April Newsletter - We're Back!

Hello World!

            April Newsletter - We're Back!        

Gird your loins... Security Queens IS BACK!

As we celebrate 4 years since the birth of Security Queens, Sophia & Sarah are excited to announce the relaunch of the blog after a much deserved break and pressing pause on all things SQ.

We would like to thank everyone that has supported us so far, and of course welcome new followers as we continue our journey with the blog and brand!

Moving onto industry news, a new law has been introduced that manufacturers of consumer ‘smart’ devices must comply with from April 29th. The law, known as the Product Security and Telecommunications Infrastructure act (or PSTI act), includes requirements such ensuring smart devices are not supplied with default passwords.

Recently, a new vulnerability was discovered in the R programming language which could be exploited as a supply-chain attack. The vulnerability can be used to create a malicious RDS (R Data Serialization) file that results in code execution when loaded and referenced.

North Korea's Lazarus Group have deployed a new RAT via fake job lures. The remote access tool, dubbed Kaolin RAT, has been delivered as part of attacks targeting specific individuals in the Asia region in summer 2023.

Earlier in the month, MITRE says state hackers breached its network via Ivanti zero-days. The MITRE Corporation says that a state-backed hacking group breached its systems in January 2024 by chaining two Ivanti VPN zero-days. The incident was discovered after suspicious activity was detected on MITRE's Networked Experimentation, Research, and Virtualization Environment (NERVE), an unclassified collaborative network used for research and development.

A March cyber attack is being blamed for street lights being on all day in Leicester. In a statement by the city council, it was reportedly "due to a technical issue connected to the recent cyber attack" which meant they were "currently not able to remotely identify faults in the street lighting system".

And finally, over 90,000 LG Smart TVs may be exposed to remote attacks following the discovery of four vulnerabilities impacting multiple versions of WebOS, including the operating system used in LG smart TVs. The flaws enable varying degrees of unauthorised access and control over affected models, including authorisation bypasses, privilege escalation, and command injection

We're stoked to be back, and we hope that you'll continue to enjoy our content in the months to come!

As always you can find our most recent posts below...

Lots of love,

The Security Queens xxx

Phishing : Analysing a Phishy

Estimated difficulty: 💜🤍🤍🤍🤍 I am sure many of you have heard of the term ‘phishing‘. Phishing is a form of social engineering, where the campaign is likely to pose as…

Under ATT&CK: An introduction to MITRE ATT&CK

Estimated difficulty: 💜💜🤍🤍🤍 Welcome to another blog focusing on my journey into Threat Intelligence, this time introducing the MITRE ATT&CK framework and the concept of Tactic, Techniques and Procedures (TTPs).…

Advent of Code: Day 1

I assure you, it’s not Christmas yet! However, it has recently been on my TODO list to learn Python. Advent of Code is a great platform that creates challenges for…

Modify your subscription | View online