---
title: "Cybersecurity Updates For The Week 30 of 2021 | Phish Protection"
description: "Cybersecurity Updates For The Week 30 of 2021: Phishing headlines are unlikely to leave the cybersecurity news any time soon . This week"
image: "https://phishprotection.com/og/blog/cybersecurity-updates-for-the-week-30-of-2021.png"
canonical: "https://phishprotection.com/blog/cybersecurity-updates-for-the-week-30-of-2021/"
---

Quick Answer

The WooCommerce administrators urge all users of the e-commerce plugin for the WordPress content management system to update their plugins to version 5.5.51\. This is because \_over 90 versions of the 5.5.0 plugin were vulnerable to a severe bug\_ that adversaries could \[exploit without authentication\](https://www.bleepingcomputer.com/news/security/woocommerce-fixes-vulnerability-exposing-5-million-sites-to-data-theft/?&web\_view=true).

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-30-of-2021%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20Updates%20For%20The%20Week%2030%20of%202021&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-30-of-2021%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-30-of-2021%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-30-of-2021%2F&title=Cybersecurity%20Updates%20For%20The%20Week%2030%20of%202021 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20Updates%20For%20The%20Week%2030%20of%202021&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-30-of-2021%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2021/07/what-is-phishing-9442.jpg) 

_Phishing headlines are unlikely to leave the cybersecurity news any time soon_. This week’s cybersecurity updates indicate the surge in **ransomware attacks**, data thefts, and financial fraud, throwing light on the importance of adopting the right [anti-phishing solutions](/) to keep your and your organization’s critical information assets secure.

### WooCommerce Patches Critical Vulnerability

The WooCommerce administrators urge all users of the e-commerce plugin for the WordPress content management system to update their plugins to version 5.5.51\. This is because _over 90 versions of the 5.5.0 plugin were vulnerable to a severe bug_ that adversaries could [exploit without authentication](https://www.bleepingcomputer.com/news/security/woocommerce-fixes-vulnerability-exposing-5-million-sites-to-data-theft/?&web%5Fview=true).

Though the bug hasn’t yet received a tracking number, it is considered a critical one with a **severity score of 8.2 out of 10** (Patchstack). It also affects the WooCommerce Blocks plugin that shows products on posts and pages. All WooCommerce plugin versions from 3.3 to 5.5 and WooCommerce Blocks from 2.5 to 5.5 have received an update to 5.5.1\. The patches are being rolled out automatically for all affected WooCommerce installations. To ensure [protection from phishing](/) attacks, _WooCommerce has also sent out notification emails to all users_.

If unpatched, the vulnerability would enable the adversaries to access all administrative details, store-related information, and access customer-related data. Hence, WooCommerce urges all users to **update to the latest version** and change their passwords.

![What is phishing](https://media.mailhop.org/phishprotection/images/2021/07/what-is-phishing-9442.jpg) 

### Cuba Ransomware Attacks Forefront Dermatology

The Wisconsin-based clinic _Forefront Dermatology S.C recently discovered some unauthorized access in its IT system and sent out a ransomware notification to 2.4 million employees, patients, and clinicians_. From the looks of it, the attack involved the less frequently seen ransomware gang Cuba and is the third-largest breach reported to the Department of Health and Human Services HIPAA Breach Reporting Tool website this year.

_Cuba operators dumped a 47MB file belonging to Forefront on its data leak site_. This data dump included **over 130 files** with information on the clinic’s network, security, insurance, health login portals, and backup details. Over a hundred sets of passwords and login details were also exposed. As per sources, Forefront first [discovered the breach](https://www.databreachtoday.com/dermatology-clinic-chain-breach-affects-24-million-a-17074?&web%5Fview=true) on 4th June and found that its systems were accessed by the adversaries between 28th May and 4th June. In its breach notification, the clinic informs that the compromised information includes the names, DOBs, addresses, health insurance details, medical details, patient account numbers, provider details, and clinical treatment information.

Financial information, Social Security numbers, and driver’s license numbers stored on Forefront’s systems were not affected by the security incident. All of Forefront’s clients are advised to take **anti-phishing measures** to protect themselves from any potential attacks and watch out for targeted **phishing emails**.

### Ransomware Attacks Hits PractiseFirst

The New York-based medical management services provider, _PractiseFirst, recently underwent a supply chain ransomware attack that affected **over 1.2 million individuals**_. This attack is the sixth-largest health data breach reported to the Department of Health and Human Services’ website this year. The breach notification issued by PracticeFirst indicates that the [attack was first detected](https://www.govinfosecurity.com/supply-chain-ransomware-breach-affects-12-million-a-17062?) on 30th December 2020, but it’s only on 1st July 2021 that the MSP reported the incident to federal regulators. _The company had entered a negotiation with the ransomware operators and paid a ransom_ in exchange for an assurance that none of their files will be stored, shared, or sold further.

The compromised information included patients’ names, email addresses, DOBs, addresses, Social Security numbers, driver’s license numbers, patient identification numbers, laboratory, diagnosis, treatment information, tax identification numbers, medication information, and health insurance identification and claims information. It also included the employee usernames, passwords, security questions and answers, and payment card and bank details.

While PractiseFirst was quick to shut down its systems after spotting unauthorized access, the information lost to adversaries implies an **impending cyber threat** for all victims, despite the company meeting the ransom demands. Cyberattacks like this are widespread, and what PractiseFirst did to ensure [phishing protection](/) was elementary. It will be in the best interest of all stakeholders if they _look out for abnormalities in their accounts or suspicious emails_.

### Chinese Hackers Target Nepal Telecom

_Chinese hackers recently attacked the Oracle GlassFish Server used by Nepal Telecom_. The adversaries deployed APT 41, APT 71, and **backdoor weapons** to access the systems of the telecom company and stole the call details of all Nepali users.

The Call Data Records of all victims are up on the [dark web for sale](https://ciso.economictimes.indiatimes.com/news/nepal-telecom-call-details-stolen-by-chinese-hackers/84366159) since 29th June 2021\. In its statements, the telecom company has assured that they took [phishing prevention best practices](/resources/phishing-prevention-best-practices/) and that the call data is safe, and servers remain protected.

### Over 780k Emotet Affected Email Accounts Re-Secured

Ever since the authorities seized and shut down the servers of the malicious [malware gang Emotet](https://therecord.media/over-780000-email-accounts-compromised-by-emotet-have-been-secured/) in January 2021, attempts have been made to re-secure the hundreds of thousands of email accounts compromised by the gang. _Over 780,000 email accounts have been re-secured since April_, thanks to the efforts of the cybersecurity organization Spamhaus.

Apart from an initial list of **4,324,770 compromised email** addresses, the organization also received 1.3 million other addresses compromised by Emotet. More than 3000 organizations and 22,000 domain owners were approached to re-secure the email accounts by resetting the passwords. _Over 60% of those 1.3 million addresses have been re-secured to date_. Though many accounts continue to be vulnerable to Emotet or other cyberattackers’ malicious intentions, this is an outstanding achievement. All those who believe that their accounts continue to be under the control of the malware gang must adopt [phishing prevention](/) measures and look out for suspicious messages.

### Cyberattack Hits Spreadshop

_Renowned merchandise shop platform Spreadshop underwent an organized cyber attack recently_. Consequently, the personal and bank details of employees, partners, external suppliers, and customers were compromised. The [exposed information](https://www.privacysharks.com/spreadshop-hit-by-cyber-attack-payment-details-emails-and-passwords-breached/) includes the payment details of customers who transferred money or received refunds from Spreadshirt, TeamShirts, or Spreadshop. The bank details of only this small group of customers were affected. The other information belonging to stakeholders compromised in the breach includes the addresses, bank details, password hashes from before 2014, and PayPal addresses.

_The company notified users of the breach on 8th July 2021 and apologized for the disturbing attack_. Spreadshop had some measures in place, and yet the adversaries could infiltrate its systems. It is now working with third-party **cybersecurity experts** to investigate the attack and restore its systems. Spreadshop account holders are advised to adopt measures to [prevent phishing](/) attacks and change their passwords for both the Spreadshop account and PayPal or bank accounts they may have used for their transactions with the company.

![What is phishing](https://media.mailhop.org/phishprotection/images/2021/07/what-is-phishing-9443.jpg) 

### Data Breach At Mint Mobile

_The telecommunications company Mint Mobile underwent a data breach between 8th to 10th June_, which affected the personal details of some of its subscribers. In a recent breach notification to the victims, the company has informed that the adversaries **gained unauthorized access** to its systems. Consequently, some of the subscribers’ account information (including their names, contact numbers, addresses, call history, email addresses, and passwords) was ported to another carrier.

Mint Mobile assured users that the process was reversed and their services restored as soon as they [discovered the breach](https://www.bleepingcomputer.com/news/security/mint-mobile-hit-by-a-data-breach-after-numbers-ported-data-accessed/?&web%5Fview=true). However, they still recommend users change their account passwords, enable multi-factor authentication, and take necessary [anti-phishing measures](/blog/ransomware-hits-reason-why-businesses-need-to-adopt-robust-anti-phishing-measures/). The company hasn’t disclosed how the attackers infiltrated its systems, but the hackers probably hacked one of their customer managing applications or user accounts.

### Protect Your Organization

- [Learn how phishing attacks work and how to spot them](/learn-what-is-phishing/)
- [See how Phish Protection blocks threats in real time](/anti-phishing-tools/)

## Topics

[ Announcements ](/tags/announcements/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Intermediate 5m  Cybersecurity Updates For The Week 33 of 2022  Aug 22, 2022 ](/blog/cyber-security-news-update-week-33-2022/)[  Intermediate 6m  Cybersecurity Updates For The Week 41 of 2022  Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[  Intermediate 5m  Cybersecurity Updates For The Week 1 of 2021  Jan 1, 2021 ](/blog/cybersecurity-updates-for-the-week-1-of-2021/)[  Intermediate 6m  Cybersecurity Updates For The Week 1 of 2022  Jan 7, 2022 ](/blog/cybersecurity-updates-for-the-week-1-of-2022/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity Updates For The Week 30 of 2021","description":"Cybersecurity Updates For The Week 30 of 2021: Phishing headlines are unlikely to leave the cybersecurity news any time soon . This week's cybersecurity.","url":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-30-of-2021/","datePublished":"2021-07-21T09:31:45.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2021-07-21T09:31:45.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-30-of-2021/"},"articleSection":"intermediate","keywords":"Announcements","wordCount":1236,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2021/07/what-is-phishing-9442.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Cybersecurity Updates For The Week 30 of 2021","item":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-30-of-2021/"}]}
```