Security Queens Hello World!
May Newsletter

Time has flown by the past month, and we can't believe we are nearly halfway through 2022!

To kick start this month's newsletter, another gentle (but final) reminder that Cheltenham Science Festival is rapidly approaching and is only round the corner (next week!). Sophia will be speaking about car hacking in the Helix Auditorium @ 7pm on 07/06, you can grab tickets for her talk on the festival website. 

After careful consideration, both Sarah and Sophia have decided to take a small blog post break over July and August to take a breather and enjoy a few holiday breaks to recharge before Autumn. Have no fear, Sarah will still be posting in June - and we will both be back in full force from September! 

You may have also spotted Sophia on the TV recently on Channel 4's Hunted... We are now halfway through the series (catch-up available on All4 in the UK) and you can catch the final two live episodes on Sunday and Monday.

BSides Cheltenham are doing their second ticket release on June 10th @ 1pm BST - don't forget to set your alarms, as the Queens are hoping to drop by (if we manage to nab some tickets too...) 

And finally, we are truly humbled to announce that we have been nominated for FOUR categories at this year's European Cybersecurity Blogger Awards:

  • Best Technical Blog
  • Best Personal (Non-Commercial) Blog
  • Most Educational Blog for User Awareness
  • Most Entertaining Blog

We could not have done this without the support of our followers the past three years, so from the bottom of our hearts - thank YOU. 

Moving onto industry news, a new Microsoft Office Zero-Day was recently discovered in the wild. The flaw in Microsoft Office allows attackers to achieve arbitrary code execution, without the need for enabled macros, on all affected Windows systems.

Car maker General Motors has confirmed that it suffered a cyber attack which exposed vehicle owner data. Data such as customer names, usernames, email addresses, as well as family members tied to customer accounts were exposed in the breach which was identified to be a credential stuffing attack. 

A topic that has been of increased interest in recent years, the global food supply chain remains at risk from malicious hackers. Experts are warning that "smart" farm machinery, such as autonomous harvesting robots and crop sprayers, remain vulnerable to hackers. Agricultural giant John Deere has subsequently reported that they are protecting their customers, machines and data as a "top priority".

If you want to read more about cyber security in the agricultural space, a few years ago Sophia contributed to an agriculture research piece which you can find here

Recently the FBI warned that hackers are selling credentials for U.S. college networks. Criminals are offering the credentials for thousands of U.S. dollars, and are actively advertising on cyber criminal online forums as well as marketplaces on the dark web. 

Only a few weeks ago, a new malware kit has been uncovered that targets industrial control systems. The malware kit, dubbed as "Pipedream", has been described as the "Swiss Army Knife" for hacking industrial control systems, such as those seen in critical national infrastructure like power grids and oil refineries. 

And finally, an ethical hacker recently earned a record $10 million bug bounty reward after discovering a critical vulnerability in the Wormhole core bridge contract on Ethereum. Wormhole is a universal message-passing protocol that enables interoperability between blockchains. The vulnerability discovered could have "held the entire protocol to ransom with the threat that the Ethereum Wormhole bridge would be bricked, and all the funds residing in that contract lost forever". At the time of the bounty submission, $736 million worth of assets were residing in the contract. 

As always you can find our most recent posts below... 

Lots of love,

The Security Queens xxx


Smashing Stacks and All the Hax
Estimated difficulty: πŸ’œπŸ’œπŸ’œπŸ’œπŸ€ Hulk, smash? Stacks, that is! Welcome to another strictly hax-themed blog, and something a little out of my comfort zone I must say – so if there…
Understanding Unix File Permissions
Estimated difficulty:  πŸ’šπŸ€πŸ€ If you are a newbie in security and want to start learning about Unix, then this is a great post for you. This will be a quick…
Zoning Out: An Introduction to DNS Zone Transfers
Estimated difficulty: πŸ’œπŸ’œπŸ€πŸ€πŸ€ DNS (Domain Name System) zone transfers are used to help replicate databases across different domain servers, allowing administrators to modify or edit records easily by implementing the…
Twitter LinkedIn Youtube Instagram
Modify your subscription    |    View online