Heathrow total shutdown

dacads said:
Only getting worse

www.bbc.co.uk

Children's names, pictures and addresses stolen in nursery hack

Experts have condemned the hack as an "absolute new low" for cyber-crime.
www.bbc.co.uk www.bbc.co.uk
Click to expand...

This is a new low, unfortunately the UK is such an easy target for any threat actors.

Orgs have shown they will pay, teenagers getting in and terrible MSPs shows poor security practices, the government will bail out orgs financially and provide Incident Response help while they recover.
 
Last edited:
Could be used as more fuel for the "we need digital ID cards to keep us safe from x" fire. Ironically, the ID cards themselves become a very attractive target.
 
ID cards (they're on your phone) should be as easy/difficult targets as banking apps.

Nursery 'hack' like JLR we never get to hear how it was achieved eg. inititated by phishing/carelessness, like the Afghan spread sheet.
Now have a precedent for Government kindly bailing out companies.
 
I’m fine with it in principle, it’s just another form of ID - if it simplifies and makes things easier, :shrugs:

I get the road to hell argument, but like others have said, we already hand over so much info to the government anyway….

The only problem I can see, is that the government will likely give the bid to somebody like Capita or Serco, who will keep 99% of the money, and farm the actual work out to a bunch of trash subcontractors from overseas.
 
jpaul said:
ID cards (they're on your phone) should be as easy/difficult targets as banking apps.

Nursery 'hack' like JLR we never get to hear how it was achieved eg. inititated by phishing/carelessness, like the Afghan spread sheet.
Now have a precedent for Government kindly bailing out companies.
Click to expand...

It is already known that Scattered Lapsus$ Hunters breached JLR after exploiting a flaw in JLR’s SAP Netweaver software.

The exploit allowed Scattered Lapsus$ Hunter to upload arbitrary files to the affected system.
 
mysticsniper said:
It is already known that Scattered Lapsus$ Hunters breached JLR after exploiting a flaw in JLR’s SAP Netweaver software.
Click to expand...
it's, potentially, intenionally vague though eg.

https://www.infosecurity-magazine.com/news/sap-netweaver-vulnerability/ 15 May
.... so someone has also been delinquent (how did they get in position to upload files)

Strong Evidence of Exploitation


The flaw, tracked as CVE-2025-31324, is an unauthenticated file upload vulnerability in the Metadata Uploader component of the SAP NetWeaver Visual Composer Framework version 7.50. It has been allocated the highest severity score by SAP, 10.0 (CVSS v3.1).


When exploited, it allows an unauthenticated attacker to upload potentially malicious executable binaries that could severely harm the host system.
Click to expand...


BBC report this am on hackers trying to buy an insider inside bbc - you'll be made for life
 
You must log in or register to reply here.
Back
Top Bottom