惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

C
CERT Recently Published Vulnerability Notes
U
Unit 42
T
The Blog of Author Tim Ferriss
H
Hackread – Cybersecurity News, Data Breaches, AI and More
B
Blog RSS Feed
Microsoft Azure Blog
Microsoft Azure Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
S
Securelist
L
Lohrmann on Cybersecurity
Blog — PlanetScale
Blog — PlanetScale
Recorded Future
Recorded Future
D
DataBreaches.Net
Spread Privacy
Spread Privacy
T
Threat Research - Cisco Blogs
I
Intezer
P
Palo Alto Networks Blog
Simon Willison's Weblog
Simon Willison's Weblog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
I
InfoQ
宝玉的分享
宝玉的分享
Security Latest
Security Latest
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
T
Threatpost
Cisco Talos Blog
Cisco Talos Blog
P
Proofpoint News Feed
博客园 - 司徒正美
H
Hacker News: Front Page
Y
Y Combinator Blog
爱范儿
爱范儿
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
NISL@THU
NISL@THU
月光博客
月光博客
有赞技术团队
有赞技术团队
Cloudbric
Cloudbric
酷 壳 – CoolShell
酷 壳 – CoolShell
G
Google Developers Blog
A
Arctic Wolf
博客园 - 【当耐特】
W
WeLiveSecurity
V
Visual Studio Blog
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
V
V2EX
C
Cyber Attacks, Cyber Crime and Cyber Security
S
SegmentFault 最新的问题
The GitHub Blog
The GitHub Blog
The Cloudflare Blog
Stack Overflow Blog
Stack Overflow Blog

The Register - On-Prem

Ohio hits pause on datacenter tax breaks draining its coffers Europe told to cool its datacenter boom before water and power run short Kyndryl takes employees' pulse while cutting off circulation for some Outlook has an image problem Microsoft says cu l8r to text message security 'Workforce rebalancing' comes for Kyndryl, and delivery teams are in the firing line MAGA's Mace wants to make power bills great again, calls for datacenter moratorium Datacenters slurping up so much juice they boosted prices 75% in largest US energy market Exploited Exchange Server flaw turns OWA inboxes into script launchpads Utah mega datacenter could dump 23 atomic bombs worth of energy per day Rust stalks IBM mainframes, but only in nightly form Iran war hits datacenter building supply chains, upping costs ON CALL: Custom PC worked in the lab, failed on site – and so did the angry client ShinyHunters claims dump puts 119K Vimeo emails in the wild Vodafone dials up full control of VodafoneThree Palantir CEO: 10 percent of world 'professionally hates us' Bad news for OpenClaw stans: Apple’s Mac Mini starts at $799 AWS networking lab tour: Making networking disappear Royal Navy chief backs drones, robot ships Bank of England is gold standard for tech projects, says PAC UK pensions dept shopping for spy-van tech worth up to £2M Microsoft boss tells investors the company is working to 'win back fans' What type of 'C2 on a sleep cycle' do they leave behind? Novel Chinese spy group found in critical networks in Poland, Asia Microsoft levels up Azure Local for sovereign clouds Cloudflare: autocrats, wars, and votes caged the net in Q1 ZTE & XLSMART launch Jakarta AI & 5G-A Innovation Center When robots join the race: 5G-A powers a new kind of marathon 5G-A powers a new kind of marathon Oracle plans to power its New Mexico DC with fuel cell farm DCMS to new CDIO: Microsoft migration, overhaul ERP, survive Document sent Boeing Core Scientific accelerates crypto-to-AI pivot Meta seeking energy from space for earth-bound datacenters Golden Dome gets $3.2B of contractors and an AI sprinkle ICO boss Edwards steps back amid workplace investigation DARPA seeks deep-sea drones for autonomous warfare push ZTE Q1 revenue up 6% to RMB 35B; computing mix hits 27% UK govt shells out £550 for Digital ID panel, bans press TUIT & ZTE launch student internship and tech job programs US farms have new steward for their safety nets: Palantir Tesla stakes AI dreams on Intel's unfinished AI chip If malware via monitor cables is a matter of national security, this might be the gadget for you Grafana offers AI assistant for free, warns users not to go mad Right to repair champ Framework punts modular 13in laptop with Core Ultra Series 3 Scotland Yard can keep using live facial recognition on Londoners, say judges Phone-to-satellite use goes into orbit, growing 25% in 8 months FAA grounds Blue Origin's New Glenn as it probes missed satellite delivery 'mishap' AMD's Ryzen 9 9950X3D2 Dual Edition tested: Gratuitous overkill with a price to match Crook claims to leak 'video surveillance footage' of companies Met police trials snoop tech platform in push to cuff more London shoplifters England's school phone ban gets teeth, just in time to bite no one Panasonic creates device-locked QR codes to speed facial biometric capture NASA Inspector fears new spacesuits won’t be ready for Moon landing Trump-branded datacenter project fails to make itself great, again World's blandest man steps down from CEO job to spend more time in tastefully appointed home Chase got a spiff of $77 million to create one job with New York datacenter AI is reshaping Britain's datacenter map away from London HP's remote desktop push retreats as Anyware heads for end of life 'Invisible mouse' made a mess of PC rebuild Indonesia’s game rating system paused amid claims it leaked developer creds and glimpses of major new titles Intel eases reliance on TSMC with 'Merica-made Core Series 3 processors Attention data hoarders: Alexa loses its Plex appeal as voice feature gets canned Locked-out iPhone user tells The Reg that Apple is scrambling to fix character flaw passcode bug Capita won disastrous UK pensions gig after acing performance checks Maine to pause big bit barns as local opposition spreads Iran has something America can only dream of: cheap broadband Guide to GPU virtualization: passthrough, vGPU, and MIG Brussels tells Google to hand rivals its search crown jewels as privacy row brews Cops hand Motorola £25M to keep 2000-era radios alive QUIC will soon be as important as TCP – but it's vastly different Networks not ready for the challenges of AI traffic US states can't account for datacenter tax breaks. Literally UK told its Big Tech habit is now a national security risk The only technology that died more times than VR is AI, and that seems to have worked out Oracle taps Bloom for fuel cells to support datacenter binge Amazon pays $11.5B to satisfy satellite-envy while cowering in Musk's shadow Microsoft raises UK Surface prices as RAM crisis reaches the checkout UK state bank considers lengthening disastrous IT program Japan going back to the future by reviving its chip industry FAA seeking gamers to fill air traffic control ranks Veterans Affairs software licensing under fire in GAO report NHS pays £46K to prep next Microsoft licensing round France’s digital agency dumping Windows desktops for Linux IT manager approved lunch downtime, but made a meal of it China wants AI to prepare school lessons and mark homework Apple update turns Czech mate for locked-out iPhone user Hungary officials used weak passwords exposed in breach dump Amazon rejects AWS climate disclosure proposal Tiny violins as Amazon execs face pay packet pinch John Deere agrees $99m right-to-repair settlement Iran war piles more pain on already battered PC market AWS put a file system on S3; I stress-tested it UK to spend £15M on AI mapping in knife crime crackdown Rebrand automation as 'zero-token architecture' to master AI Supply chain challenges risk delaying Nvidia's Rubin GPUs Amazon thanks loyal Kindle devotees by bricking their kit DXC lands Metropolitan Police contract worth up to £1B How to navigate the storage crunch in the AI era Supermicro launches probe after staff charged with China export violations
NHS Scotland-linked domains push pr0n and illegal streams
2026-04-08 · via The Register - On-Prem

REG AD

Security

NHS Scotland-linked domains caught serving pr0n and dodgy sports streams

Two practice web addresses appear to have been compromised

Multiple domains belonging to Scottish healthcare providers have been hijacked and are now pushing links to adult content and illegal sports streams, according to a researcher.

First spotted by Nick Hatter, a former cybersecurity engineer turned psychotherapist and life coach, an influx of links hosted on a domain belonging to The New Surgery in Kilmacolm, near Glasgow, flooded Google's index in recent days.

On closer inspection, some seem to have been created as far back as January.

REG AD

The landing page for the domain is not the one currently used by the practice, but it was likely used previously, given the scot.nhs.uk namespace appears to belong to a US-based web developer as a guise for the illicit content it now hosts.

REG AD

The Register asked NHS Greater Glasgow and Clyde (NHSGGC), Scotland's largest health board and the one that oversees The New Surgery, to comment.

A spokesperson for NHSGGC said: "NHS Greater Glasgow and Clyde's cybersecurity team is working with Public Services Delivery Scotland's Cyber Centre of Excellence to support an independent GP practice after being made aware that a legacy website had been compromised. This affects a legacy website that was independently set up and managed by the GP practice, and there is no evidence the practice's primary website, or any NHS Scotland systems locally or nationally, were compromised."

We also contacted NHS National Services Scotland (NSS), which administers the scot.nhs.uk domain.

In a statement, Scott Barnett, Chief Information Security Officer, Public Services Delivery Scotland, said: "Our NHS Scotland Cyber Centre of Excellence (CCoE) was made aware of a security issue affecting a legacy website associated with a local GP practice.

"At this time, we are not aware of personal or sensitive data exposure as a result of this incident. There is also no evidence the practice's primary website, or any NHS Scotland systems locally or nationally, were compromised.

"Our CCoE teams are continuing to work closely with NHS Greater Glasgow and Clyde's cyber security team to understand the cause of the issue and to ensure it has been fully contained."

Hatter also told The Register that after unearthing the initial compromise related to The New Surgery, he found similar activity at the domain for Lerwick GP Practice, located in the remote Shetland Isles.

REG AD

In Lerwick's case, the domain currently in use by the practice is the one serving the illicit links. The New Surgery's compromised domain has not been used for the practice's primary website in years.

A search using the Wayback Machine shows that as of 2019, one of the sites now serving dodgy links was indeed the one used to access The New Surgery, suggesting it was compromised at some point more recently.

In discussions related to the original The New Surgery findings, Alan Woodward, professor of cybersecurity at the University of Surrey, told The Register: "The big question is, is it a real surgery or is someone putting up a dodgy URL to automatically redirect? 

"Either way, the scot.nhs.uk subdomains are managed by NHS Scotland, so somehow someone has managed to set up a subdomain of scot.nhs.uk, which should be under NHS Scotland's control.

"The most obvious way I can think someone would have done that is to steal credentials of a system admin, access the DNS controller, and add in the redirect from a URL that looks like it could be a particular GP surgery but actually isn't. That suggests a deeper penetration than just one surgery being hacked. It also means that the usual users of that GP's website won't have noticed anything, so how long it's been there, who knows."

Because the nhs.uk and scot.nhs.uk domains are closed, an everyday cybercrook cannot simply register a copycat of a GP practice within these namespaces and begin hosting questionable content.

Registering a website using these namespaces requires official authorization through the NHS directly, so the question for NHS Scotland is how a domain under its control was apparently compromised.

The same applies to DNS record changes, and NHS domains are also eligible for protection under the UK NCSC's Protective DNS scheme, although each public sector organization must apply for it, rather than it being applied automatically.

REG AD

Hatter told The Register: "My guess is this could be a DNS attack of some sort or a compromised WordPress setup, which is more likely."

Domain Information Groper (dig) queries show that the NHS domains are correctly and safely pointing to WP Engine, suggesting the compromise was on the WordPress side.

Hypothetically, if the hijackings were caused by exploitation of a plugin vulnerability, for example, it would hardly be the first time something like this had transpired as a result.

"In my opinion, it is quite possible other NHS Scotland practices are vulnerable to this attack," Hatter added. ®