •Dave 🐶
in reply to Kevin Beaumont • • •Everyday.Human Derek
in reply to Kevin Beaumont • • •greem
in reply to Kevin Beaumont • • •greem
in reply to Kevin Beaumont • • •Incident response specialists the world over wince into their keyboards.
This is another object lesson in how not to do it. It'll be taught to students in future.
Darran Lofthouse
in reply to Kevin Beaumont • • •Andy Herd 🏳️🌈🌳
in reply to Kevin Beaumont • • •I can only hope this data breach is the kick up the arse needed to abolish the common practice of using date of birth as an (immutable!) security password. Once it’s public knowledge it’s beyond useless… it’s a liability. Especially in banks.
I will not be holding my breath on this one.
Mike Spooner
in reply to Kevin Beaumont • • •shoaibusman88
in reply to Kevin Beaumont • • •David Penfold
in reply to Kevin Beaumont • • •Dave 🐶
in reply to Kevin Beaumont • • •Simon Zerafa
in reply to Kevin Beaumont • • •raspberryswirl
in reply to Kevin Beaumont • • •w00p
in reply to Kevin Beaumont • • •Dave 🐶
in reply to Kevin Beaumont • • •Julia Rez
in reply to Kevin Beaumont • • •Damien
in reply to Kevin Beaumont • • •Eldeberen
in reply to Kevin Beaumont • • •I was on holidays in Brodick (Arran, Scotland) last sunday, I can confirm the Co-op was low on products, with only potatoes available as fresh vegetables 😬
I though it was because it was a sunday late afternoon, but reading your thread it was clearly linked to the cyber incident
Samofhearts
in reply to Kevin Beaumont • • •Carsten
in reply to Kevin Beaumont • • •AnneH
in reply to Kevin Beaumont • • •Co-op cyber attack leaves island shop shelves empty
BBC NewsAlex Pardoe
in reply to Kevin Beaumont • • •Jon PENNYCOOK
in reply to Kevin Beaumont • • •Interpipes 💙
in reply to Kevin Beaumont • • •Paul Chambers🚧
in reply to Kevin Beaumont • • •Not sure if it is related, but M&S shuttered a flag-ship store without notice and earlier than planned on May 7th.
🔗 Marks and Spencer suddenly closes Aberdeen’s flagship St Nicholas branch after more than 80 years in city centre pressandjournal.co.uk/fp/news/…
archive.ph/q8IqV
Andy D
in reply to Kevin Beaumont • • •They've now admitted it -
BBC News - Personal customer data stolen in M&S cyber attack
bbc.com/news/articles/c62v34zv…
M&S says personal customer data stolen in recent cyber attack
Michael Race & Joe Tidy (BBC News)Dave Dustin
in reply to Kevin Beaumont • • •TrimTab 🇺🇦
in reply to Kevin Beaumont • • •Ghostrunner
in reply to Kevin Beaumont • • •Paul_IPv6
in reply to Kevin Beaumont • • •Anthropy
in reply to Kevin Beaumont • • •Dave 🐶
in reply to Kevin Beaumont • • •Simon Zerafa
in reply to Kevin Beaumont • • •w00p
in reply to Kevin Beaumont • • •ian
in reply to Kevin Beaumont • • •stony kark
in reply to Kevin Beaumont • • •Landwomble
in reply to Kevin Beaumont • • •Tom DB 🦣
in reply to Kevin Beaumont • • •Klaus Frank
in reply to Kevin Beaumont • • •Clemens Zauner
in reply to Kevin Beaumont • • •Well, that's an easy one. Just say that you are calling regarding the reported problem with Outlook.
On the one hand you have a ~90% Chance, that the called person had.a Problem in the last Week, and on the other hand will hand you over the username as well as the password immediately.
I'm somewhat surprised, that this had not been tried earlier.
C-rich
in reply to Kevin Beaumont • • •Phil Moss
in reply to Kevin Beaumont • • •◄◄ ► █ ►►
in reply to Kevin Beaumont • • •R.C.
in reply to Kevin Beaumont • • •C-rich
in reply to Kevin Beaumont • • •Gary Parker
in reply to Kevin Beaumont • • •Danny Palmer
in reply to Kevin Beaumont • • •Huh, might also explain why some of the shelves were so bare at my local yesterday.
(Also, it was a Bank Holiday Monday, but still)
v
in reply to Kevin Beaumont • • •groff
in reply to Kevin Beaumont • • •Gary Parker
in reply to Kevin Beaumont • • •Landwomble
in reply to Kevin Beaumont • • •Tom
in reply to Kevin Beaumont • • •Elias Mårtenson
in reply to Kevin Beaumont • • •R.C.
in reply to Kevin Beaumont • • •While in #BandQ today, the staff said they'd been having "some IT Issues like M&S"
Not sure if this was the staff just making a parallel of "generic IT issues" or if there has been some incident they haven't admitted yet
SensibleOtter
in reply to Kevin Beaumont • • •Can also confirm, from several years ago, that sometimes there is also an Executive Assistant with a flag in some systems to ‘call on behalf of’ C-Suite/VPs.
It’s like a privilege escalation on people exploit 🤣😂
Richard Stocks
in reply to Kevin Beaumont • • •The cult of “it’s an exec!” and thus able to bypass normal protocols has always made me cry - especially seeing as how they’re the ones with access to the juicy stuff and (usually) have low IT literacy and awareness.
Often, when I’ve worked with an org to help strengthen the help desk, the push back has been from the service desk management (scared that they’ll been seen as impeding the exec in the course of Important Work). Usually asking the question “would you rather be responsible for an extra 60 seconds on a call, or for the entire company being breached?” helps them to see the light.
The other source of friction is from the admin assistants of the execs who seem even more entitled than the execs themselves. An appeal to vanity (“we have to be extra careful when you call in because you’re in a very privileged position”) can work wonders.
Every time I’ve spoken directly with said execs and explained exactly why they are going to be asked to positively ID themselves for any interaction they have been 100% supportive.
kwayk42
in reply to Kevin Beaumont • • •Chester Wisniewski
in reply to Kevin Beaumont • • •Alesandro Ortiz 🇵🇷🏳️🌈
in reply to Kevin Beaumont • • •Kevin Riggle
in reply to Kevin Beaumont • • •wrosecrans
in reply to Kevin Beaumont • • •This is basically the plan for most businesses in reality.
It's fine to talk about stuff being "widely known best practice," but when IT shows up with big expenses for backups and security, the MBA's always decide it's more important to rightsize the headcount and operate lean. Many IT departments report up through an MBA and not a technical person, and many IT people are terrible at communicating risk dramatically enough to get money.
Matt Palmer
in reply to Kevin Beaumont • • •Floating Onion
in reply to Kevin Beaumont • • •StaffSRE1138
in reply to Kevin Beaumont • • •The thing that gets me is that the two statements are probably true for the people who said them. The Security group may have wargamed and prepared for malware attacks, and done so in a way that no one else in the technical stack even noticed happening (beyond some new agent installs being requested). So when the attack comes, the Security plan swings into action and no one outside of Security knows what it is or has practiced it.
This is high visibility. Executives step in to make Declarations, complicating the response. This is an incident big enough to need sub-commands to track various workflows, reporting up to a rotating incident command. Everyone wants to help, the workflows aren't well defined yet, and people help on their own authority (thanks to Command not having a clear picture yet and guiding where help would be good) and maybe make things worse in a few spots.
We had a plan.
It is chaos.
Both are true.
Dave 🐶
in reply to Kevin Beaumont • • •vampirdaddy
in reply to Kevin Beaumont • • •@ollie_whitehouse
Do egress filtering (esp. for servers) with alerting.
If there is unknown communication, then you have either a misconfiguration or a problem.
Keep critical IT infrastructure (network, firewalls, SAN/NAS, virtualisation, backups) separated from Active Directory.
Do not couple internet-facing systems (including VPN and M365) with your local AD.
Brian Clark
in reply to Kevin Beaumont • • •VessOnSecurity
in reply to Kevin Beaumont • • •I agree with most of your arguments. (In fact, the only one I take exception with is comparing ransomware with climate change. Ransomware is a much more real and urgent problem.) Those are pretty much arguments I've used myself when advising customers hit by ransomware not to pay.
But, ultimately, it's the company's decision. Even if the company makes the wrong decision, the government shouldn't be the one who decides for them.
See also this:
coveware.com/blog/2025/4/29/th…
"Decryption tools are worse than they’ve ever been."
The organizational structure of ransomware threat actor groups is evolving before our eyes
Bill Siegel (Coveware: Ransomware Recovery First Responders)Ivor Hewitt
in reply to Kevin Beaumont • • •dave
in reply to Kevin Beaumont • • •When the first indication appears, shut everything down. I have seen banks do this, and watched tellers calmly tell customers "I'm sorry, but the system is temporarily shut down" and start from there.
If the breach is stopped quickly enough, you may have a chance.
Also, what about off site storage, that would not be accessible to the attacker?
Ultimately, the decision is a risk management decision, to evaluate as quickly as you can
dave
in reply to Kevin Beaumont • • •"Travelex aren’t alone. When I covered the Capita ransomware, they paid quietly paid"
maybe delete one of the "paid"s
Gabriel Pettier
in reply to Kevin Beaumont • • •Jim Salter
in reply to Kevin Beaumont • • •OnlyMe
in reply to Kevin Beaumont • • •Inside the M&S meltdown: 3am meetings and £40m a week in lost sales — The Times and The Sunday Times
apple.newsResuna
Unknown parent • • •ian
Unknown parent • • •