---
title: "Cybersecurity Updates For The Week 19 of 2021 | Phish Protection"
description: "Phishing news this week includes updates on the latest modus operandi adopted by cyber adversaries to lure users into divulging their sensitive information."
image: "https://phishprotection.com/og/blog/cybersecurity-updates-for-the-week-19-of-2021.png"
canonical: "https://phishprotection.com/blog/cybersecurity-updates-for-the-week-19-of-2021/"
---

Quick Answer

Phishing news this week includes updates on the latest modus operandi adopted by cyber adversaries to lure users into divulging their sensitive information. \_Being aware of the latest attack patterns is an essential aspect of ensuring \[protection against phishing\](/)\_, and therefore we bring you the newest phishing headlines from this past week.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-19-of-2021%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20Updates%20For%20The%20Week%2019%20of%202021&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-19-of-2021%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-19-of-2021%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-19-of-2021%2F&title=Cybersecurity%20Updates%20For%20The%20Week%2019%20of%202021 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20Updates%20For%20The%20Week%2019%20of%202021&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-19-of-2021%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2021/05/what-is-a-zero-day-attack-9544.jpg) 

Phishing news this week includes updates on the latest modus operandi adopted by cyber adversaries to lure users into divulging their sensitive information. _Being aware of the latest attack patterns is an essential aspect of ensuring [protection against phishing](/)_, and therefore we bring you the newest phishing headlines from this past week.

### Ransomware Hits UK’s Merseyrail

_UK’s rail network Merseyrail recently underwent a **ransomware attack** in which the adversaries used the victim’s email system_ to notify all employees and journalists about the attack. The [Lockbit ransomware gang](https://www.bleepingcomputer.com/news/security/uk-rail-network-merseyrail-likely-hit-by-lockbit-ransomware/?&web%5Fview=true) is behind this attack on Merseyrail that took over its Director’s email account (@merseyrail.org).

As part of its [phishing protection](/) program, Merseyrail has initiated an investigation and informed the UK Information Commissioner’s Office (ICO). They have refrained from commenting further into the incident till investigations continue. After attacking the rail network, _the attackers used its Director Andy Heath’s email account to inform employees about the incident and the stolen data_. The adversaries also attached samples of the stolen employee and customer data.

![What is a zero day attack](https://media.mailhop.org/phishprotection/images/2021/05/what-is-a-zero-day-attack-9544.jpg) 

### Wyoming’s Department Of Health Leaves Database Online

_Wyoming’s Department of Health (WDH) accidentally published a database containing the personal health information_ of **around 164,021 Wyoming residents**‘ private and public repositories on GitHub.com servers. Consequently, unauthorized individuals could access the details of a quarter of Wyoming’s population between January 2020 and March 2021\. The data breach was triggered by the inappropriate handling of data by a WDH employee. The compromised details include the COVID 19, Influenza, and breath-alcohol test results of citizens. These [test results](https://www.infosecurity-magazine.com/news/data-breach-impacts-1-in-4/?&web%5Fview=true) came with the names, DOBs, addresses, ID numbers, date of conducting the test, etc.

While WDH has begun its **anti-phishing measures** to this end and started notifying victims about the breach, it may not reach all patients as contact details aren’t available for all. Free [identity theft protection](/products/email-impersonation-protection/) shall be forwarded to all identified victims for a year. WDH apologizes to those affected by this security incident and assures that the files are now removed from GitHub.

### Data Breach Hits First Horizon Corp. 

_US-based financial services company First Horizon Corp. underwent a data breach recently_ where attackers exploited a [software vulnerability](https://siliconangle.com/2021/04/28/financial-services-firm-first-horizon-suffers-data-breach-customer-funds-stolen/?web%5Fview=true) to access login credentials to customer accounts. The attackers (believed to be an authorized third party) then stole funds from around 200 customer bank accounts amounting to **less than $1 million**.

As part of its [phishing attack prevention](/) measures, First Horizon notified the US Securities and Exchange Commission about the breach and patched the [software vulnerability](/content/zero-day-attacks/) triggering the attack. Further, the bank has reset passwords for all customers and reimbursed the funds stolen from customer accounts.

### Paleohacks Leaves AWS Bucket Unprotected, Doesn’t Respond To Security Alerts Either

_Researchers at vpnMentor recently discovered a data breach at Paleohacks_. Paleohacks is a health and lifestyle brand that suggests people to adopt a paleo diet using podcasts, customized courses, recipes, meal plans, etc. Over 70,000 Paleohacks customers were affected in this breach caused by the company’s **oversight of security** protocols.

_The personal data of Paleohacks customers was stored on an unprotected Amazon Web Services (AWS) S3 bucket_. Due to the absence of any privacy protocols on the S3 bucket, almost anyone with basic hacking skills could easily access this database. Surprisingly, _the company has been indifferent to the incident despite being informed about it_. It hasn’t taken any [corrective measures](https://www.vpnmentor.com/blog/report-paleohacks-breach/?&web%5Fview=true) so far; vpnmentor had to reach out to AWS itself to get the database secured. All Paleohacks customers who signed up for their courses and newsletters were possibly affected by this security incident. The Personally Identifiable Information compromised includes the names, usernames, hashed passwords, email addresses, location, profile bios, DOBs, etc., of users. Since the company hasn’t exhibited any interest in correcting its security shortcomings, the same shall likely persist. Paleohacks customers should therefore adopt cybersecurity measures to protect themselves from potential **phishing attacks**.

### Darkside Ransomware Hits Italian Bank Banca Di Credito Cooperativo

_The DarkSide ransomware gang found itself a new victim in the Italian cooperative credit banks_, Banca di Credito Cooperativo (BCC). The attack disrupted operations at 188 branches of Banca di Credito Cooperativo. However, the bank has notified customers that their services should be up and running by 3rd May, Monday. In the meantime, BCC encourages customers to use its home banking and ATM facilities to [continue transactions](https://securityaffairs.co/wordpress/117360/cyber-crime/banca-di-credito-cooperativo-darkside-ransomware.html?web%5Fview=true).

_The bank says that the attack isn’t as significant as one would think and that the real issue relates to its communication systems_. The bank assures customers that the technical problems slowing down operations are being addressed and that [phishing prevention](/) measures are in place. There is no mention of the BCC attack on the Darkside leak site, which is probably because the negotiations are ongoing.

### Revil Ransomware Attacks Brazilian Court System TJRS

The court system for Brazil’s state, Rio Grande do Sul, Tribunal de Justiça do Estado do Rio Grande do Sul (TJRS), was recently hit by the **REvil ransomware**. _Employees describe the incident as horrific and the worst of all attacks while sharing the ransom note among themselves_. The attack shut down the TJRS court network and encrypted employee’s files.

As part of its [anti-phishing solutions](/), the TJRS took to Twitter to ask all employees to refrain from logging in to the [TJ network’s systems](https://www.bleepingcomputer.com/news/security/brazils-rio-grande-do-sul-court-system-hit-by-revil-ransomware/?&web%5Fview=true) or computers. As per sources, the REVil ransomware gang has demanded $5,000,000 in exchange for the decryption files.

![What is a zero day attack](https://media.mailhop.org/phishprotection/images/2021/05/what-is-a-zero-day-attack-9545.jpg) 

### Malware Hits Office Of The Public Defender In Southwestern Florida

_Malware attackers have recently compromised the personally identifiable information_ (PII) of clients and staff of southwestern Florida’s Public Defender’s Office. The adversaries probably accessed a [database with records](https://www.govinfosecurity.com/florida-public-defender-describes-malware-attacks-impact-a-16460?&web%5Fview=true) of over 500,000 former and current clients and employees, although there is no evidence of the same. No criminal case details were exposed either.

The agency quickly adopted measures to [prevent phishing](/) attacks, _immediately contacted law enforcement, blocked access to all technological resources_, and investigated the breach. It is now hosting systems on the cloud to ensure continued operations till **file recovery** efforts are ongoing.

### Shinyhunter Leaks 20 Million Bigbasket User Records

_The Indian online grocery delivery store BigBasket underwent a data breach in November last year_. The threat actor ShinyHunter has now put up a _database containing **20 million BigBasket user** records for free on the dark web_. These records include the addresses, phone numbers, SHA1 hashed passwords, email addresses, and other details of users.

BigBasket has registered a case with the [cybercrime police](https://www.bleepingcomputer.com/news/security/hacker-leaks-20-million-alleged-bigbasket-user-records-for-free/?&web%5Fview=true) and has decided against sharing details about the incident till investigations continue. Despite [phishing prevention tips](/content/phishing-prevention/) always suggesting users create strong passwords for their online accounts, _almost 700,000 users were found to be using the password ‘PASSWORD’_.

All BigBasket customers should consider resetting their passwords to a strong combination of characters and do the same for other accounts which may have had the same password.

### Protect Your Organization

- [Learn how phishing attacks work and how to spot them](/learn-what-is-phishing/)
- [See how Phish Protection blocks threats in real time](/anti-phishing-tools/)

## Topics

[ Announcements ](/tags/announcements/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Intermediate 5m  Cybersecurity Updates For The Week 33 of 2022  Aug 22, 2022 ](/blog/cyber-security-news-update-week-33-2022/)[  Intermediate 6m  Cybersecurity Updates For The Week 41 of 2022  Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[  Intermediate 5m  Cybersecurity Updates For The Week 1 of 2021  Jan 1, 2021 ](/blog/cybersecurity-updates-for-the-week-1-of-2021/)[  Intermediate 6m  Cybersecurity Updates For The Week 1 of 2022  Jan 7, 2022 ](/blog/cybersecurity-updates-for-the-week-1-of-2022/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity Updates For The Week 19 of 2021","description":"Phishing news this week includes updates on the latest modus operandi adopted by cyber adversaries to lure users into divulging their sensitive information.","url":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-19-of-2021/","datePublished":"2021-05-06T10:40:39.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2021-05-06T10:40:39.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-19-of-2021/"},"articleSection":"intermediate","keywords":"Announcements","wordCount":1145,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2021/05/what-is-a-zero-day-attack-9544.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Cybersecurity Updates For The Week 19 of 2021","item":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-19-of-2021/"}]}
```