---
title: "Cybersecurity Updates For The Week 11 of 2020 | Phish Protection"
description: "Here are the weekly news headlines from the cyber world that will leave you astounding and compel you to rethink your phishing attack prevention measures: Hong."
image: "https://phishprotection.com/og/blog/cybersecurity-updates-for-the-week-11-of-2020.png"
canonical: "https://phishprotection.com/blog/cybersecurity-updates-for-the-week-11-of-2020/"
---

Quick Answer

Here are the weekly news headlines from the cyber world that will leave you astounding and compel you to rethink your \*\*phishing attack prevention\*\* measures:

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-11-of-2020%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20Updates%20For%20The%20Week%2011%20of%202020&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-11-of-2020%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-11-of-2020%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-11-of-2020%2F&title=Cybersecurity%20Updates%20For%20The%20Week%2011%20of%202020 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20Updates%20For%20The%20Week%2011%20of%202020&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-11-of-2020%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2020/03/phishing-attack-prevention-5443.jpg) 

Here are the weekly news headlines from the cyber world that will leave you astounding and compel you to rethink your **phishing attack prevention** measures:

### Cathay Pacific Pays Hefty Fine

Hong Kong’s flag carrier [Cathay Pacific was recently fined $640,000](https://cyware.com/news/cathay-pacific-fined-over-640000-by-uk-officials-for-2018-breach-incident-d6aacdf7) by the UK’s data privacy watchdog. This comes after the airline’s **inability to protect** customers’ personal data from a 2018 security breach. _This breach had exposed the details of over 9.4 million customers, 111,578 of whom were residents of the UK_.

On its part, the airlines said that it is now adopting [phishing prevention](/) measures to enhance its security in data governance, network security and access control, education and employee awareness, and incident response agility. _They have spent extensively on security and have also extended their support to security watchdogs and authorities_.

### Why Avoid Easy Passwords?

The security company F-Secure tells why people must [avoid using weak or default passwords](https://www.zdnet.com/article/these-are-the-top-passwords-hackers-will-try-when-attacking-your-device/?&web%5Fview=true). _F-Secure witnessed a massive rise in threats to the Internet of Things (IoT) devices_. As per their research, if the adversaries **discover a vulnerable** device, they immediately try and gain access to it.

F-Secure informs that hackers usually begin their attempt by trying the obvious passwords such as ‘admin,’ ‘12345’, ‘default,’ ‘password,’ and ‘root.’ UK’s National Cyber Security Centre (NCSC) found in research that the password ‘123456’ was used **23 million times** in breaches.

The UK has recently circulated guidelines asking internet users to use strong and unique passwords as a [phishing protection](/) measure.

### Barenpi Against Fraudulent Transactions

A group of scientist-professors from Lovely Professional University (LPU) in Punjab recently developed a **digital security algorithm** that promises to [prevent phishing attacks](/products/advanced-threat-defense/) and fraudulent online transactions. _The algorithm is known as BaReNPI (after its properties of balancedness, resilience, non-linearity, propagation, and immunity)_. [BaReNPI increases the randomness](https://ciso.economictimes.indiatimes.com/news/novel-algorithm-may-help-prevent-fraudulent-online-transactions/74474239?&web%5Fview=true) in the generation of user-authenticity tests like one-time passwords (OTPs) and CAPTCHA, thereby making it difficult for adversaries to crack compared to **Advanced Encryption** Standard 256 (AES 256).

Lead scientist Geetha G informs that algorithms like BaReNPI are also used by messaging apps like WhatsApp and are a global necessity. _She claims that these algorithms promise better digital security_.

### Mailto Ransomware Uses Windows Explorer

Discovered in August 2019, the Mailto (NetWalker) [ransomware uses Windows Explorer to evade detection](https://www.bleepingcomputer.com/news/security/windows-explorer-used-by-mailto-ransomware-to-evade-detection/?&web%5Fview=true). Mailto targets both home users and enterprise networks and _tries to encrypt all Windows devices connected to the targeted devices_.

_After injecting the payload in a device, Mailto gains control over the compromised device and deletes system shadow copies_. This stops a victim from restoring the lost files. Mailto is still being analyzed, and it remains uncertain whether there are any weaknesses in its **encryption algorithm** that can be exploited to decrypt locked files. Protection from Mailto (NetWalker) can be achieved by conducting thorough research on the malware and its characteristics.

### Cyberattack Hits Coastal Bend College

The [Coastal Bend College has been shut](https://www.kristv.com/news/local-news/coastal-bend-college-closed-by-possible-cybersecurity-threat?&web%5Fview=true) since this Monday due to a cybersecurity threat, and it shall remain closed till Friday, 6th March 2020\. 

The school notified students about the incident via a Facebook post where _they mentioned that a network disruption had infected their phones, website, and other systems_. It further informed the students that they’d extend deadlines for assignment submissions and payment plans.

![Phishing attack prevention](https://media.mailhop.org/phishprotection/images/2020/03/phishing-attack-prevention-5443.jpg) 

To ensure [protection from phishing](/), the school has hired a cybersecurity firm. Further updates are to be available only when the operations of the college are restored.

### No Messing With US Elections

The leader of US Cyber Command (branch of the Department of Defense) Gen. Paul Nakasone announced that what happened in the 2016 presidential elections [will not happen this time](https://thehill.com/policy/cybersecurity/486025-us-cyber-command-leader-says-election-security-is-the-agencys-top?&web%5Fview=true). Two hundred forty-four days away from the 2020 presidential elections, _every [anti-phishing protection](/office-365-phishing-protection/) measure is being taken to ensure election security_.

Leaders from various federal agencies are warning citizens to be careful against foreign influence campaigns on social media. They claim that _preparedness to election threats has never been more robust_.

### \*\*\*\*Ryuk Attack On EMCOR Group

The US-based Fortune 500 Company EMCOR Group announced on its website three weeks back that [ransomware has brought down some of its systems](https://www.zdnet.com/article/ryuk-ransomware-hits-fortune-500-company-emcor/?&web%5Fview=true). This attack has been identified as a Ryuk **ransomware attack**, which brought down the company’s systems on 15th February.

Although not much was disclosed about the attack, _the company assured that no employee or customer data had been mishandled_. They are now adopting [anti-phishing solutions](/products/advanced-threat-defense/) to restore their systems. It is unclear whether they have paid the ransom or are restoring from backups.

### EternalBlue Remains A Threat

The exploit that leaked three years ago, [EternalBlue is still a significant threat](https://www.darkreading.com/vulnerabilities---threats/eternalblue-longevity-underscores-patching-problem/d/d-id/1337233?&web%5Fview=true) to unpatched Windows servers surfing the Internet. Although the vulnerability rate has decreased significantly, still, _at least a 100 sources use it to attack systems every day_. These findings of the cybersecurity firm Rapid7 suggest that over **600,000 servers** still allow Server Message Block (SMB) connections on the Internet.

Chief Data Scientist for Rapid7, Bob Rudis says that _malicious actors always find ways to do what they want and that there is no escaping them_. He adds that there is **no way to secure** the running of SMB on the Internet. Chief Technology Officer of the security firm, McAfee, Steve Grobman, adds that the **anti-phishing** measures are not at par with the existing and rising vulnerabilities.

![Phishing prevention best practices](https://media.mailhop.org/phishprotection/images/2020/03/phishing-prevention-best-practices-5443.jpg) 

### Data Breach At J.Crew

Specialty retail company [J.Crew underwent a data breach](https://www.scmagazine.com/home/security-news/j-crew-says-year-old-breach-exposed-customer-account-info/?web%5Fview=true) about a year ago, which was concealed from customers until recently. _The breach exposed the login credentials and personal information of users_, such as the last four digits of their payment cards, expiration dates, card types, billing addresses, and other minute details like order numbers, shipping confirmation numbers, and shipment status.

To ensure [protection against phishing](/), J.Crew has disabled affected accounts and asked customers to get in touch with J. Crew Customer Care Center to reset their passwords. _They claimed that no additional customer information had been compromised_.

### Data Breach Throws Zynga Inc. In Trouble

Two litigants have filed a lawsuit against the gaming company Zynga Inc. for [failing to safeguard the personal information](https://www.infosecurity-magazine.com/news/zynga-facing-lawsuit-over-data/?&web%5Fview=true) of players. _This data breach exposed the details of 173 million users_. The company hasn’t been direct in informing users of the breach and only hinted at the breach in its posts online. 

The litigants (one of whom is a minor) mentioned in the lawsuit that the player details like usernames, email addresses, login IDs, password reset tokens, Facebook IDs, Zynga account IDs, and passwords stored with **outdated cryptography** have been affected in the breach.

They further added that Zynga misguides users of having subscribed to sound [phishing protection](/) service but are _only concerned about their reputation and safety in reality_.

### Protect Your Organization

- [Learn how phishing attacks work and how to spot them](/learn-what-is-phishing/)
- [See how Phish Protection blocks threats in real time](/anti-phishing-tools/)

## Topics

[ Announcements ](/tags/announcements/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Intermediate 5m  Cybersecurity Updates For The Week 33 of 2022  Aug 22, 2022 ](/blog/cyber-security-news-update-week-33-2022/)[  Intermediate 6m  Cybersecurity Updates For The Week 41 of 2022  Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[  Intermediate 5m  Cybersecurity Updates For The Week 1 of 2021  Jan 1, 2021 ](/blog/cybersecurity-updates-for-the-week-1-of-2021/)[  Intermediate 6m  Cybersecurity Updates For The Week 1 of 2022  Jan 7, 2022 ](/blog/cybersecurity-updates-for-the-week-1-of-2022/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity Updates For The Week 11 of 2020","description":"Here are the weekly news headlines from the cyber world that will leave you astounding and compel you to rethink your phishing attack prevention measures: Hong.","url":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-11-of-2020/","datePublished":"2020-03-13T05:10:49.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2020-03-13T05:10:49.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-11-of-2020/"},"articleSection":"intermediate","keywords":"Announcements","wordCount":1120,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2020/03/phishing-attack-prevention-5443.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Cybersecurity Updates For The Week 11 of 2020","item":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-11-of-2020/"}]}
```