Hello everyone - welcome to your end-of-year review!

The Security Queens have been incredibly busy the past few weeks, with a lot of major changes happening behind the scenes. We are incredibly sad to announce that Morgan has decided to part ways with us to focus on her Masters degree and other personal projects. We wish her all the best for the future, and she will be greatly missed. 

As 2020 comes to a close, a challenging year for all of us - we would like to thank everyone for their ongoing support so far. From first-time bloggers to award-winning newcomers, we couldn't have done it without you! So from the bottom of our hearts, thank you - and we hope that you continue to enjoy our content in the forthcoming months. 

An update on what the Queens have been up to, Sophia and Sarah recently spoke at the Ladies of Cheltenham Hacking Society's Christmas Special where they delivered a talk about the Cyber Kill Chain and it's application to a simulated attack. 

Sophia was also recently on a panel for the BCS Computing At School Autumn Virtual Event, and was an industry judge for Cygenta's CyberVibe cyber security writing competition. 

Moving onto industry news, a lot has happened as we approach the end of a difficult and busy year. The Verge recently reported that cyber attacks originating from Russia and North Korea attacked COVID-19 research for vaccines and treatment. The news comes from a Microsoft blog, and fortunately most of the attacks were blocked. 

More recently, IBM identified another attack of which an international vaccine supply chain was targeted by cyber-espionage actors. The campaign supposedly started in September 2020 and spanned across six countries targeting organisations linked to the supply cold chain. 

In other news, Manchester United football club fell victim to a cyber attack at the end of November. Following the attack, they worked with the National Cyber Security Centre (NCSC) to conduct a thorough investigation into the compromise. Disruption to their systems were reported, however they are not aware of any breach to fan data.

As many events continue to move online in a COVID-world, video-conferencing software is becoming the norm. Recently a Dutch journalist gatecrashed an EU defence video conference after a minister mistakenly posted login details to the event on Twitter.  

Probably one of the biggest news to hit the industry in the past few weeks, well-known US cybersecurity firm FireEye was breached and reportedly had numerous hacking tools stolen that are usually used in offensive security and red team engagements. The incident is being investigated by the FBI, and supposedly has the sophistication of a nation-state actor attack. 

U.S. Officials have also reported that Russian hackers broke into several federal agencies, including breaches in the Treasury and Commerce departments. Officials are currently investigating the incident, and a "hunt" has been launched to determine if other government departments have been compromised. 

A final food for thought, researchers from the National University of Singapore recently conducted an investigation on how robot vacuum cleaners can be hijacked to eavesdrop private conversations in the home. The eavesdropping attack compromises the LiDAR sensors in robot vacuums, and applies signal processing and deep learning algorithms to recover speech from audio data.

From both of us, we wish you a Merry Christmas and a joyous New Year. We hope the festive season brings joy and happiness to you all, and plenty of minced pies and Christmas dinners too! We'll be taking a small break from posts to enjoy the festive season, and we will be restarting from the 8th of January. 

As always, thank you for reading - and if you've missed any of our recent posts, you can check them out below!

Lots of love,

Security Queens xxx

👸🏼👸🏻