---
title: "Cybersecurity Updates For The Week 39 | Phish Protection"
description: "The recent updates from the world of cybersecurity touch many crucial areas and offer critical insights for individuals and businesses who are keen to improve."
image: "https://phishprotection.com/og/blog/cybersecurity-updates-for-the-week-39.png"
canonical: "https://phishprotection.com/blog/cybersecurity-updates-for-the-week-39/"
---

Quick Answer

Malindo Air and Thai Lion Air, the two airline companies, owned by Lion Air, have recently been the subject of a \*\*massive data compromise\*\*. Data belonging to approximately 14 million Malindo Air and 21 million Thai \[Lion Air customers was available in an open AWS storage bucket\](https://cyware.com/news/millions-of-customer-records-belonging-to-lion-air-exchanged-on-online-forums-a74cc6df) on the web. However, investigators cannot determine the exact time for which the databases have been there on the internet.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-39%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20Updates%20For%20The%20Week%2039&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-39%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-39%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-39%2F&title=Cybersecurity%20Updates%20For%20The%20Week%2039 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20Updates%20For%20The%20Week%2039&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-39%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2019/09/spear-phishing-prevention-2588.jpg) 

_The recent updates from the world of cybersecurity touch many crucial areas and offer critical insights for individuals and businesses who are keen to improve their digital security._ Hence, we compiled all major cybersecurity events and other developments which will enable them to take a step forward for establishing a **robust cyber-security** infrastructure.

### Lion Air’s Customer Records Go Viral

Malindo Air and Thai Lion Air, the two airline companies, owned by Lion Air, have recently been the subject of a **massive data compromise**. Data belonging to approximately 14 million Malindo Air and 21 million Thai [Lion Air customers was available in an open AWS storage bucket](https://cyware.com/news/millions-of-customer-records-belonging-to-lion-air-exchanged-on-online-forums-a74cc6df) on the web. However, investigators cannot determine the exact time for which the databases have been there on the internet.

Investigators speculate that the lost data includes names, e-mail addresses, phone numbers, physical addresses, passport numbers, passport expiration dates, dates of birth, and passenger and reservation IDs. Additionally, it has been available on data exchange from August 10, implying that the data has probably been in circulation for over a month now.

#### Investigations Under-Way: Says Malindo Air

According to an official from Malindo Air, _they shall only comment or present any advice to the affected users after they have conducted a thorough internal investigation_. The company plans to hire an independent cybersecurity firm to get to the roots of this data breach.

### 15,000 Private Cams Available Online

A scary number of [15,000 private web cameras were online](https://www.infosecurity-magazine.com/news/webcam-security-snafus-expose/), and researchers claim that _anybody with an internet connection can access them_. Web camera manufacturers like AXIS net cameras; Cisco Linksys webcam; IP Camera Logo Server; IP WebCam; IQ Invision web camera; Mega-Pixel IP Camera; Mobotix; WebCamXP 5 and Yawcam were missing any **protection service**.

Wizcase worker, Avishai Efrat found that these cameras were installed equally by both households and businesses in nations from Europe, the Americas and Asia.

#### Reason: The Vulnerability of The Users Or Manufacturer’s Aggressive Marketing Strategy?

![Spear phishing prevention](https://media.mailhop.org/phishprotection/images/2019/09/spear-phishing-prevention-2588.jpg) 

This lack of [phishing protection](/) reveals user information and approximate geolocation. Hence, it gives adversaries the scope to rob the monitored premises, blackmail users, and also steal PII for identity fraud. _It happens because the manufacturers are so engrossed in making device installation hassle-free that they tend to overlook security standards_, let alone maintain them.

_Hence users must make it a point to configure a **home VPN network** so that the webcam remains safe from the public-facing internet_.

### International Hotel Chains Hit With Credit Card Stealing Malware

The online hotel reservation system of international hotel chains spread across 14 countries and 180 locations, was [detected with credit card-swiping malware](https://www.forbes.com/sites/leemathews/2019/09/18/credit-card-stealing-malware-strikes-websites-of-two-international-hotel-chains/#687deb18774b). The malware Mageart (used for the attack) uses a technique called ‘**script injection**’ which involves running untrusted code exploiting the vulnerabilities in e-commerce platforms. It speaks of the inefficient [anti-phishing protection](/products/advanced-threat-defense/) of the platforms.

#### What Was The Modus Operandi?

The Magecart attackers coded a simple fix by creating a natural-looking form that included a CVV field. It also translated the questionnaire into Dutch, English, French, German, Italian, Portuguese, Russian, and Spanish. The compromised online hotel reservation system is a part of Roomleader, a Barcelona-based provider of solutions for the hospitality industry.

### \*\*\*\*No Hacks Needed, Medical Records Of Americans Already Out

Perhaps a rare sight but a critical situation is the one recently revealed jointly by ProPublica and German broadcaster Bayerischer Rundfunk. _They announced that the medical servers of the US had been most carelessly designed to be accessible by literally anybody with an internet connection_. The investigation found that the [medical data of about 5 million patients in the US](https://www.engadget.com/2019/09/17/online-medical-data-vulnerable/) was accessible through some free software or a simple web browser.

#### Phishing Attack Protection Takes A Back-Seat

This issue gains significance because it is akin to serving information to the hackers on a platter. Around **187 medical servers** spread throughout the US were found to be unprotected, missing even a password, let alone other sophisticated cybersecurity measures! [Protection from phishing](/) attacks takes a back-seat when creators leave sensitive details of patients unguarded on the web. These include name, birthdays and even social security numbers (in some cases). Moreover, _many of those same servers were running outdated software, making them vulnerable to a variety of known exploits_. Mentioning the figures, ProPublica pointed out that about **13.7 million medical tests** and 400,000 x-rays for patients in the US were out in the open for attackers to find, use, and exploit. 

#### Medical Units Accept The Flaw

Although ProPublica couldn’t prove that the records were accessed and copied elsewhere, yet this speaks volumes of the vulnerability of the medical servers. This vulnerability marks a violation of the federal government’s Health Insurance Portability and Accountability Act (HIPAA). HIPAA (enacted in 1996) is an act governing the handling of sensitive data. ProPublica informed the clinics of the fatal flaw in their servers, and many of them have taken immediate measures to strengthen their **online security**. However, it shall take plenty of time before each of these medical units gets rid of the vulnerability.

### Another Ransomware Attack On A School

Stagnating the functioning of almost [3000 computers in the Wallenpaupack Area School District](https://cyware.com/news/wallenpaupack-area-school-district-hit-with-ransomware-attack-563d11fa), attackers recently launched a **ransomware attack**. It encrypted all the files stored in the machines and then flashed a message on the screen directing the victims to an e-mail address that displayed the ransom payment guidelines.

#### For A Change: District A Step Ahead Of The Adversaries

But it’s unlikely that the district will succumb before the attackers as they are not on the losing end because of this attack. _They have most of their files backed up and are now focusing on retrieving everything_. As [protection against phishing](/), the district hired a security consultant to analyze the incident and extract the encrypted systems. Simultaneously, work continues for restoring Powerschool and other educational programming systems. Their determination to challenge the attackers doesn’t end here. _They also plan to train their teachers and staff on how to **identify phishing e-mails** that can lead them to fall prey to a probable scam_. The district’s IT department shall work in close association with the hired security consultant to improve the security systems of the region.

### \*\*\*\*Data Breach Of 24.3 Million Users Of Lumin PDF

A hacker recently released details of more than [24.3 million Lumin PDF users on a hacking forum](https://www.zdnet.com/article/data-of-24-3-million-lumin-pdf-users-shared-on-hacking-forum/). These details included full names, e-mail addresses, gender, (language) locale settings, and a hashed password string or Google access token belonging to the users.

#### A Brief Intro About Lumin PDF

_Lumin PDF is a third party cloud-based PDF service_. It lets you view, edit, and share PDF files over a web-based dashboard, inside a browser extension, or through the company’s mobile apps. It is more prevalent among Google Drive users for opening problematic PDF documents by installing it on their accounts.

#### An Act Of Revenge

The hacker (whose identity is unknown) claims that he contacted the Lumin administrators several times regarding his queries, but they remained unresponsive throughout the past few months. _He doesn’t mention how their ignorance equates to sharing user details on a hacking platform, but it appears to be a vindictive act_. The hacker adds that he could access the files from an **exposed and unprotected** MongoDB database of Lumin PDF, way back in April 2019.

#### Lumin PDF: Invalid Google Access Tokens

Lumin PDF, on the other hand, claims that the hacker’s comment that the leaked data contained valid **Google access tokens** weren’t accurate. _They say that had it been true then the abused tokens would have allowed attackers to impersonate real users and access Google Drive accounts_. They add that the tokens were all expired. They concluded that the vulnerabilities which were exploited by the attacker were patched to [prevent phishing](/) attacks in the future.

Google too was contacted who informed that their experts were investigating the issue. Google advised users to revoke app permissions for Lumin PDF and add the app once again to their Google account. Thus, _they can be 100% sure that the access tokens are indeed ineffective_. The guidelines to do so are available on the support page of Google Drive.

### No Privacy Left For Ecuadorian Citizens

In what seems like [the worst form of data theft](https://www.bbc.com/news/technology-49715478), _the personal details of almost the entire population of Ecuador was exposed on the internet._ The details include the names, financial information and local data, official government ID numbers, phone numbers, family records, marriage dates, education histories, and work records of approximately **17 million people**, including 6.7 million children.

#### A Data Breach That Touches Multiple Sectors

_The security company vpnMentor discovered this massive breach_. The breach exposed citizens’ financial records and account balances of bank customers on the one hand. It also revealed the tax records and official revenue ID numbers of companies.

This breach stands out as a serious one simply because of the expanse of data it reveals and the multitude of people affected by it. After this breach, the list of the wealthiest Ecuadoreans, their home addresses, the cars they drove, and their registration plate numbers, etc. was accessible to anyone with the click of a button. But thankfully, _the Ecuador Computer Emergency Response Team has disabled access to the data to ensure protection from phishing and any further damage_.

### \*\*\*\*Ransomware Attack Hits Entercom

![Prevent spear phishing](https://media.mailhop.org/phishprotection/images/2019/09/prevent-spear-phishing-1369.jpg) 

Entercom Communications, the Philadelphia-based broadcasting company, was [recently hit by a ransomware attack](https://cyware.com/news/attackers-infected-radio-giant-entercom-with-ransomware-and-demanded-ransom-payment-of-500000-7ef8eda6). _It disrupted the functioning of radio stations by spreading infection in internal digital systems_, including e-mail systems, music scheduling, production, billing, and shared network drives. Consequently, some radio stations were compelled to complete music logs manually and function without commercials.

The attacker infected Entercom’s computer network and demanded a **ransom amount of $500,000** to release the locked systems.

#### A Slew Of Disruptions For The Broadcasting Company

The attack initially infected a hacked machine in programming with ransomware and then seized the e-mail systems, music scheduling, production, billing, and shared network drives of Entercom. _This attack has not only disrupted the smooth functioning of the radio stations, but it has also put a halt at e-mail services and internet connectivity_. In addition to this, the print server ‘**Mabosprint**’ has also become dysfunctional.

#### The Administrations Springs Into Action

As an [**anti-phishing**](/) measure, the employees were asked to avoid connecting the company laptops to the wired network, which was infected by the attack. Since they could not afford to let the radio stations be inactive, they locked down the playout systems. It made it possible for radio stations to keep broadcasting without any interruption. Likewise, all those disconnected computer systems with the Active Directory continued to operate unaffected. However, _Entercom made it very clear that they shall, under no circumstances, comply with the demands of the attackers_. They will not pay the ransom and have apologized to the subscribers and the public for the inconvenience. Entercom is sincerely trying to set things right.

### Second Ransomware Attack In Wolcott School System Causes Mayhem

Still recovering from the attack that hit the Wolcott school system in Wolcott, Connecticut, the school was once again the [victim of a second cyberattack last week](https://www.natlawreview.com/article/school-system-victimized-second-ransomware-attack-months). _This attack could be an act of revenge for not paying the demanded ransom in the previous attack_, but it might also be just a coincidence. This attack held the teacher lesson plans as a hostage and consequently, the school had to stop its computer system once again. This second attack has come at a time when the school is still struggling to revive from the previous **cyber setback**, and naturally, it has created much mayhem among the authorities.

#### Its High Time To Deploy Robust Anti-Phishing Measures

Attacks on schools and municipalities have grown ominously in recent times, and the fact that these attacks are only increasing speaks a lot about the quality of [anti-phishing solutions](/) incorporated by these sectors. Additionally, the fact that the ransom amount gets readily paid to the adversaries without retaliation acts as an incentive and motivation for the attackers. Thus, they keep launching newer and more advanced attacks to target the vulnerabilities that exist in the system.

The reason why the schools and municipalities become easy targets of the attackers is that these sectors do not spend enough resources to ensure **phishing attack prevention** for their systems. Hence, _the authorities need to consider this aspect seriously and spend wisely beforehand to save spending on ransom later_.

### Data Breach At Carle Foundation Hospital

In a [recent incident of a data breach](https://cyware.com/news/carle-foundation-hospital-hit-with-data-breach-compromising-patient-information-60210b17), attackers could get through the e-mail accounts of three top physicians at Carle Foundation Hospital in Urbana, Illinois. _This act of intrusion via a **phishing e-mail** on the part of the adversaries led to a system breach that compromised the details of several patients_. The leaked data includes names, medical record numbers, dates of birth, and clinical information such as diagnosis and treatment plan of some of the patients. Though the attack revealed the details of selected patients availing cardiology or surgery services at the Carle Foundation Hospital, yet the hospital was prompt in taking action against the breach.

#### Hospital Administration Quick To Act

Immediately after the unauthorized third-party got access to the e-mail accounts of the three employees, the hospital appointed a renowned cybersecurity firm. _It began an extensive investigation to get to the roots of the attack and locate the amount and extent to which they had lost data in the bargain_. Also, the compromised e-mail accounts got secured at the earliest.

#### Hospital Administration: The Breach Is Contained

The three employees whose e-mail accounts got hacked exhibited poor e-mail [phishing protection](/) skills. _The hospital was fortunate enough to not lose sensitive details of patients such as their Social Security numbers or financial information_. The hospital also assured that the attackers hadn’t misused the details of the patients, and their privacy is still very much intact.

### Protect Your Organization

- [Learn how phishing attacks work and how to spot them](/learn-what-is-phishing/)
- [See how Phish Protection blocks threats in real time](/anti-phishing-tools/)

## Topics

[ Cybersecurity ](/tags/cybersecurity/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Intermediate 3m  13,000 Singapore-based students affected as a threat actor hacked into their devices!  Aug 16, 2024 ](/blog/13000-singapore-based-students-affected-as-a-threat-actor-hacked-into-their-devices/)[  Intermediate 3m  The 2024 Multi-Nation Elections Need to Steer Clear of Highly Potent Cyber Menaces  May 9, 2024 ](/blog/2024-multi-nation-elections-cyber-threats-stay-vigilant/)[  Intermediate 6m  7 Commonly Overlooked But Crucial Security Threats That You Might be Ignoring  Feb 6, 2023 ](/blog/7-commonly-overlooked-but-crucial-security-threats-that-you-might-be-ignoring/)[  Intermediate 17m  9+ Cybersecurity Software Solutions For Businesses To Use  May 30, 2022 ](/blog/9-cybersecurity-software-solutions-businesses/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity Updates For The Week 39","description":"The recent updates from the world of cybersecurity touch many crucial areas and offer critical insights for individuals and businesses who are keen to improve.","url":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-39/","datePublished":"2019-09-28T10:28:47.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2019-09-28T10:28:47.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-39/"},"articleSection":"intermediate","keywords":"Cybersecurity","wordCount":2327,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2019/09/spear-phishing-prevention-2588.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Cybersecurity Updates For The Week 39","item":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-39/"}]}
```