Notices by Kevin Beaumont (gossithedog@cyberplace.social), page 2

Billionaire “genius” https://www.bbc.co.uk/news/articles/clyn4d33yyno

M&S still have no recruitment system. https://jobs.marksandspencer.com/job-search

Marks and Spencer have started partial online shopping again.

For statto nerds, around 7 weeks from containment to partial recovery

https://www.bbc.co.uk/news/articles/c4gevk2x03go

This one follows the pattern of many of the recent retailer and manufacturer attacks - they launch a few days before earnings reports, likely to increase pressure to pay ransom. #threatintel #ransomware

Related: https://www.businessinsider.com/food-distributor-unfi-outage-hits-grocery-chains-whole-foods-2025-6

#threatintel #ransomware

United Natural Foods has filed an 8-K with the SEC for (not named) ransomware incident starting 4 days ago.

They are the largest publicly traded wholesale distributor of health and specialty food in the United States and Canada and it is Whole Foods Market's main supplier.

https://www.sec.gov/ix?doc=/Archives/edgar/data/1020859/000102085925000021/unfi-20250605.htm

soon

An Italian parliamentary committee has confirmed that the government used the Israeli-made spyware Graphite, developed by the offensive cyber company Paragon, to hack the smartphones of several activists working with migrants. https://www.haaretz.com/israel-news/security-aviation/2025-06-05/ty-article/.premium/italy-admits-activists-were-hacked-with-israeli-spyware-but-not-journalists/00000197-3ff4-d079-ab97-7ff5bd8a0000?gift=02a7cfbdd1614710b59c7abf9ae71754

M&S had their ransomware incident communicated via internal email - from the account of a staff member who works for TCS.

The way TCS work is you give them accounts on your AD.

https://www.bbc.co.uk/news/articles/cr58pqjlnjlo

Co-op say they have largely completed recovery, and have removed the cyber attack banner and statement from their website

https://www.retailgazette.co.uk/blog/2025/06/co-op-cyber-attack/

I think they did a great job. They do call it a "highly sophisticated attack", which, frankly.. isn't true and may come out in open court later if the suspects are ever caught.

US authorities are investigating CrowdStrike over their defective software update last year - and, intriguingly, their financial statements.

Why intriguing? I mentioned last year - their financial position doesn’t make sense. One to watch.

https://www.wsj.com/business/telecom/crowdstrike-cooperating-with-federal-probes-into-july-software-outage-c39a96b5?st=ycLecq&reflink=desktopwebshare_permalink

The long story short with that one is that multiple governments are using Apple push notifications for investigations. If you’re working on something really sensitive (ie comms), I’d turn off push notifications both sides.

An update - numbers! https://www.404media.co/apple-gave-governments-data-on-thousands-of-push-notifications/

CrowdStrike still expects to take around another $65m in costs from their update snafu last year, they retained customers by offering financial incentives https://www.reuters.com/business/crowdstrike-shares-drop-windows-outage-fallout-hits-forecast-2025-06-04/

MindsEye releases next week. https://www.eurogamer.net/mindseye-studio-execs-depart-build-a-rocket-boy-one-week-before-games-debut

Victoria’s Secret has been unable to file quarterly financial statements due to their ongoing ransomware incident. https://www.bleepingcomputer.com/news/security/victorias-secret-delays-earnings-release-after-security-incident/

This Daily Mail piece about security leaders thinking work-from-home means they will be crippled is horseshit, I'm not linking it.

They've taken a survey about how security people think their businesses couldn't survive ransomware, and linked it to working from home. WFH isn't the problem: business IT and resilience being built on quicksand is the problem.

Marks & Spencer is holding walk-in in-store recruitment open days to fill vacant roles while its online hiring system remains offline following its ransomware attack in April. https://www.thegrocer.co.uk/news/mands-stores-staging-walk-in-recruitment-open-days-amid-cyberattack-disruption/705189.article

Marks and Spencer's remuneration committee have opted not to dock the CEOs pay as expected and prior reported over the cyber incident, but instead increased it by £2m.
https://www.bbc.co.uk/news/articles/c23mz5eg091o

While Co-op have restored every customer facing system and internal systems like recruitment and remote working, M&S still don't even have recruitment back.

I'm reliably told they paid the ransom, so they'll be target #1 basically forever with other ransomware groups now due to resiliency woes and willingness to pay.