Where is this year going? May has flown by and we are starting to feel the summer sun! We hope that all our UK based readers have managed to soak up some of the rays this bank holiday.
This month has been busy for the Queens, as it was our first month being fully-fledged consultants! It has been full steam ahead, but we are loving every second of it.
Not only that, but we have had the pleasure of delivering a talk on the OWASP Top 10 for the OWASP Newcastle chapter. And the conference bug has bitten us, with Sophia on the main track for CyNam, and Sarah doing a breakout session with the lovely Ladies of Cheltenham Hacking Society in June!
But, alas, with the good comes the bad; so here are our security highlights this month...
One of the biggest articles to hit our screens was news of the Irish health care system being targeted twice by hackers. One hospital's IT systems had to be shut down due to a ransomware attack. Luckily it was reported the covid-19 vaccine program had not been affected.
The NCSC issued new guidance when it comes to security considerations when building smart cities. A beautiful document has been put together to help explain the best practice to design and build a smart city.
Furthermore, it looks like the attacks on the healthcare systems continue. Vastaamo, a Finish therapy centre had a serious data breach. Highly sensitive data, such as medical records, was stolen and released; the remaining captive data was also threatened to be leaked unless a ransom was paid. In some cases, patients were contacted and blackmailed.
Not only have healthcare systems been targetted, especially during a pandemic, there has also been a rise in SMS-phishing and scam text messages. It was reported that most notably Royal Mail and delivery companies have been used as a rouse to con a vast and easily accessible number of people, leading to potential data disclosure from the victim. Few perpetrators are caught after carrying out these attacks.
On a slightly different note, security researchers have been tracking the activity of the Lemon Duck hacking group, and their use of the new flaws found in Microsoft Exchange servers. Cryptocurrency mining and the deployment of malware for command and control are just a couple of the things this hacking group may exploit these flaws for.
And to end on a "sweet" note, a hack has been found for McFlurry machines to bypass their cleaning/ sanitization checks. McDonalds are aware of this issue and have issued training and do not authorize the use of machines if not cleaned properly. Let's hope you aren't eating one right now whilst reading this...
We hope that everyone has had a much-needed bank holiday break. Roll on Summer!
You can find our most recent blogs below.
Lots of love,
The Security Queens xxx