The United Kingdom's government is planning to ban public sector and critical infrastructure organizations from paying ransoms after ransomware attacks.

https://www.bleepingcomputer.com/news/security/uk-to-ban-public-sector-orgs-from-paying-ransomware-gangs/

Since NoName057(16) is no more, I might as well reveal how I tracked them now.

It’s super dumb.

I cosplayed as a Russian supporter (under my real name btw, I have nothing to hide), then actually ran their Ddosia client from a PC which could only access their C2 (so couldn’t actually execute attacks).

I used video game modding tools to automatically extract the AES encrypted config ( :catjam: ) and automatically dump it into Excel spreadsheets so defending orgs knew what to block.

Microsoft has confirmed a new known issue causing delivery delays for June 2025 Windows security updates due to an incorrect metadata timestamp.

https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-Windows-security-update-delays-due-to-incorrect-metadata-timestamp/

Ultra spicy post claiming to be from UK retailer employee (M&S or Co-op) about their experience with TCS on their security incident. https://www.reddit.com/r/cybersecurity/comments/1ll1l6c/scattered_spider_tcs_blame_avoidance/?utm_source=share&utm_medium=mweb3x&utm_name=mweb3xcss&utm_term=1&utm_content=share_button

If you are waiting for Microsoft Win10/11 patches via Autopatch and are not seeing them installing, this comment from Microsoft support will clarify things:

An issue regarding this month's LCU is currently under review by our engineering teams.

The observed delay is due to a recent change in the publish date (also known as Time-To-Go-Live or TTGL) of the June updates for both Windows 10 and Windows 11. This change affects how deferral policies are calculated and subsequently when updates become available on your devices. 

What You Need to Know:

The June 2025 Quality Updates were re-published with a new TTGL of June 20, 2025.
As per design,deferral periods are calculated from this TTGL, not the original release date.
As a result, devices with configured deferral policies will receive the update later than initially expected — this behavior is expected and does not indicate a failure or misconfiguration.

What You Can Do:

No action is required at this time. Your devices will begin receiving the update based on the deferral policy applied relative to the new TTGL (June 20).
We recommendmonitoring update availability into early July, depending on your specific deferral settings.
 

Ongoing Work:

Our product and publishing teams are actively reviewing this and preparing formal communication to clarify the situation. We will share additional updates as they become available.

If you have further questions or need help reviewing your update policies, feel free to reach out. We appreciate your patience and understanding

@RichBartlett I feel your pain!

It's funny how information security compliance can completely put you off ever returning to the field of information security, ever. I'd far rather spend my time trying to make services actually work for people, than spend time chasing down scanner false positives or low priority findings which have no real world impact. #compliance #informationsecurity

Announcing: https://justaqrcode.com.

Tired of "free" QR code generators that are full of ads and trackers, that share your data, and that want to sell you something? Me too. Here's my act of resistance: I made a one-page site that works entirely in your browser to generate a simple QR code. And that's all it does. You can download the HTML page and run it locally, even. Read the source; nothing up my sleeves. Just a QR code.

My offer to you -- I will continue to pay for the domain name and web hosting for it, myself. If you find it valuable, you can pay it back by creating your own useful thing for the world and releasing it for free. Let's take back the friendly web, one vexingly-monetized utility at a time!

#QRcode #Free #FriendlyWeb #Resistance

New by me - breaking down the attacks on UK highstreet retailers

https://doublepulsar.com/dragonforce-ransomware-cartel-attacks-on-uk-high-street-retailers-walking-in-the-front-door-52ed8ba68534

UK cyber defenders, I draw attention to the following document:

Review of the attacks associated with Lapsus$ and related threat groups

https://www.cisa.gov/sites/default/files/2023-08/CSRB_Lapsus%24_508c.pdf

💡 Here's a tip to customize the Microsoft 365 password reset page that your users see.

Show your company logo plus your local language (optional).

⛳ You are going to want to bookmark this for future reference.

🧵👇

I love how a lot of MY job is filling the gaps Microsoft left when they half arsed THEIRS. Whether it's crap device compliance policies, stupid 'features' in Excel or a lack of basic support info, that's what a lot of my working life is about. #microsoftsucks

The cyber awareness industry - phishing simulators and such - is almost all complete garbage, just so y'all know.

If you look at your proxy logs, you'll quickly discover you've got entire departments whose job involves opening links and documents from people unknown (also almost every manager does it, when reviewing CVs etc).

If your security depends on nobody clicking a bad link, security and IT fucked up their jobs, and awareness training is just a sticking plaster on your own poor choices.

CISA’s Red Team has been cut by DOGE. Somebody go hire them, they’re really good.

To help defenders find their impacted orgs in the Fortigate configuration dump incident, here's all emails mentioned - Ctrl+F for yourself.

Obvious point - not everybody puts their email address in a config file.

https://raw.githubusercontent.com/GossiTheDog/Monitoring/refs/heads/main/Fortigate-Config-Dump-emails.txt

The #SpineRace official account is now bridged to the fediverse.

You can follow @spinerace.bsky.social

I think only the initial posts, not replies, are bridged but if you click on the post you get taken to Bluesky where you can see the replies.

#DotWatching

Edit: Make sure you follow the bridged account (shown here with spaces to show the full path): @spinerace . bsky . social @ bsky . brid .gy

People often ask me how they can donate to the cyberplace.social server. They can't, I can afford it.

Please donate to Mastodon centrally instead if you can afford it - the donor base is down about 30% year-on-year https://joinmastodon.org/sponsors

Boost if you want less generative AI in your tech in 2025.

NoName057(16) back to targeting UK this week, they're going to run all week. Thread for the week.

Current DDoS config, 17 orgs, UK councils and transport. Approx 70% success rate.

#NoName #threatintel

#NoName have moved on to South Korea, probably for the rest of the week.

Any UK orgs hit during the prior week, they'll return with same config later whenever PM upsets them - they always do. So do some mitigations in advance.

#threatintel