Which is of course pronounced: JAST FREE PAAAAAARND
https://styleblueprint.com/everyday/why-do-people-add-s-to-t...
Completely normal to say "Tesco's", "Aldi's" etc.
Wait..make that "Markses".
Some companies decided to embrace the pattern: Goldberg became Goldbergs, Morrisons, Dobbies...
"Sainsbury's" supermarket used to be "J. Sainsbury's" named after its founder John Sainsbury, &c. "Morrisons" was "Wm Morrison" founded by William Morrison. So when you refer to a shop you say Sainbury's as in [Mr.] Sainsbury's shop, or "Morrison's" as in Mr. Morrison's shop.
Then this becomes so ingrained it gets misapplied sometimes. I don't think I'd ever say Asda's though. But I would say Tesco's, even though Tesco is the initials of three people.
Surely this is the same worldwide?
Can someone give the kids a ping pong table or something so i can eat my breakfast in peace?
https://ico.org.uk/for-organisations/report-a-breach/persona...
Even pre-GDPR we had much stronger data protection than most countries with the Data Protection Act ( 1998 ), although I don't remember that having disclosure rules, it did have a lot of things that companies only freaked out about post GDPR and the weight of the EU behind severe penalties.
https://www.bbc.com/news/articles/c8d70d912e6o indicates that the recently announced breach was separate from the one in May (for which the attackers were arrested in July?). I think the one in May leveraged CVE-2025–31324.
> A spokesman for the store said that its own system had not been compromised, and that the breach is not connected to a cyber attack in May
I wonder if it was the same group.
It's not in anyone's interest to make a lot of fuss or noise in the public eye, so us chickens out here won't ever hear about anything that happens.
That comes with the caveat that the big banks can afford to pay really nasty people to go find hackers and turn them over to authorities, or worse options in more lawless parts of the world, and the public will never hear about those actions either, which disincentivizes the hackers. There are easier ways of getting more money with less risk of catastrophic personal outcomes, with the technical difficulty of even attempting anything serious filtering out the impulsive and stupid.
That works for your country. Why aren't banks in smaller countries affected? Their security is not good, and markets aren't important.
In Costa Rica there was an incident where the equivalent of the IRS was held ransom and the government didn't pay. (Thumbs up to them.) Again, why doesn't that happen to banks there?
Lots of shitty behavior is grounded in what weak people imagine other people will think of them, and them bending over backwards to hide and cover up and obfuscate. Those are the ones that pay ransomware gangs, and they're also the ones that don't plan ahead and prepare responsibly.
Over the last 5 years, dozens of huge financial firms - banks, hedge funds, credit unions, mortgage lenders, etc - have been hit, and about 15-20% pay the ransoms.
Even if public notice is mandated, there are probably cases where it's an obscure notification on some official government website, or a 3-4 page deep "announcement" on a company page phrased to look innocuous and routine. "We experienced a cybersecurity incident which was resolved" or what have you.
It's fairly trivial for them - routine - to cover things up, right out in the open, and with the speed of the news cycle, it's only gotten easier.
We should probably mandate disclosure by big corporations, institutions, and banks through a glaringly obvious, top half of the front page of their website, blunt declaration for 30 days, with a government page listing incidents and responses for 5 years. "XXX Corp was hit by ransomware and paid $123 in bitcoin to the APT Group AwfulAsshats"
Mandating by law that ransom not be paid puts the onus of maintaining proper disaster and ransomware recovery on the insitutions - if you're handling a huge scale of resources, you're on the hook for responsibly managing your employees security and livelihoods, your users and customers assets and data, and not incentivizing ransomware as a viable avenue of attack. If you can't handle the responsibility of securing against ransomware, you've no business handling people's data and money, frankly.
This would wipe out a whole slew of nonsense businesses, I think.
Nobody understands those things, they just take working code and modify it.
Are these hacks unavoidable, or are they indicative of shoddy IT on the victim's side? There has been a sleugh of cyberattacks recently and I don't know what to make of it.
If it's kind of like getting burgled - get good home security but a determined burglar will get in anyway - then it's a systemic problem we have to somehow tackle as a society. And if it's shoddy workmanship, again, it would appear so widespread that we have to do something about it.
I'm not passing judgment, just trying to understand.
For instance, in the 2023 casino hacks of MGM and Caesars, Caesar paid a random of ~15 M$, making them profitable. In the JLR hack, JLR has incurred ~500 M$ of damage to date. These attacks cost less than 10 M$ to create and deploy guaranteed.
However, most commercial systems are vastly easier to hit than even 10 M$. I would venture that most of these high profile attacks are on the order of merely ~10-100 K$ to actually create and deploy making them wildly profitable with a ROI in the 10-1000(!) range. And, if you have the choice of spending 100K to get 15 M$ or 10 M$ to get 15 M$, it is pretty obvious who you would prioritize.
It is like the story of two people and the hungry bear. Even if you can not outrun the bear, if you can outrun the other person then the bear will tear you apart second.
So it is both. Everything is shoddy. Some are dramatically more shoddy than others. And the hungry bears are breeding so they can eat all the dodos.
Most likely all that was used is $50 / month server for nmap and other tools, bunch of $3 / month VPNs. Or might be everything that was needed is $10 for a eSim and one scam call.
And of course a lot of time of a person who can't get properly paid job anyway. Obviously might be only few people succeed, but in the end each particular attack cost peanuts.
If you've paid attention in the last 10 (or even 5) years as a company, and did some pentests and redteams, you've seen how you could be breached, and you took appropriate steps years ago.
A non-shoddy company will have:
- hardened their user endpoints with some sort of modern EDR/detection suite.
- Removed credentials from the network shares (really).
- Made sure random employees are not highly privileged.
- Made sure admin privileges are scoped to admin business roles (DBA admin is not admin on webservers, and vice-versa).
- Made sure everyone is using MFA for truly critical actions and resource access.
- Patched their servers.
- Done some pentests.
This won't stop the random tier 2 breach on some workstation or forgotten server still hooked up on prod/testing, but it will stop the compromise _after_ that first step. So sure, hackers will still shitpost some slack channel dumps, but they won't ransomware your whole workstation fleet...
Because big bosses hate it when their PC don't just let them run whatever they want and they are not allowed to VPN into network from their home or their grandma desktop because they like her very much.
Also any Linux nerd sysadmin dude (like me) who know better is another type of person who hate following rules.
That's a really good question and one that I've asked (myself) many times. What I can't understand is that on one side you have an IT division that (probably) has a substantial budget, security hardware and software layers, security strategies and probably hundreds of personnel. On the other side you have a group of hackers/crackers who have none of the above, but often succeed. How does that work? Srsly!
yakshaving_jgt•4mo ago
A minister's bill is less effective than a Ukrainian soldier's bullet.
swarnie•4mo ago
Your proposal is we have a foreign army come over and start executing children? What is this Bush era nonsense.
yakshaving_jgt•4mo ago
You can't have state-sponsored cyber-attacks if the state sponsoring the cyber-attacks goes away.
No, I am not proposing anyone start killing children. What a ridiculous misinterpretation of my words. It's the russian military who kill kids[0], and nobody should be ok with that. It's also the russian government recruiting children to commit acts of sabotage[1] abroad.
[0]: https://www.politico.eu/article/former-wagner-group-commande...
[1]: https://www.justiceinfo.net/en/147402-ukraine-fsb-recruits-t...
phatfish•4mo ago
It's either covertly state sponsored, or outsourcing everything to India is finally showing some results.
noir_lord•4mo ago
I.e.some combination of state sponsored, opportunistic script kiddies and better reporting. After the earlier attacks subsequent ones get more press as well.
swarnie•4mo ago
I dont see what this has to do with russia russia russia
yakshaving_jgt•4mo ago
> Although cyberattacks have become more high profile, there is little reliable data on how many attacks take place in the UK each year. Hackers are drawn from a mix of organised criminal gangs, those sponsored by state actors including Russia and China, and hacktivists with a political agenda, according to a report by the Royal United Services Institute (Rusi).
swarnie•4mo ago
More likely they are spectrum'd to fuckery or pushing a political agenda.
yakshaving_jgt•4mo ago
What are you basing this probability on?
The UK and EU has seen a significant increase in cyber-attacks and acts of sabotage since February 2022. In some cases, evidence has been found that the attacks were orchestrated by the russian government.
I suppose it's all one big coincidence?
kylemaxwell•4mo ago
edm0nd•4mo ago
I support legalizing drone striking ransomware operators.
isaacremuant•4mo ago
Add all your other "western leaders" out there who also seem to love and push for wars fought by others and not their children or themselves.
some_random•4mo ago
neffy•4mo ago