---
title: "Cybersecurity Updates For The Week 14 of 2020 | Phish Protection"
description: "Cybersecurity has never been a dormant field. With the global pandemic affecting nations, cyber-attacks are only rising."
image: "https://phishprotection.com/og/blog/cybersecurity-updates-for-the-week-14-of-2020.png"
canonical: "https://phishprotection.com/blog/cybersecurity-updates-for-the-week-14-of-2020/"
---

Quick Answer

Security experts from DynaRisk discovered a database belonging to the \[Norwegian Cruise Line\](https://www.infosecurity-magazine.com/news/norwegian-cruise-line-suffers-data/?&web\_view=true) on the \*\*dark web\*\* on March 13th. \_The exposed data included clear text passwords and email addresses of company agents\_.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-14-of-2020%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20Updates%20For%20The%20Week%2014%20of%202020&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-14-of-2020%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-14-of-2020%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-14-of-2020%2F&title=Cybersecurity%20Updates%20For%20The%20Week%2014%20of%202020 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20Updates%20For%20The%20Week%2014%20of%202020&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-14-of-2020%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2020/04/phishing-prevention-best-practices-9244.jpg) 

_Cybersecurity has never been a dormant field_. With the global pandemic affecting nations, cyber-attacks are only rising. While [phishing prevention](/) solutions are not 100% effective, they withstand these attacks to a great extent. The following headlines from the past week shall help you judge whether you can still go without good **anti-phishing software**.

### Data Breach Hits Norwegian Cruise Line 

Security experts from DynaRisk discovered a database belonging to the [Norwegian Cruise Line](https://www.infosecurity-magazine.com/news/norwegian-cruise-line-suffers-data/?&web%5Fview=true) on the **dark web** on March 13th. _The exposed data included clear text passwords and email addresses of company agents_.

The breach exposed the details of **29,969 travel agents** on the agents.ncl.eu website, and despite being notified, Norwegian Cruise Line didn’t revert until the fifth day. The attack comes at a time when nations are struggling with Covid 19, and it only adds to the grievances of the affected agents.

![Phishing prevention best practices](https://media.mailhop.org/phishprotection/images/2020/04/phishing-prevention-best-practices-9244.jpg) 

The Norwegian Cruise Lines informed that they are taking all measures to ensure [protection from phishing](/) attacks and are advising their travel partners to remain vigilant.

### Sextortion Scams Back Again

Once again, [Raccoon](https://hotforsecurity.bitdefender.com/blog/sextortion-scam-with-a-twist-lures-friends-into-opening-malicious-attachments-22675.html?web%5Fview=true) is back to cripple people’s devices. _People are advised to stay safe from scams claiming to have nude pictures of your friend’s girlfriend_. Once you open such an email and click on the Enable Content button, the **malicious payload** gets a downloaded device. 

_All hackers who invest $75/week or $200/month to target login credentials_, credit card information, cryptocurrency wallets, and browser information can use Raccoon to attack **unpatched browsers** and operating systems.

To protect yourself from phishing, _ignore all suspicious messages in your Inbox, and **refrain from clicking** on malicious attachments_. It’s better to delete such messages the moment you receive them.

### Data Breach At University Of Utah Health

_A data breach at the [University of Utah Health](https://www.securityweek.com/university-utah-health-discloses-data-breach?&web%5Fview=true) was discovered last week_, which exposed patient information, such as names, dates of birth, medical record numbers, and clinical information about received care. The breach was through some employee email accounts and happened between January 7th and February 21st 2020.

The University of Utah Health is taking all possible [anti-phishing protection](/products/advanced-threat-defense/) measures to reinstate the employee’s workstation **infected with malware** and to investigate further. They believe that no information has been misused and advise patients to review statements received from their healthcare providers.

### Data Breach Hits General Electric

Renowned US Company [General Electric (GE) recently underwent a data breach](https://www.bleepingcomputer.com/news/security/tech-giant-ge-discloses-data-breach-after-service-provider-hack/?&web%5Fview=true) that _exposed the details of its current and former employees and beneficiaries_. The compromised features include their details such as marriage certificates, death certificates, medical child support orders, birth certificates, beneficiary designation forms, tax withholding forms, and other sensitive information such as driver’s license numbers, SSNs, bank account numbers, and passport details.

The attack took place through its service provider Canon Business Process Services (Canon), but the GE systems remain unaffected. While GE is now taking measures to ensure **protection against phishing**, Canon is giving free [identity protection](/products/email-impersonation-protection/) and credit monitoring services to the victims for two years.

### Researcher Finds Vulnerability In Tesla Central Touchscreen

Security researcher Nullze recently discovered a **denial-of-service** (DoS) [vulnerability in Tesla Model 3’s Central Touchscreen](https://www.securityweek.com/vulnerability-exposed-tesla-central-touchscreen-dos-attacks?&web%5Fview=true) that could allow hackers to render it unusable. _All a hacker needed to do was make the victim visit a specially crafted website, and that would make the central display unresponsive_.

The vulnerability was marked as CVE-2020-10558, which disables the speedometer, web browser, climate controls, turn signals, navigation, autopilot notifications, and blinker notifications in addition to other miscellaneous functions from the main screen. _Though the central display crashes because of the flaw, you can still drive the work by restarting it._

Tesla is taking **anti-phishing measures** and has released a patch (Version 2020.4.10) for dealing with the vulnerability.

### Failed Hacking Attempt On WHO

Security Researcher Alexander Urbelis from Reuters discovered a [hacking and impersonation attempt on the WHO](https://in.reuters.com/article/health-coronavirus-who-hack-exclusive/exclusive-elite-hackers-target-who-as-coronavirus-cyberattacks-spike-idINKBN21B07K?&web%5Fview=true) on March 13th from an advanced group of hackers called **DarkHotel**. _The attackers were planning to launch a live attack on the World Health Organization by creating a malicious site mimicking the WHO’s internal email system_.

 Flavio Aggio, the CISO of WHO, said that hackers attempted **stealing passwords** from multiple agency staffers but had failed. Amidst the pandemic related concerns, WHO is also taking measures to [prevent phishing attacks](/products/advanced-threat-defense/) and even released an alert asking people to _stay vigilant of hackers trying to steal money and sensitive information from the public_.

### Beware Of New Android Banking Trojan

_Hackers are not yet done exploiting Covid-19; this time, they are here with a new Android banking Trojan_, which cons people into handing over their card details in **exchange for information** on Covid-19 cases in your locality. But this is the **Ginp Trojan**, which pretends to be ‘[Coronavirus Finder](https://www.infosecurity-magazine.com/news/android-malware-payment/?&web%5Fview=true),’ which promises to list down the number of people with Covid-19 in your area.

The trojan needs you to enter your credit card details to deduct a nominal charge of €0.75 for the information it gets you, but once you enter your card details, they do not deduct the requested €0.75\. Nor do they send any data. _It’s just a tactic to procure card details to steal all your money later_. To ensure [protection from phishing](/) attempts like this, download apps only from the official Google Play Store and grant permissions to only AV apps.

### Web Skimmer On Tupperware Website

The US-based producer of plastic food container products, [Tupperware, recently underwent a data breach](https://www.zdnet.com/article/tupperware-website-hacked-and-infected-with-payment-card-skimmer/?&web%5Fview=true) where hackers placed **malicious code** on its website to steal payment card details from its online customers. _Security firm Malwarebytes discovered the malware on March 20th, but all their attempts at contacting Tupperware failed_.

_This malware impersonates Tupperware’s official payment form and **steals people’s card details** every time they make a payment_. The details include their names, billing address, telephone number, credit card number, credit card expiry date, and credit card CVV code.

However, this **web skimmer** or Magecart script can be easily spotted because Tupperware sites run in local languages, whereas this form appears in English. _Security experts expect more such attempts on online shopping portals soon and advise all users to take proper [phishing attack prevention](/products/advanced-threat-defense/) measures_.

### TQL Faces $5M Lawsuit

![Phishing attack prevention](https://media.mailhop.org/phishprotection/images/2020/04/phishing-attack-prevention-9852.jpg) 

Cincinnati based freight Brokerage Company [Total Quality Logistics faces a lawsuit of $5 million](https://www.infosecurity-magazine.com/news/cincinnati-firm-faces-5m-data/?&web%5Fview=true) for its inability to ensure [phishing protection](/). The data breach occurred on February 23rd and exposed customer and carrier information, which included Tax ID numbers, Bank Account numbers, Social Security numbers, email addresses, phone numbers, first and last names, and TQL customer ID numbers.

A Charles Newman owned trucking company filed a complaint against TQL, calling it _guilty of taking customer security too lightly_. In their defense, TQL President Kerry Byrne informed that they had sent out **breach notifications** to all their carriers after the breach and had even _advised them to monitor their bank accounts_.

### Maze Attacks Hammersmith Medicines Research

[The Maze ransomware group hit Hammersmith Medicines Research](https://www.computerweekly.com/news/252480425/Cyber-gangsters-hit-UK-medical-research-lorganisation-poised-for-work-on-Coronavirus), a medical facility testing coronavirus vaccine. This happened despite their promise not to attack any medical organizations until the Covid 19 pandemic was cured.

The clinical director of Hammersmith Medicines Research, Malcolm Boyce, said that _they spotted and repelled the attack_ on March 14th, without any downtime. But the _Maze attackers could exfiltrate patient records in the attack and published these on the dark web_. These records included the details of people who participated in testing trials between the last eight to 20 years.

### Protect Your Organization

- [Learn how phishing attacks work and how to spot them](/learn-what-is-phishing/)
- [See how Phish Protection blocks threats in real time](/anti-phishing-tools/)

## Topics

[ Announcements ](/tags/announcements/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Intermediate 5m  Cybersecurity Updates For The Week 33 of 2022  Aug 22, 2022 ](/blog/cyber-security-news-update-week-33-2022/)[  Intermediate 6m  Cybersecurity Updates For The Week 41 of 2022  Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[  Intermediate 5m  Cybersecurity Updates For The Week 1 of 2021  Jan 1, 2021 ](/blog/cybersecurity-updates-for-the-week-1-of-2021/)[  Intermediate 6m  Cybersecurity Updates For The Week 1 of 2022  Jan 7, 2022 ](/blog/cybersecurity-updates-for-the-week-1-of-2022/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity Updates For The Week 14 of 2020","description":"Cybersecurity has never been a dormant field. With the global pandemic affecting nations, cyber-attacks are only rising.","url":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-14-of-2020/","datePublished":"2020-04-02T06:19:22.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2020-04-02T06:19:22.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-14-of-2020/"},"articleSection":"intermediate","keywords":"Announcements","wordCount":1243,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2020/04/phishing-prevention-best-practices-9244.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Cybersecurity Updates For The Week 14 of 2020","item":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-14-of-2020/"}]}
```