Hello everyone - welcome to your September newsletter.
We hope you're all healthy and managed to make a little something of the strange summer we had this year.
On a lovely opening note, well done and good luck to Sarah and Sophia who started their graduate roles as Junior Security Consultants this month! It's a strange time to be starting a new job (as we're sure some of you have, too) but we find out how capable and resilient we are during times of difficulty, and we're all very grateful for the opportunities and support we've had so far.
We have a couple of things coming up that we're pretty excited about - firstly, @AbertayHackers have kindly invited us to speak (virtually) at their HackSoc meeting on the 30th of September, and we absolutely can't wait. We're also looking forward to Cybersecurity Awareness Month in October, and planning a couple of topical blogs to help educate people outside the security industry.
More broadly in the security industry, a few interesting things have happened recently. At the end of August a critical bug was disclosed (involving XSS and HTML injection) found in the desktop Slack app that allows remote code execution (RCE), and access to private channels, conversations, tokens, and so on. It affects versions older than 4.4, so as long as you're running the latest version you should be okay.
Microsoft have developed a deepfake detection tool called Video Authenticator, in an effort to combat disinformation and content manipulation. The current version analyses content and provides a confidence score about the data integrity of the content, but to future-proof this, they've also created a second tool that adds a certificate to the metadata of media so it's easier to identify deepfakes.
On a lower note, a German hospital was hit by a ransomware attack, resulting in the tragic death of a woman in need of urgent medical attention. On investigation it appears the attackers hit the hospital by mistake, and had actually intended to target the university associated with the hospital. When Duesseldorf police informed the attackers they'd compromised the hospital and endangered lives, the attackers provided a decryption key, and withdrew the extortion attempt. This is the first recorded, attributable death resulting from a ransomware attack - including the widespread WannaCry attack in May 2017.
The former Prime Minister of Australia, Tony Abbott had his passport and phone number compromised after posting a picture of his boarding pass on Instagram. Quantas airline, who Abbott had flown with, only required a booking reference and surname to log into their website - but they say they've fixed this since.
Europol led another successful operation culminating in a dark web drug raid, during which 179 arrests were made, 500kg of drugs, and 64 guns have been seized. This follows a similar event in July where the French and Dutch police arrested over 700 people, confiscating 2 tonnes of drugs and a similar amount of weapons.
Plenty more happened this last month, like this Center Parcs scam on Facebook that was shared by 17000 people within a few hours, and the launch of the new NHS Scotland Test and Protect contact-tracing app, which looks at first glance to be in better shape than previous attempts in England.
In case you missed it, 44Con and BSides London have both been cancelled. The event organisers have sensibly evaluated the current landscape and the impending second wave, and have made the reluctant decision to cancel both conferences for 2020 to ensure the safety of attendees. We're of course really disappointed - all three of us had plans to speak or deliver workshops at BSides London this year - but safety comes first and we'll make up for it in 2021.
Lastly, you might have noticed that we recently changed our post frequency. We'll be blogging every two weeks for the foreseeable future, so that we can balance our jobs, other projects and talks (hopefully), and write more interesting content. If you missed any of our recent posts, you can check them out below.
Lots of love,
Security Queens xxx