Hello everyone - Happy New Year!
Welcome to your first Security Queens newsletter of 2021.
Despite the pandemic we hope that you enjoyed the festive period, and that 2021 has treated you well so far. Firstly a few announcements from the Queens...
As you may already know, at the start of January we made the decision to change our blog posting frequency from once a fortnight to once a month. Our blog posts will now be posted on the first Friday of every month. As we both move into the world of full-time work - we wanted to preserve the quality of our posts whilst still providing you with your regular SQ fix!
We are thrilled to announce that we will be hosting a breakout session with the Ladies of Cheltenham Hacking Society at the next CyNam event in March. We are really excited for this event, so be sure to grab your tickets here!
We were both also recently featured in a promotional video for the Golden Valley Development in Cheltenham. You can watch the full video here.
In other news, Sophia has also been accepted to deliver an excerpt of her dissertation about hacking autonomous vehicles at the IEEE EDUCON conference and was recently awarded "Alumni of the Year in Professional Excellence" by her old school in Singapore, Tanglin Trust School.
Moving onto industry news, early in the month T-Mobile reported a data breach that affected about 200,000 of it's customers. The breach reportedly happened in December, and confirmed that customer account information was affected.
A continuation of news from the FireEye breach disclosed at the end of last year, it has recently been reported that SolarWinds was initially warned about a breach as early as 2017. It was disclosed by a former security advisor for SolarWinds that the company ignored recommendations to improve internal security.
In more nostalgic events, Adobe Flash Player finally reached it's end of life after being released in 1996.
Ticketmaster were recently fined for hacking a rival company. They were fined $10 million and admitted that several employees used unlawfully obtained passwords to try to gain advantage over their competition.
As the world continues to battle COVID-19, the NHS has reported that scams and fraudsters are on the rise. One scam informs victims that they are eligible for a vaccine, and attempts to steal bank details as a "form of identification". The NHS recently published information to disregard any form of vaccine invitation that requires confirmation of personal details or bank information.
In other news, major Japanese car manufacturer Nissan reported that source code for their mobile app and internal tools were leaked online following an insecure configuration of a Bitbucket Git server. The server was allegedly running the default credentials of admin/admin.
As many school children continue to learn from home and virtual learning continues to rise, the UK government recently mistakenly distributed malware infected laptops to vulnerable children. After suspicious files were flagged, it was discovered that the laptops contained the Russian malware Gamarue which was identified by Microsoft in 2012.
One of the most exciting things to happen this month, global botnet EMOTET was taken down as a result of a collaborative effort between several countries and agencies. First discovered in 2014, the EMOTET infrastructure has remained pinnacle in supporting cyberciminals throughout the years.
Only a few days ago Miss England reported that their Instagram account was hacked via. a sophisticated online scam. The pageant organiser was sent a fake message impersonating the administrators of Instagram, and was asked to confirm her phone number and forward the code that was sent to her mobile. The next day the account was held for ransom in exchange to release the account, but fortunately the hacked account has now been secured by the social media platform.
To finish off our industry news roundup, Sepa reported that more than 4,000 files were stolen from their digital systems on Christmas eve. Sepa reportedly rejected the ransom demand, and the data has since been put on the dark web. Data stolen included contracts, strategy documents and databases.
As always, thank you for reading - and if you've missed any of our recent posts, you can check them out below!
Lots of love,
Security Queens xxx