If you're in the EU and previously opted out of Meta using your Facebook, Threads, and Instagram posts, you will need to opt out again.
Facebook have done it again.
If you’re in the EU and previously opted out of Meta using your Facebook, Threads, and Instagram posts and images to train its generative AI, you’ll need to opt out again—otherwise, Meta will resume training on your data.
Users have until May 27, 2025, to opt out once more, or they will permanently lose the ability to do so.
Here are the direct opt-out links, which aren’t prominently advertised within the apps:
For more details, see the original report: Ars Technica article Hope that helps!
DragonForce ransomware hit M&S, Harrods & Co-op, causing £700M losses & data breaches.
The Big Picture
In April 2025, UK retailers Marks & Spencer (M&S), Harrods, and Co-op were hit by a major ransomware attack, reportedly carried out by DragonForce, a ransomware-as-a-service (RaaS) group. The attack disrupted operations, caused financial losses, and exposed sensitive customer data—a wake-up call for businesses everywhere. Is it time to think about more regulation with retailers.
How the Hackers Pulled It Off
Breaking In
- Hackers stole hashed credentials from Windows Active Directory (NTDS.dit file) and cracked them offline months prior to he lay few weeks disruption
- Phishing & MFA fatigue attacks tricked employees into handing over access.
- SIM swapping helped bypass multi-factor authentication (MFA).
Spreading Through the System
- Mimikatz was used to extract plaintext passwords.
- Advanced IP Scanner mapped out networks to find high-value targets.
- Security monitoring tools were disabled to avoid detection.
Deploying the Ransomware
- DragonForce ransomware was executed on VMware ESXi servers, encrypting virtual machines.
- M&S lost £700 million in market value, supply chains stalled, and online orders were halted.
- Harrods restricted internet access, while Co-op shut down IT systems, affecting customer data and operations.
Holding Data Hostage
-
20 million Co-op customer records stolen, including credentials and payment data.
-
Hackers threatened to leak sensitive data unless ransom demands were met.
Cybersecurity Callouts & UK National Security Response
-
Zero-trust architecture: Stop hackers from moving freely inside networks.
-
AI-driven cybersecurity: Keep up with evolving ransomware tactics.
-
Continuous monitoring & MFA enforcement: Spot threats before they escalate.
-
Employee training: Prevent phishing and social engineering attacks.
-
Board-level cybersecurity investment: Treat digital infrastructure like critical infrastructure.
What This Means for Big Business
-
Supplier Risk Management Needs to Be a Priority
-
Third-party vendors (e.g., payment processors, logistics firms) are often the weakest link.
-
Businesses must audit external partners, enforce contractual security requirements, and monitor supplier networks in real time.
-
-
Internal Security Must Match External Threats
- Cyberattacks are inevitable, not just a possibility.
- Endpoint security, threat intelligence, and rapid response planning must be built into corporate risk frameworks.
Further Reading & Expert Insights
My team are in the playoffs within one of the hardest leagues in Europe 😬
UK Retailers and Cyber attacks have been huge in the last few weeks. I do not think it’s going to end any time soon
I’m impressed with the fact modernisation is taking place on Oxford street. It’s about time. Ikea to open Oxford Street store in May after 18-month delay | Ikea | The Guardian
🙏🏽
FCA staff emails to auto-delete after one year - FTAdviser
Any emails that should be retained to comply with regulatory and legal requirements, including the Freedom of Information act, will be saved.
Something tells me AI is going to be used to check emails and their classification.
Pigeons are better at multitasking than humans
Pigeons are capable of switching between two tasks as quickly as humans – and even more quickly in certain situations. These are the findings of biopsychologists who had performed the same behavioural experiments to test birds and humans. The authors hypothesize that the cause of the slight multitasking advantage in birds is their higher neuronal density.
I must be a plodder, doing one thing at a time. 🤷🏽♂️
Interesting read it reminds me when I used to be on client sites at the start of my career. With a bit of practice you can tell when someone’s lying to you. Especially in a 121 coaching sessions. Those head movements can tell you a lot in my opinion
Body language can differ between cultures, too. It can be considered impolite in many Asian countries to maintain eye contact while talking with someone, for example, while smiling can mean different things depending on the cultural context.
How to crack the subtle body language of liars - BBC Science Focus Magazine
Exploits of Apple and Google services
A new report reveals how a voice phishing gang exploits Apple and Google services to trick users into revealing personal information. The group used a spoofed phone call to steal over $4.7 million from a cryptocurrency investor named Tony. These scammers create fake login pages and use automated messages to convince victims they are talking to legitimate support teams.
What an interesting and fun read about SQL lite.
But they take backward compatibility so seriously that even if they have shipped a bug, they won’t fix it
Anyone hosting their own photos over Google or iCloud ? Would love to know what you are using
Morning all, anyone familiar with the Immich photo back up service and tried to manage it from an external hard drive ? I would happily take on any recommendations for other services, if anyone has any
Germany drafts law to protect researchers who find security flaws
This is great for researchers and about time. However, do not touch anything. Simply report the finding.
Sophos’s “Pacific Rim” Campaign: A Briefing on Digital Detritus and Cybersecurity
This report and associated posts by Sophos collectively referred to as “Pacific Rim,” which details a multi-year campaign against Chinese nation-state actors targeting Sophos firewalls and other network devices.
The reports highlight the concept of Digital Detritus and its impact on the cybersecurity landscape. This term refers to the accumulation of outdated and unpatched hardware and software that presents a growing threat to cybersecurity.
The Problem of Digital Detritus
Digital Detritus arises from a combination of factors:
- Infrastructure Inertia: Customers extend the lifespan of their hardware and software to maximise their investment, leading to devices remaining in operation long after they are no longer supported with security updates. This tendency is amplified by the lack of “status” associated with owning the latest network infrastructure, unlike consumer products like phones or cars.
- Misaligned Incentives: Vendors face financial constraints in providing indefinite support for older products, leading to a gap between buyer expectations for longevity and vendor capabilities to maintain security.
- Evolving Threats: Vulnerabilities that might have been less critical in the past become increasingly “unforgivable” as attackers discover new ways to exploit underlying flaws.
The result is an expanding attack surface for adversaries who can exploit these vulnerabilities for malicious purposes.
Case Study: Sophos’s “Pacific Rim” Campaign
Sophos’s “Pacific Rim” case study provides a real-world example of the dangers posed by Digital Detritus. The reports document a series of attacks by Chinese nation-state actors targeting Sophos firewalls, starting with an intrusion into a Cyberoam office in India in 2018. A company which Sophos purchased.
The attackers utilised various tactics, including:
- Exploiting zero-day vulnerabilities to gain initial access to devices.
- Deploying bespoke malware, including rootkits
- Sabotaging telemetry systems to evade detection and hinder response efforts
- Stealing credentials to gain access to internal networks and move laterally within target organisations
These attacks targeted a wide range of organisations, including government agencies, critical infrastructure providers, and businesses across various sectors.
Key Takeaways
Sophos’s experience highlights several important lessons for companies:
- Network Devices are High-Value Targets: Edge network devices like firewalls are increasingly targeted by sophisticated adversaries for both initial access and persistence.
- State-Sponsored Attacks Target All Organisations: Targeting is no longer limited to high-value espionage targets. Attackers may use compromised devices as operational relay boxes (ORBs) to obfuscate the origin of attacks, or target organisations within critical infrastructure supply chains for potential disruption.
- Opt-Out is No Longer an Option: Vendors and their customers must work together to ensure that devices are patched promptly, secure configurations are adopted, and robust authentication measures are in place.
- No Compromise is Unimportant: Even minor compromises can reveal larger, more sophisticated campaigns. Defenders must thoroughly investigate all incidents and pursue every lead.
Mitigating the Risks of Digital Detritus
Addressing the Digital Detritus problem requires a collaborative approach involving both vendors and customers.
Vendors should:
- Embrace “Secure by Design” principles: Building security into products from the outset makes it easier for customers to maintain a strong security posture.
- Provide clear end-of-life policies: Setting realistic expectations for product lifecycles and offering support for secure decommissioning or upgrading of devices is crucial.
- Improve telemetry and analytics: This allows for better visibility into the security status of deployed devices and provides insights into potential threats.
- Proactively engage with customers: Reaching out to customers with outdated devices and encouraging them to update or upgrade to supported versions is essential.
Customers should:
- Prioritise patching and updates: Applying security patches and updates promptly addresses known vulnerabilities.
- Adopt secure configurations: Minimising the attack surface by disabling unnecessary features and services, those exposed to the internet, is key.
- Implement strong authentication: Employing robust multi-factor authentication prevents unauthorised access, for administrative accounts.
- Engage with vendors: Stay informed about security advisories and end-of-life policies for deployed products.