Security Queens Hello World!
June Newsletter

Woaaaaah we're halfway there...

Halfway through the year, that is!

Firstly we apologise for the slightly late newsletter for June. It's been an incredibly busy month of hax and general life juggling, but alas - better late than never!

To kick things off, we are truly over the moon to announce that we have won "Most Educational Blog for User Awareness" in this year's European Cybersecurity Blogger awards. Beating big names such as the NCSC and Troy Hunt has left us completely mindblown, but grateful to have been recognised for our efforts in building the Security Queens brand and blog. We have reiterated it a thousand times, but we'll say it again - we are completely and entirely grateful for all our followers and supporters. We couldn't do this without you!

The Queens also recently delivered a STEM session at the Cheltenham Science Festival last month, it was an excellent opportunity to showcase our career journeys and the awesome world of cyber security. Leading from this, we hope to do more school engagements and work in the future. 

A gentle reminder that we are also currently on a small blog post break, taking both July and August off to reboot and recharge. You can still read our previous posts, and we will be back in September ready with some kickass content!

Moving onto industry news, a new family of side-channel attacks dubbed Hertzbleed was recently disclosed. The vulnerability reportedly relies on changes in CPU frequency and presents a real threat to cryptographic software. You can find out more about the vulnerability from the official Hertzbleed website

One of the commissioners of the US Federal Communications Commission (FCC) has asked Apple and Google to remove TikTok from app stores. This is a renewed call from the US FCC, with concerns that "TikTok poses an unacceptable national security risk due to its extensive data harvesting" and "Beijing's apparently unchecked access to that sensitive data". 

Only yesterday the British Army's Facebook and Twitter accounts were hacked to promote cryptocurrency scams, as confirmed by the UK Ministry of Defence. Hackers hijacked the accounts by swapping profile pictures, bios and cover photos to make it seem like it was associated with The Possessed NFT collection. 

An investigation was launched after the California Department of Justice admitted that personal information of thousands of gun owners had been exposed. The data breach temporarily made public the names, birthdays, race, gender, addresses, and other personally identifiable information of owners within the state. 

To round things off, experts have recently issued warnings of an emerging threat of the "Black Basta" ransomware. The Black Basta ransomware-as-a-service syndicate has already targeted 50 victims in the US, Canada, UK, Australia and New Zealand since being identified in the wild two months ago. Black Basta uses double extortion, and is rumoured to be comprised of members belonging to the Conti group. 

As always you can find our most recent posts below... 

Lots of love,

The Security Queens xxx


Shh! Weaknesses In Remote Management Protocols
Estimated difficulty:  πŸ’œπŸ€πŸ€πŸ€πŸ€ Recently I was studying for CRT. To help myself and others revise, I thought I would make this blog post on management protocols and some of their…
Smashing Stacks and All the Hax
Estimated difficulty: πŸ’œπŸ’œπŸ’œπŸ’œπŸ€ Hulk, smash? Stacks, that is! Welcome to another strictly hax-themed blog, and something a little out of my comfort zone I must say – so if there…
Understanding Unix File Permissions
Estimated difficulty:  πŸ’šπŸ€πŸ€ If you are a newbie in security and want to start learning about Unix, then this is a great post for you. This will be a quick…
Twitter LinkedIn Youtube Instagram
Modify your subscription    |    View online