--- title: "Cybersecurity Updates For The Week 4 of 2021 | Phish Protection" description: "Several organizations and institutions became the target of cyberattacks over the week, and there doesn’t seem to be an ideal phishing prevention scheme." image: "https://phishprotection.com/og/blog/cybersecurity-updates-for-the-week-4-of-2021.png" canonical: "https://phishprotection.com/blog/cybersecurity-updates-for-the-week-4-of-2021/" --- Quick Answer Intensifying its attacks further, Thallium has used the Nullsoft Scriptable Install System (NSIS) to develop a Windows executable with malicious code and launching \*\*spear-phishing attacks\*\* with the XSL Script Processing technique. \_Its ultimate objective is to infect devices with a RAT\_. Such sophisticated attacks are a hint for organizations to strengthen their \[anti-phishing protection\](/) plans. Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-4-of-2021%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20Updates%20For%20The%20Week%204%20of%202021&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-4-of-2021%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-4-of-2021%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-4-of-2021%2F&title=Cybersecurity%20Updates%20For%20The%20Week%204%20of%202021 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20Updates%20For%20The%20Week%204%20of%202021&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-4-of-2021%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2021/01/what-is-a-zero-day-attack-0324.jpg) _Several organizations and institutions became the target of cyberattacks over the week_, and there doesn’t seem to be an ideal [phishing prevention](/) scheme. However, cybersecurity is all about **protection from phishing** attacks since eradicating them is a near-impossible task. Here are the major phishing headlines from the bygone week ### \*\*\*\* Hacker Group Thallium Targets Private Stock Investment Messenger _The North Korea based hacker group Thallium has found its latest victim in stock investors_. The group is using supply chain attacks to inject malicious codes into a private stock investment [messaging application](https://cyware.com/news/thallium-hacker-targeted-users-of-private-stock-investment-messenger-ac33d20d). Stock investors are attacked with malicious Office documents and Windows installers, which then take on investors’ systems. Intensifying its attacks further, Thallium has used the Nullsoft Scriptable Install System (NSIS) to develop a Windows executable with malicious code and launching **spear-phishing attacks** with the XSL Script Processing technique. _Its ultimate objective is to infect devices with a RAT_. Such sophisticated attacks are a hint for organizations to strengthen their [anti-phishing protection](/) plans. ### \*\*\*\* Data Breach Hits The Reserve Bank Of New Zealand _An unknown hacker has compromised one of the data systems of the Reserve Bank of New Zealand_. The breach has exposed some personally and commercially sensitive information of customers stored on a third-party file sharing service. The bank is taking [phishing attack prevention](/) measures and collaborating with international cybersecurity experts and relevant authorities to investigate the breach. ![What is a zero day attack](https://media.mailhop.org/phishprotection/images/2021/01/what-is-a-zero-day-attack-0324.jpg) Although the breach has been contained, the systems are to remain down until the initial investigations are done. _The bank has not disclosed too many details about the breach_. Still, Dave Parry (computer science Professor at Auckland University) suggests the role of a [foreign government](https://www.theguardian.com/world/2021/jan/11/new-zealands-central-bank-says-its-systems-have-been-hacked?&web%5Fview=true) in this bank attack. ### \*\*\*\* 100,000 UNEP Employee Records Publicly Available _A group of security researchers from Sakura Samurai found a vulnerability in the United Nations Environmental Programme (UNEP) network_, which exposed the personal details of **100,000 of its employees** for an unknown period. _The researchers found publicly accessible Git directories and credentials,_ cloning which they could access the PII of UNEP employees and even access UNEP’s source codebase. The [exposed data](https://www.bleepingcomputer.com/news/security/united-nations-data-breach-exposed-over-100k-unep-staff-records/?&web%5Fview=true) includes the names, employee IDs, employee groups, and their travel history. After the issue was reported to the UN, Saiful Ridwan, the Chief of Enterprise Solutions at UNEP, acknowledged the breach and initiated measures to [prevent phishing](/) attacks. The UNEP is now notifying affected employees about the breach. ### \*\*\*\* Google Indexes Private Whatsapp Group Links A lot of commotion surrounds WhatsApp’s new privacy policy, which states that using the _app is forbidden from 8th February 2020 if users don’t let the app share some of their data with its parent company_ (Facebook). Adding to this **privacy issue** is the latest discovery by security researcher Rajshekhar Rajaharia. He found that Google is indexing the invite links to private WhatsApp groups, and anyone browsing for it online can access the link and join any private [WhatsApp group](https://ciso.economictimes.indiatimes.com/news/whatsapp-group-chat-links-seen-again-on-google-search/80203646). Recently, _the issue became severe when more than 4,000 Whatsapp private group invite links were found on Google_. Alison Bonny from WhatsApp says that it isn’t the app’s fault if users carelessly post group invite links (meant to be private) on a publicly accessible website. In conclusion, it’s safe to say that using WhatsApp is a personal choice we make. With or without the new privacy policy, it’s always recommended to adhere to [phishing prevention tips](/content/phishing-prevention/) and have healthy password habits. ### \*\*\*\* Korean Teen Dating App Sweet Chat Releases 1 Million Sensitive Photos _Security researchers recently found an unprotected database belonging to the free Korean Dating app for teens, Sweet Chat_. The database contained **over 1 million photos** of users, half of which were explicit. Although names or other personal details weren’t mentioned in the database, it did include user IDs, which can track a user via reverse-image searches. A total of [1,000,993 files](https://cybernews.com/security/1-million-highly-sensitive-pictures-leaked-by-korean-teen-dating-app/?web%5Fview=true) were discovered in two paths, feed and messages. While the path ‘feed’ seems to be containing publicly displayed images (113,944 images in total), the path ‘messages’ had explicit content, which was probably sent over the private chat (886,555 images in total). The file path also contained an ‘M’ or ‘F,’ indicating the gender (male and female) as pictures were categorized accordingly. Sweet Chat users who are worried about being affected by this breach must consider adopting [anti-phishing solutions](/products/advanced-threat-defense/). It is advisable to delete all images you uploaded on the app and be vigilant till the app announces that the incident has been dealt with. ### \*\*\*\* Cyberattack Hits Car-Sharing Service Communauto _The Montreal-based car-sharing service Communauto recently underwent a cyberattack that brought down its computer systems_. The attackers used the holiday season to target Communauto and [steal the personal information](https://montrealgazette.com/news/local-news/communauto-hit-by-cyber-attack?&web%5Fview=true) of its clients. The compromised data includes the names, email addresses, civic addresses, and member numbers of clients. ![Phishing definition](https://media.mailhop.org/phishprotection/images/2021/01/phishing-definition-7451.jpg) The good thing is that the adversaries couldn’t compromise clients’ credit card information as the data was stored with a third-party service provider. _The attack has disrupted the normal functioning of Communauto_, but the company has hired an IT security firm to investigate the breach. They negotiated with the adversaries and were assured that all **data stolen** would be destroyed. As long as phishing protection is guaranteed, it is okay to pay a ransom, but the question remains, how true will the adversaries be to their words? ### \*\*\*\* Muslim Prayer App Salaat First Sells User Data Muslim prayer app Salaat First performs the noble task of reminding users when to pray. However, _the app was recently found engaging in the less noble act of recording and selling the users’ location data to a data broker_ (Predicio), who then sells it to third parties. The leaked data included users’ movement data, latitude and longitude, operating system, phone model, IP address, etc., which is more than enough to monitor the everyday movements of a [Muslim user](https://www.infosecurity-magazine.com/news/location-data-muslim-prayer-app/?&web%5Fview=true) of the app. Salaat First mentions in its privacy policy that user data is shared with third parties, but this doesn’t justify selling the same information. Following this breach’s discovery, Predicio released a statement on its website reinforcing its stringent measures for [protection against phishing](/). This incident calls for all applications to review how their company handles PII and enforce strict **anti-phishing tools** where they see a loophole. ### \*\*\*\* Europol Cops Take Down The World’s Largest Illegal Digital Marketplace _DarkMarket is the largest illegal dark web marketplace_, and the Europol cops were successful in bringing it down recently. They have arrested an unnamed Australian citizen residing in Germany who is believed to be running DarkMarket. The said dark web has processed over [320,000 transactions](https://www.theregister.com/2021/01/13/darkmarket%5Feuropol%5Fshutdown/?&web%5Fview=true) to date, which amount to **over $170 Million**. A special unit of cybercops from Koblenz, Oldenburg, and international organizations (such as the US’ DEA, IRS, FBI, and the UK’s National Crime Agency) was instrumental in bringing down the malicious dark web forum facilitating the sale of fake money, credit cards, drugs, malware, etc. Such progressive cybersecurity measures reassure us that [protection from phishing](/) can be attained with a bit of everyone’s effort. ### Protect Your Organization - [Learn how phishing attacks work and how to spot them](/learn-what-is-phishing/) - [See how Phish Protection blocks threats in real time](/anti-phishing-tools/) ## Topics [ Announcements ](/tags/announcements/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Intermediate 5m Cybersecurity Updates For The Week 33 of 2022 Aug 22, 2022 ](/blog/cyber-security-news-update-week-33-2022/)[ Intermediate 6m Cybersecurity Updates For The Week 41 of 2022 Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[ Intermediate 5m Cybersecurity Updates For The Week 1 of 2021 Jan 1, 2021 ](/blog/cybersecurity-updates-for-the-week-1-of-2021/)[ Intermediate 6m Cybersecurity Updates For The Week 1 of 2022 Jan 7, 2022 ](/blog/cybersecurity-updates-for-the-week-1-of-2022/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity Updates For The Week 4 of 2021","description":"Several organizations and institutions became the target of cyberattacks over the week, and there doesn’t seem to be an ideal phishing prevention scheme. ","url":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-4-of-2021/","datePublished":"2021-01-22T13:29:50.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2021-01-22T13:29:50.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-4-of-2021/"},"articleSection":"intermediate","keywords":"Announcements","wordCount":1186,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2021/01/what-is-a-zero-day-attack-0324.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Cybersecurity Updates For The Week 4 of 2021","item":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-4-of-2021/"}]} ```