--- title: "Vulnerable Parental Control: 5M+ Downloads, Data Breach 5.8 Million Affected,French Transport Leaks – Cybersecurity News [12 June 2023] | Phish Protection" description: "Here are the latest headlines from this past week to keep you updated on the latest techniques and tactics threat actors adopt to lure individuals and." image: "https://phishprotection.com/og/blog/cybersecurity-updates-for-the-week-24-of-2023.png" canonical: "https://phishprotection.com/blog/cybersecurity-updates-for-the-week-24-of-2023/" --- Quick Answer Here are the latest headlines from this past week to keep you updated on the \*\*latest techniques and tactics\*\* \[threat actors\](/phishing/threat-actors-target-western-digital-cripple-its-my-cloud-service) adopt to lure individuals and organizations into cyberattacks. Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-24-of-2023%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Vulnerable%20Parental%20Control%3A%205M%2B%20Downloads%2C%20Data%20Breach%205.8%20Million%20Affected%2CFrench%20Transport%20Leaks%20%26%238211%3B%20Cybersecurity%20News%20%5B12%20June%202023%5D&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-24-of-2023%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-24-of-2023%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-24-of-2023%2F&title=Vulnerable%20Parental%20Control%3A%205M%2B%20Downloads%2C%20Data%20Breach%205.8%20Million%20Affected%2CFrench%20Transport%20Leaks%20%26%238211%3B%20Cybersecurity%20News%20%5B12%20June%202023%5D "Share on Reddit") [ ](mailto:?subject=Vulnerable%20Parental%20Control%3A%205M%2B%20Downloads%2C%20Data%20Breach%205.8%20Million%20Affected%2CFrench%20Transport%20Leaks%20%26%238211%3B%20Cybersecurity%20News%20%5B12%20June%202023%5D&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-24-of-2023%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2023/06/anti-phishing-service.jpg) Here are the latest headlines from this past week to keep you updated on the **latest techniques and tactics** [threat actors](/phishing/threat-actors-target-western-digital-cripple-its-my-cloud-service) adopt to lure individuals and organizations into cyberattacks. --- ### Over 5 Million Downloads, But The Parental Control App Is Vulnerable To Attacks The ‘Parental Control, Kids Place’ Kiddowares Android app contains **multiple vulnerabilities** that attackers can use to steal user credentials, upload arbitrary files on protected devices, and **allow children to bypass** controls without their parents noticing, say researchers at[SEC Consult](https://www.bleepingcomputer.com/news/security/parental-control-app-with-5-million-downloads-vulnerable-to-attacks/?&web%5Fview=true). The Kids Place, a [parental control](https://www.internetmatters.org/parental-controls/#:~:text=Parental%20controls%20are%20the%20names,and%20other%20online%20safety%20issues.) suite, has over 5 million downloads on Google Play. It offers parents to monitor their children through geolocation capabilities, enable screen time management, remote device access, **harmful content blocking**, and more. Researchers discovered that the Kids Place app’s older versions than 3.8.49 were **vulnerable** to the following security flaws: User registration and logins returned the unsalted MD5 hash, which [hackers](/phishing/hackers-show-once-again-they-care-about-more-than-just-money) can **easily intercept and decrypt**. Attackers can manipulate the child device’s customizable name to trigger an [XSS payload](https://www.hackerone.com/knowledge-center/how-xss-payloads-work-code-examples-preventing-them). Cybercriminals can exploit the **app’s dashboard** to upload malicious files (it was initially intended to send up to 10 MB files to their children’s devices). Since there is **no antivirus scan** for the uploaded files, the hackers’ job is easier. ### PharMerica Reports Data Breach Affecting 5.8 Million Individuals National pharmacy network PharMerica recently started notifications to over 5.8 million individuals to disclose that a **data breach** had taken place in March. ![Anti phishing service](https://media.mailhop.org/phishprotection/images/2023/06/anti-phishing-service.jpg) Owned by BrightSpring Health, a home and community health services provider, PharMerica operates close to 2,500 facilities across the US, offering more than 3,100 **healthcare** and pharmacy programs. On Friday, PharMerica notified the[Maine Attorney General’s Office](https://www.securityweek.com/pharmerica-discloses-data-breach-impacting-5-8-million-individuals/?web%5Fview=true)regarding a data breach that may have accessed the **personal information** of over 5.8 million individuals in March. According to the company, the data breach occurred between March 12 and 13 . Personal information that might have been compromised during the incident includes names, birth dates, Social Security numbers, addresses, health insurance, and **medication information**. In some cases, the compromised information was linked to **deceased individuals**, and PharMerica encouraged surviving spouses to contact national credit reporting agencies. PharMerica’s letter did not provide details regarding the type of [cyberattack](https://www.bloomberg.com/news/articles/2023-06-15/us-national-lab-nuclear-waste-site-hit-by-cyberattack) it suffered, but it appears the Money Message **ransomware group** was behind the incident. ### La Malle Postale, A French Transportation Company, Leaks Personal Data And Private Chats Of Their Clients The Cybernews research team recently discovered that[La Malle Postale’s system](https://securityaffairs.com/146191/data-breach/personal-info-of-90k-hikers-leaked-by-french-tourism-company-la-malle-postale.html?web%5Fview=true)was **leaking data** that contained its clients’ personal data. The exposed information included names, emails, **private communication** through text messages, phone numbers, passwords, and employees’ credentials. Founded in 2009, La Malle Postale offers luggage and passenger transportation services on popular hiking routes, including the most visited Santiago de Compostela pilgrimage trail. The clients have well-reviewed their services, giving an overall **four-star rating** on TripAdvisor. The company left their **employee passwords** vulnerable to cracking by encoding them using the [Base64 algorithm](https://base64.guru/learn/base64-algorithm/encode). Since hackers can reverse and decode the encoded data back to its original format, encoding is not the most secure way to store passwords. Leaking employee credentials can put the company at **risk of targeted cyberattacks** where threat actors will exploit the data, gain access to the company’s network, and steal sensitive information. ### Toyota Exposed Car Location Data Of 2 Million Customers For Ten Years Toyota Motor Corporation said that a [data breach](https://www.bleepingcomputer.com/news/security/toyota-car-location-data-of-2-million-customers-exposed-for-ten-years/?&web%5Fview=true)on its cloud environment had exposed the **car-location data** of 2 million customers for ten years, from November 6, 2013, to April 17, 2023 . A security notice published in Toyota’s Japanese newsroom says the data breach resulted from a database [misconfiguration](https://cyberscoop.com/misconfiguration-servers-vulnerable-censys/) that allowed hackers to access its contents without a password. > “After the discovery, we implemented [phishing protection](/) measures to **block outside access**, but we are continuing our investigations of all cloud environments managed by TC. We greatly apologize for causing inconvenience to our customers and related parties.” reads the notice. This incident exposed **customers’ information** who used Toyota’s T-Connect G-Link, G-BOOK, or G-Link Lite services from January 2, 2012, to April 17, 2023. ### Google Announces Latest Privacy, Security, and Safety Features Across Its Services [Google](https://thehackernews.com/2023/05/google-announces-new-privacy-safety-and.html?&web%5Fview=true)recently unveiled many new privacy, security, and safety features at **Google I/O**, its annual developer conference. The tech giant’s latest initiatives aim to protect its users from cyber threats, including malicious websites and [phishing attacks](/resources/7-most-common-phishing-attacks-and-learning-to-protect-against-them) while providing **better transparency and control** over their personal data. The newly introduced features include- - Improved data control and transparency Gmail [Dark Web Scan](https://www.expressvpn.com/blog/what-is-a-dark-web-scan/) Report Effortlessly Delete Maps Search History - **AI-Powered Safe Browsing** Content Safety API Expansion About this Image Spam View in Google Drive ![What is spear phishing](https://media.mailhop.org/phishprotection/images/2023/06/what-is-spear-phishing-8629.jpg) ### Twitter Finally Plans To Roll Out Encrypted Direct Messages - Only For Verified Users Twitter is officially rolling out[encrypted direct messages](https://thehackernews.com/2023/05/twitter-finally-rolling-out-encrypted.html?&web%5Fview=true)(DMs) more than five months after its CEO, Elon Musk, confirmed plans for the latest feature in November 2022. “Phase 1” of the planned initiative will look like **separate conversations** near the existing direct messages in users’ inboxes. Encrypted chats will carry a lock icon to differentiate them visually. Furthermore, the **opt-in feature** will be limited to [verified users](https://www.teslarati.com/twitter-retaliting-against-verified-users-elon-musk/) or affiliates of a verified organization. Also, to use the feature, both the sender and recipient must be running the latest version of the Twitter app. While Twitter did not disclose precisely how it will secure the conversations, it said it employs ” **strong cryptographic schemes**” to encrypt the users’ messages, reactions, and links. ### Protect Your Organization - [Learn how phishing attacks work and how to spot them](/learn-what-is-phishing/) - [See how Phish Protection blocks threats in real time](/anti-phishing-tools/) ## Topics [ Announcements ](/tags/announcements/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Intermediate 5m Cybersecurity Updates For The Week 33 of 2022 Aug 22, 2022 ](/blog/cyber-security-news-update-week-33-2022/)[ Intermediate 6m Cybersecurity Updates For The Week 41 of 2022 Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[ Intermediate 5m Cybersecurity Updates For The Week 1 of 2021 Jan 1, 2021 ](/blog/cybersecurity-updates-for-the-week-1-of-2021/)[ Intermediate 6m Cybersecurity Updates For The Week 1 of 2022 Jan 7, 2022 ](/blog/cybersecurity-updates-for-the-week-1-of-2022/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"Vulnerable Parental Control: 5M+ Downloads, Data Breach 5.8 Million Affected,French Transport Leaks – Cybersecurity News [12 June 2023]","description":"Here are the latest headlines from this past week to keep you updated on the latest techniques and tactics threat actors adopt to lure individuals and.","url":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-24-of-2023/","datePublished":"2023-06-12T06:02:49.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2023-06-12T06:02:49.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-24-of-2023/"},"articleSection":"intermediate","keywords":"Announcements","wordCount":968,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2023/06/anti-phishing-service.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Vulnerable Parental Control: 5M+ Downloads, Data Breach 5.8 Million Affected,French Transport Leaks – Cybersecurity News [12 June 2023]","item":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-24-of-2023/"}]} ```