Happy April! We're now a quarter of the way into 2021, and so much has happened already!
To kick things off, we are incredibly happy to announce that on the 10th of April we celebrated 1 year of Security Queens! 10th of April 2020, we posted our first ever blog post "I'm in Chroot Jail, Get Me Out of Here!" and we've posted over 30 blogs since. In the short space of one year, we've been awarded "Best New and Up-and-Coming Blog" at the European Cyber Security Blogger Awards, grown our following of security folks around the globe and apparently been dubbed "cybersecurity influencers" by Reddit (we're confused too).
We say this all the time, but it's only because we really mean it - thank you so much for supporting us and our brand as we continue to grow and support fellow people in security! Here's to more years to come, and hopefully IRL conference talks too... *ehem BSides London*.
We would also like to remind our followers that we now have merchandise available to purchase from our RedBubble store. All profits from the sales are going to charity or to help setup a Security Queens access fund to help individuals around the world get to security events and conferences.
Moving onto industry news, it's been a little quieter this month - but still plenty of juicy gossip to share.
Early in the month, and probably one of the biggest things to happen in April, Facebook announced that the data of 533 million users were leaked online. The data leaked included phone numbers, full names, email addresses and other personal data. Most the data was posted for free, making it accessible for virtually anyone on the web.
Interestingly, it was recently reported that a flaw in SMS meant that texts could be intercepted and rerouted to attackers. In one instance a victim reported that a hacker used an SMS mass messaging and marketing tool called Sakari to reroute all her messages to the attacker, so she never received them.
In other news a malware author reported that they earned $560,000 writing a simple clipboard hijacker. The malware was written to search for text strings in the format of cryptocurrency addresses, with the aim to replace the user's copied cryptocurrency address with the attacker's so that victims unknowingly sends funds to the attacker. The attacker made profits of over $560,000 over a range of cryptocurrencies including Bitcoin, Dogecoin and Ethereum.
As the globe was locked down due to COVID-19, many people opted to buy smart devices for their homes. Following a surge of sales due to the pandemic, the UK government has issued new cyber security laws to protect smart device users. Laws include banning the use of default credentials and vendor clarity of when security updates for a device will be stopped.
Recently Argentina accidentally lost the country's Google domain when one of it's citizens bought it $5. Due to a clerical error, the domain became available after the ownership expired the same day it was bought. This caused a temporary disruption to the search engine, but Google Argentina soon successfully recovered the domain.
A few days ago hackers threatened to leak US police informant data following an attack on Washington DC's Metropolitan Police Department systems. The attack was supposedly carried out by the ransomware group Babuk who threatened to release the data if they were not contacted within three days. The FBI is investigating the extent of the breach.
Finally, to finish this month's news roundup, M15 have recently warned LinkedIn users to be wary of spies using the platform to trick staff into spilling secrets. At least 10,000 UK nationals have been approached by fake profiles linked to hostile states over the past five years.
As always, you can find our most recent blogs below...
We both wish you a wonderful Bank Holiday weekend (don't forget to treat yourself to some R&R time)
Lots of love,
The Security Queens xxx