Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Conversation

Notices

Embed this notice
Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 05-Sep-2024 20:29:32 JST Kevin Beaumont
- d4rkshell :verified:
Tewkesbury Borough Council have a cybersecurity incident and are containing their network.
I can see from their network border they’re shutting down edge and Windows services.
HT @d4rkshell
https://tewkesbury.gov.uk/
#threatintel
In conversation Thursday, 05-Sep-2024 20:29:32 JST from cyberplace.social permalink
Attachments
1. Untitled attachment
  https://cyberplace.social/system/media_attachments/files/113/084/709/745/756/990/original/e082b850d51b09c6.jpeg
2. Domain not in remote thumbnail source whitelist: i0.wp.com
  
  Home
  
  Welcome to Tewkesbury Borough Council’s website. Find information about the council itself as well as its services including council tax and benefits, parking, planning, licensing, recycling and more.
- Embed this notice
  Kevin Beaumont (gossithedog@cyberplace.social)'s status on Friday, 06-Sep-2024 19:08:32 JST Kevin Beaumont
  in reply to
  
  Tewkesbury Borough Council have published an FAQ on their cyber incident
  They have isolated card payment.
  https://tewkesbury.gov.uk/cyber-incident-faqs/
  In conversation Friday, 06-Sep-2024 19:08:32 JST permalink
  Attachments
  1. Domain not in remote thumbnail source whitelist: i0.wp.com
    
    Cyber Incident FAQs
- Embed this notice
  Danny Palmer (dannyjpalmer@infosec.exchange)'s status on Friday, 06-Sep-2024 19:16:22 JST Danny Palmer
  in reply to
  
  @GossiTheDog Props to them for being somewhat open about this! Other councils have previously tried to just.. not talk about anything.
  
  In conversation Friday, 06-Sep-2024 19:16:22 JST permalink
- Embed this notice
  Kevin Beaumont (gossithedog@cyberplace.social)'s status on Monday, 09-Sep-2024 06:40:25 JST Kevin Beaumont
  in reply to
  
  Tewkesbury Borough Council are on day 5 of containment for their cyber incident. Media reporting suggests they have called in GCHQ, who are local to them (it’s probably more they just reported it to NCSC).
  In their updated FAQ they ask the press to stop calling them about it.
  From network traffic it looks like a crimeware group. #threatintel
  
  In conversation Monday, 09-Sep-2024 06:40:25 JST permalink
- Embed this notice
  Interpipes 💙 (interpipes@thx.gg)'s status on Monday, 09-Sep-2024 07:40:19 JST Interpipes 💙
  in reply to
  
  @GossiTheDog "network traffic"; where did you get that? I thought ISPs selling netflow data was an american enterprise
  
  In conversation Monday, 09-Sep-2024 07:40:19 JST permalink
- Embed this notice
  Hambone Fakenamington (centuryavocado@fosstodon.org)'s status on Monday, 09-Sep-2024 07:56:13 JST Hambone Fakenamington
  - Interpipes 💙
  @GossiTheDog @interpipes can confirm. I help a small altnet and they were approached (but did not engage) by q company wanting to pay for customer facing DNS resolver feeds.
  Grim.
  
  In conversation Monday, 09-Sep-2024 07:56:13 JST permalink
- Embed this notice
  hhf (hhf@chaos.social)'s status on Monday, 09-Sep-2024 17:44:28 JST hhf
  - Interpipes 💙
  @GossiTheDog @interpipes but gossi, that still doesn’t explain how you have access to that data? Are you buying it? Do you know people who have access to it? Who runs the queries to validate against IOCs to make such a statement? How can other small orgs do the same?
  
  In conversation Monday, 09-Sep-2024 17:44:28 JST permalink

Public

Conversation

Notices

Feeds