Security Queens Hello World!
May Newsletter

Can we call it summer yet? The weather says otherwise in the UK...

But fear not, sunnier days are coming (we hope) and we can get the barbecues out, kick back and enjoy some well deserved summer holidays. 

A small update from the Queens, we'll be soon returning to our usual monthly posts - starting with a mystery topic from Sophia published on the 7th of June!

Sophia is also talking at BSides Cheltenham, debuting her first Threat Intelligence talk to hit the conference circuit. If you can't make it to BSides Cheltenham you can also catch her at BSides Exeter in July. As many of you know, Sophia and Sarah help manage the Ladies of Cheltenham Hacking Society. The LCHS crew will be hosting a summer social soon, keep an eye on Meetup for details. 

Moving onto industry news, a few things have been happening in the cybercrime space over the past few weeks. 

Hot off the press, an infamous hacking collective claims to have 1.3 terabytes of customer data stolen from entertainment giant Ticketmaster. The data is for sale on a popular clear web hacking forum, and ShinyHunters claims to have the details of 560 million Ticketmaster customers in 16 different folders and files, each dozens of gigabytes in size.

ShinyHunters also claimed to have stolen the details of 30 million Santander customers and listed them for sale on the dark web. The data supposedly includes 6 million account numbers and balances, 28 million credit card numbers, HR employee lists, and more.

A new North Korean hacking group is targeting software companies and defense firms with custom ransomware variants and several elaborate scams. Microsoft said this week that the hacker group it tracks as “Moonstone Sleet” is using several new tactics not previously seen among North Korean groups.The group has targeted individuals as well as organizations involved in the IT, education and defense industrial base sectors, according to the report.

A vulnerability has been discovered in a TP-Link gaming router that exposes users to remote code attacks. A maximum-severity security flaw has been disclosed in the TP-Link Archer C5400X gaming router that could lead to remote code execution on susceptible devices by sending specially crafted requests. The vulnerability, tracked as CVE-2024-5035, carries a CVSS score of 10.0. It impacts all versions of the router firmware including and prior to 1_1.1.6.

A major breach to occur earlier in the month, China has been suspected of hacking a Ministry of Defence payment system. Officials in Westminster reportedly suspect China was behind a hack affecting a third-party payment system used by the British armed forces. It is reported that the incident affected a payment rather than payroll system. Details suggest the system, which was operated by a contractor and not part of the MoD’s protected networks, held names and bank details and in some cases personal addresses.

In a combined international effort, the 911 S5 botnet was taken down by the FBI. The FBI and international partners say they have dismantled a massive botnet that had infected more than 19 million IP addresses across 200 countries and was used for years to conceal cybercrime. The 911 S5 botnet’s alleged administrator, Chinese national YunHe Wang, was arrested on May 24th and faces up to 65 years in prison.

And that's a wrap for this month!

As always you can find our most recent posts below...

Lots of love,

The Security Queens xxx

👸🏼👸🏻

Twitter LinkedIn Youtube Instagram
Modify your subscription    |    View online