Security Queens Hello World!
September Newsletter

Welcome back to another light and fluffy newsletter, brought to you by the Security Queens! September went by in a flash and we are evermore closer to Christmas... or should I say Halloween... ;) 

The Queens have been busy this month, as we have now started talks with the Ladies Hacking Society about collaborating/ taking over their Podcast! Furthermore, Sophia has been hard at work chasing people on HUNTED and Sarah has managed to reach the second round of eliminations for her BSides London Workshop submission. 

Now let's get into it! The news has been ripe this month, like most months with Security flaws and faux pas'. It was mentioned in the BBC news article that there was a security breach by the MoD, where an email was sent distributing personal information of the Afghanistan translators. Translators based in Afghanistan were worried about their personal safety.

More recently a vulnerability has been discovered in the Apple pay Express Transit functionality, where unauthorised users may be able to make a payment through an iOS device without needing to authenticate with their connected Visa cards. Visa has been informed about the vulnerability.

Furthermore, for this month, The Register reported that there has been an increase in attacks against RDP endpoints. Brute force attacks have grown against predictions of it slowing down. The ESET threat report makes the link that the attacks and other cybercrime activity may be linked to COVID-19 and the majority of countries being in a lockdown.

On a more upbeat, friendlier note, the mobile traffic application Waze has implemented a feature for users to inform others about if a petrol station is out of fuel or not. This may be handy for all who drive (including our car-crazy Sophia) who may need to commute, or just enjoy a drive out every now and then.

We hope you have a great October and enjoy your prep for Halloween, we will be here to bring some spoooookkkyyyy news to you then.

Lastly, a friendly reminder that you can find our most recent blog posts below...

Lots of love,

The Security Queens xxx


Tickets Please: Kerberoasting 101
Estimated difficulty: πŸ’œπŸ’œπŸ’œπŸ’œπŸ€ So as my own personal learning journey into the land of mad hax, I thought I would document something Windows-y for a change (something completely out of…
There Ain't No Party Like an EC2 Party: Securing Your AWS Instance
Estimated difficulty:  πŸ’œπŸ’œ 🀍 🀍🀍 In this post, we are slightly diverging from the original MOBster series and taking a look at Amazon Web Services (AWS). This is the first…
Drop it Like it's Hot: SQLi 101
Estimated difficulty: πŸ’œπŸ’œπŸ’œπŸ€πŸ€ Continuing our journey into the land of web hax, this week (as requested by the world of Twitter) we are covering SQL injection basics. What is SQL?…
Twitter LinkedIn Youtube Instagram
Modify your subscription    |    View online