---
title: "Cybersecurity Updates For The Week 37 of 2021 | Phish Protection"
description: "Phishing attack prevention is a global struggle, and cyber security experts strive to reduce the attack ratio every day."
image: "https://phishprotection.com/og/blog/cybersecurity-updates-for-the-week-37-of-2021.png"
canonical: "https://phishprotection.com/blog/cybersecurity-updates-for-the-week-37-of-2021/"
---

Quick Answer

\[Phishing attack prevention\](/) is a global struggle, and \_cyber security experts strive to reduce the attack ratio every day.\_ However, some adversaries continue to seem to be a step ahead. Here are \[phishing headlines\](/tags/announcements/) of this week that lay down the importance of adopting adequate \*\*anti-phishing\*\* measures.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-37-of-2021%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20Updates%20For%20The%20Week%2037%20of%202021&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-37-of-2021%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-37-of-2021%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-37-of-2021%2F&title=Cybersecurity%20Updates%20For%20The%20Week%2037%20of%202021 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20Updates%20For%20The%20Week%2037%20of%202021&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-37-of-2021%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2021/09/zero-day-attack-prevention-0763.jpg) 

[Phishing attack prevention](/) is a global struggle, and _cyber security experts strive to reduce the attack ratio every day._ However, some adversaries continue to seem to be a step ahead. Here are [phishing headlines](/tags/announcements/) of this week that lay down the importance of adopting adequate **anti-phishing** measures.

### Dallas Independent School District Announces Data Breach

_The Dallas Independent School District (Dallas ISD) discovered a data breach in its systems_ on 8th August 2021 and disclosed it in a [data breach notice](https://portswigger.net/daily-swig/dallas-independent-school-district-reports-data-breach-impacting-current-and-former-students-staff) on 2nd September 2021\. As per the details revealed, the data breach affected the records of employees and students associated with Dallas ISD since 2010\. The adversaries gained access to the school district’s network, stole files, and stored them on an **encrypted cloud site**. Dallas ISD did everything in its capacity to ensure [anti-phishing protection](/) and address the vulnerabilities.

The adversaries eventually informed them that the _stolen data had been taken down from the cloud storage site and has not been shared or sold to anyone so far._ The compromised data includes the names, DOBs, social security numbers, addresses, salary details, phone numbers, etc., for employees and names, parents’ contact details, DOBs, grades, and social security numbers for students. In some cases, the medical information and custody status of students were also involved.

As part of its measures to [prevent phishing](/) attacks, Dallas ISD is notifying and providing a year of charge-free credit monitoring and [identity theft](/resources/phishing-identity-theft/) recovery to all affected individuals. The district has initiated a hotline number to answer all attack-related queries. In addition, federal law enforcement authorities have been informed.

### Fake Banksy NFT Auction, Funds Returned

The realm of Non-Fungible Tokens (NFTs) has begun attracting cyber adversaries. In the latest scam, an [attacker hacked](https://threatpost.com/nft-collector-tricked-into-buying-fake-banksy/169179/) into the site of the famous street artist Banksy and _created and sold a fake NFT for $336,000_. Fortunately, the anonymous buyer, who goes by the name of Pranksy, could spot that it was a scam and hunted the attacker down. Intimidated, the attacker returned the entire amount, less the transaction fee of $6,918.

![Zero day attack prevention](https://media.mailhop.org/phishprotection/images/2021/09/zero-day-attack-prevention-0763.jpg) 

Pranksy had confirmed the legitimacy of the sale before bidding, but he got suspicious when his bid got accepted. The fraudulent NFT sale received media coverage, and _Pranksy could track down the adversary_, which probably compelled him to give up and return the money. On its part, Banksy put up a statement saying it had created no NFT artworks auction. While _not every victim of cyber fraud may not be as lucky to get back the stolen funds_, this incident does indicate that [crypto hacks](/blog/crypto-phishing-scams-gaining-momentum-with-more-coins-in-the-market/) are slightly tricky to hide and that phishing protection measures can go a long way in **preventing frauds** like these.

### Victure Users Need to Guard Against Unpatched Vulnerabilities in Baby Monitors

_Chinese manufacturer of home baby monitors Victure has left some security flaws in its IoT devices_ unfixed because of which adversaries can access the camera feed, spy on users, and [plant malware on devices](https://portswigger.net/daily-swig/zero-day-flaws-in-iot-baby-monitors-could-give-attackers-access-to-camera-feeds). Cybersecurity researchers at BitDefender first discovered a stack-based buffer overflow vulnerability in Victure’s product PC420 smart camera. If exploited, the vulnerability can lead to remote code execution on victim devices with Victure PC420 firmware versions before 1.2.2.

BitDefender tried contacting Victure for a year, but after receiving no response, it published a breach alert for the public to adopt the [phishing prevention best practices](/resources/phishing-prevention-best-practices/) and change their video monitoring devices if required. Vulnerabilities in video equipment often remain unfixed, and therefore, users need to take precautionary measures at a personal level.

### Data Breach Hits Career Group

_Los Angeles-based administrative staffing and recruiting agency Career Group recently underwent a data breach_ that affected **49,000 individuals**. The [breach happened](https://www.securityweek.com/recruiting-firm-apparently-pays-ransom-after-being-targeted-hackers) between 28th June and 7th July 2021 when adversaries gained unauthorized access to Career Group’s network. _The breach notification letters were sent to affected customers only now_. After detecting the breach on 2nd July, the organization took prompt [anti-phishing measures](/blog/ransomware-hits-reason-why-businesses-need-to-adopt-robust-anti-phishing-measures/) to contain the attack. It initiated an investigation and also informed law enforcement about the incident.

The organization informed the Maine Attorney General’s Office about the nature of the breach and the types of information compromised, including the names and social security numbers of around 49,476 individuals. Although Career Group hasn’t disclosed the kind of cyber attack it underwent, it looks like a **ransomware attack** where it probably paid the ransom.

### Bug in Francetest Can Expose Covid Test Results

_A bug in the online platform of the Francetest pharmacy was recently detected that exposed the antigen test results_ of **over 700,000** Francetest patients. The [vulnerability was discovered](https://www.connexionfrance.com/French-news/700000-French-pharmacy-Covid-test-results-left-publicly-available) by a patient with IT knowledge. She observed that WordPress was being used to maintain sensitive patient data such as names, DOBs, genders, addresses, phone numbers, social security numbers, and email addresses. This was in addition to their test results.

Francetest was quick to implement its [anti-phishing solutions](/) and fixed the bug within a day. However, it is challenging for the lay user without adequate [cybersecurity awareness](/products/phishing-awareness-training/) to identify which website is safe and which can be a threat vector. Hence, learning basic **cyber hygiene** is a necessity in today’s times that netizens cannot afford to ignore.

### 1500 Beaumont Health Patients Affected by Accellion Hack

Michigan-based hospital system Beaumont Health uses the file-sharing services of Accellion. Unfortunately, _it was affected by an attack on Accellion wherein around 1,500 of the hospital’s patients_ had their [data compromised](https://www.cyberscoop.com/accellion-breach-exposed-data-from-patients-at-major-michigan-hospital-system/). The breach was first discovered in February 2021, and Beaumont immediately began its investigations. The analysis revealed that patients’ names, medical record numbers, dates of service, physician’s names, etc., were exposed. However, no financial information was lost in the incident.

Beaumont shares the misfortune of the Accellion data breach (from December last year) along with 11 other healthcare facilities. It has been almost nine months since the Accellion hack, and even today, we hear about new organizations being- affected by the breach. Patients of Beaumont are advised to adopt measures for [protection from phishing](/).

### Cyberattack Hits DuPage Medical Group

_Renowned physicians group DuPage Medical Group recently underwent a cyberattack_ that affected around **600,000 patients**. The group went through a phone and computer systems outage on 13th July, which lasted for about a week. During this period, the [adversaries accessed](https://www.chicagotribune.com/business/ct-biz-dupage-medical-group-breach-personal-information-20210830-frv74cy23nhftgufbwc3caknie-story.html) hundreds of thousands of patients’ personal information (names, DOBs, addresses, diagnosis codes, treatment dates, etc.). In some cases, even the social security numbers were exposed.

![Stop phishing emails](https://media.mailhop.org/phishprotection/images/2021/09/stop-phishing-emails-0145.jpg) 

Although there is no evidence to indicate the misuse of any patient’s personal information, _DuPage is taking measures to prevent further breaches and offers free identity theft and credit monitoring facilities_ to all affected patients. Additionally, the medical group has incorporated additional security measures and is currently reviewing its **security policy**.

### Data Breach Affects Bangkok Airways Passengers

_Bangkok Airways recently underwent a cyberattack that has exposed the passport details and other personal information of travelers_. On 23rd August, the airways first noticed some [unauthorized access](https://www.zdnet.com/article/bangkok-airways-apologizes-for-passport-info-breach-as-lockbit-ransomware-group-threatens-release-of-more-data/) of its information system. Although Bangkok Airways hasn’t disclosed the exact number of passengers affected, it has mentioned the types of information exposed in the breach. These include the names, genders, nationalities, email addresses, physical addresses, phone numbers, passport information, travel information, meal specifications, partial credit card information, etc.

Fortunately, the adversaries couldn’t get through the Airways operational **security system**. However, the organization recommends that _customers who have received a breach notification monitor their bank accounts and change passwords immediately_. It also asks all customers to look out for suspicious emails, messages, or calls claiming to be from Bangkok Airways and watch out for **phishing attacks**. Interestingly, this notification comes around the same time as LockBit’s data dump notification for **103 GB of data** stolen from Bangkok Airways, ascertaining its roles in this latest breach.

### Protect Your Organization

- [Learn how phishing attacks work and how to spot them](/learn-what-is-phishing/)
- [See how Phish Protection blocks threats in real time](/anti-phishing-tools/)

## Topics

[ Announcements ](/tags/announcements/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Intermediate 5m  Cybersecurity Updates For The Week 33 of 2022  Aug 22, 2022 ](/blog/cyber-security-news-update-week-33-2022/)[  Intermediate 6m  Cybersecurity Updates For The Week 41 of 2022  Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[  Intermediate 5m  Cybersecurity Updates For The Week 1 of 2021  Jan 1, 2021 ](/blog/cybersecurity-updates-for-the-week-1-of-2021/)[  Intermediate 6m  Cybersecurity Updates For The Week 1 of 2022  Jan 7, 2022 ](/blog/cybersecurity-updates-for-the-week-1-of-2022/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity Updates For The Week 37 of 2021","description":"Phishing attack prevention is a global struggle, and cyber security experts strive to reduce the attack ratio every day.","url":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-37-of-2021/","datePublished":"2021-09-09T11:31:50.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2021-09-09T11:31:50.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-37-of-2021/"},"articleSection":"intermediate","keywords":"Announcements","wordCount":1294,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2021/09/zero-day-attack-prevention-0763.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Cybersecurity Updates For The Week 37 of 2021","item":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-37-of-2021/"}]}
```