Security Queens Hello World!
July Newsletter

Hello, hellooo! It's now July and whilst the UK has been turning into an island-sized sauna (with temperatures reach over 30 degrees Celsius!) the Queens have been rather busy this month, with unfortunately not much to report...

Sarah and Sophia are enjoying their lives as newly found consultants - it's hard to believe that it's been a year since they finished university. Nevertheless, the learning journey continues - and it's great to finally be a professional in a subject that the Queens both love. 

Onward to our industry news roundup, it was reported that over 700 million LinkedIn accounts were allegedly put up for sale following a data breach that affected nearly 92% of it's users. 

Gaming mega-giant EA has recently faced huge criticism for ignoring domain vulnerabilities that left the company exposed to attackers. Despite being warned in December 2020 by numerous security researchers, EA ignored warnings and continued to fall victim to a series of large data breaches. 

In other news, a series of high-level vulnerabilities were identified by researchers leaving over 30 million Dell devices at risk for remote BIOS attacks and remote code execution. Four separate security bugs would give attackers almost complete control and persistence over targeted devices, thanks to a faulty update mechanism. 

Swedish supermarket chain Coop suffered a "colossal" cyber-attack due to ransomware. More than half it's stores were affected by the attack, leading to outages in their Point-of-Sale (POS) systems and self-service checkouts. 

Criminals are now using malware-laced games to secretly mine cryptocurrency without users knowing. Crackonosh, a recently founded cryptomining software, has been embedded into copies of popular games that have been given away for free in forums. Criminals have reportedly made more than Β£1.4 million. 

REvil are back at it again, as the Russian-based ransomware syndicate claim to be behind a huge ransomware attack demanding ransoms of $70 million USD. The gang originally broke into information technology firm Kaseya, paralysing hundreds of firms worldwide. 

Recently authorities raided a Ukrainian cryptocurrency mine that was allegedly stealing electricity to power the mining farm. Over 3,800 Playstation 4s were discovered alongside other hardware and gaming consoles. In total 5,000 devices were seized including graphics cards, phones, flash drives and processors. 

Moving on to slightly different news, in an attempt to improve accuracy in a video game - the Official Secrets Act was breached. Classified documents detailing the specifications of the Challenger 2 Tank in video game War Thunder were leaked online by a user wanting to suggest improvements to game play. This inadvertently broke the Official Secrets Act in over 40 different countries. 

Recently, China has been accused of a cyber-attack on Microsoft Exchange servers. The attack affected approximately a quarter of a million users and affected at least 30,000 organisations globally. 

To round things off, details have emerged about a 16 year old security bug that affects millions of printers worldwide. The high severity vulnerability was found to affect a software driver used in HP, Xerox and Samsung printers and has been undetected since 2005. Assigned a CVSS score of 8.8, the bug issues concerns over a buffer overflow that can be leveraged to execute arbitrary code. 

With the autumn months drawing closer and closer, don't forget to have a little down-time in the forthcoming weeks.

As always, you can find our most recently blog posts below.

Lots of love,

The Security Queens xxx


Drop it Like it's Hot: SQLi 101
Estimated difficulty: πŸ’œπŸ’œπŸ’œπŸ€πŸ€ Continuing our journey into the land of web hax, this week (as requested by the world of Twitter) we are covering SQL injection basics. What is SQL?…
MOBster4: Insecure Authentication
Estimated difficulty: πŸ’œπŸ’œπŸ’œπŸ’œπŸ€ We are continuing on our quest to conquer the OWASP Mobile Top 10, and if you have been following this series then congratulations, you have made it…
Who Ya Gonna Call? DirBuster!
Estimated difficulty: πŸ’œπŸ’œπŸ€πŸ€πŸ€ Need to bruteforce directory names on a web application? Or perhaps you need to find unlisted files on a web server? Who ya gonna call? DIRBUSTER! So…
Twitter LinkedIn Youtube Instagram
Modify your subscription    |    View online