Security Queens Hello World!
End of Year Newsletter (November/December)

Time has absolutely flown the past few weeks and months, and it appears we forgot to issue our November newsletter!

The Queens have been very, very, very, busy as of late and it completely slipped our mind - please accept our apologies. However, this does mean you get a mega-newsletter to round of this year - and just in time for Christmas too.  

Firstly, we are super excited to report that our first ever Security Queens conference talk at #BSidesLondon2021 went absolutely fabulously. We really enjoyed ourselves and received a lot of good feedback. Do not fear if you missed it, it should be soon published on the interwebs - and as with all of our talks we will post it on our Talks & Conferences page. 

Sophia recently was also a Top 21 winner of IT Security Guru's "Most Inspiring Women in Cyber" awards of 2021. Originally shortlisted to a group of 30, she is extremely humbled to have been acknowledged as an inspiring woman in cyber security. 

Moving onto industry news, a lot has happened the past few weeks... 

Probably the hottest thing to happen was the recent release of the Log4j vulnerability which has left most the internet exposed. Apache have recently released fixes for the zeroday which actively affects the Log4j logging library that is wisely used across the internet. Exploiting this vulnerability could allow an attacker to weaponise and execute code to allow a complete takeover of a system.

Swedish automotive manufacturer Volvo reported a data breach and theft of company R&D data. Volvo have reported that no customer information was affected by the breach, and that they are liaising with third-party providers to find the root cause of the compromise. 

Tech giant Google have recently sued a Russian cybercriminals over allegations of a botnet that has stolen user information from around the world. The botnet, named Glupteba, has infected over a million computers and has been used by criminals to obtain private data. 

Remember the US pipeline hack that happened earlier this year? Last month the US government offered a $10 million for any information about DarkSide, the hacking group that was deemed responsible for the ransomware attack that shutdown the 5500 mile long pipeline across the east coast. The bounty has supposedly been offered to anyone that can provide information that can lead to the identification or location of the individuals responsible for the attack.

As we adapt to a new COVID-world, cyber attacks have reached an all time high in the UK primarily targeting vaccine research for COVID-19. The National Cyber Security Centre (NCSC) had to tackle a record 777 cyber incidents across the last year, reporting that a number of those incidents were linked to hostile states such as Russia and China. 

And finally, from both Sarah and Sophia we wish all our followers and supporters a very Merry Christmas and relaxing festive period and holiday season. 

We can't thank all of you enough for supporting us on our journey so far, we both have amazing things planned for 2022 - and it's only onwards and upwards from here!

We also appreciate this time of year can also be difficult for some. If you do need any additional support over the holiday season, please find a few UK-based hotlines below.


Stay safe, happy holidays - and don't forget to stock up the mince pies and mulled wine in the run up to Christmas! #12DaystoGo

We'll be back in January with our blog posts and regular end of month newsletters. 

As always, you can find our recent posts below. 

Lots of love,

The Security Queens xxx


There Ain't No Party Like an EC2 Party: Creating Your Website
Estimated difficulty: πŸ’œπŸ’œ 🀍 🀍🀍 So you have decided to host a website on your EC2 instance? Samesies! If you still aren’t sure where to start with hosting, then check…
Tickets Please: Kerberoasting 101
Estimated difficulty: πŸ’œπŸ’œπŸ’œπŸ’œπŸ€ So as my own personal learning journey into the land of mad hax, I thought I would document something Windows-y for a change (something completely out of…
There Ain't No Party Like an EC2 Party: Securing Your AWS Instance
Estimated difficulty: πŸ’œπŸ’œ 🀍 🀍🀍 In this post, we are slightly diverging from the original MOBster series and taking a look at Amazon Web Services (AWS). This is the first…
Twitter LinkedIn Youtube Instagram
Modify your subscription    |    View online