--- title: "Cybersecurity Updates For The Week 41 | Phish Protection" description: "Cybersecurity Updates For The Week 41: Cybersecurity is a dynamic arena with some event or the other never ceasing to take place. While cybersecurity." image: "https://phishprotection.com/og/blog/cybersecurity-updates-for-the-week-41.png" canonical: "https://phishprotection.com/blog/cybersecurity-updates-for-the-week-41/" --- Quick Answer Cybersecurity is a dynamic arena with some event or the other never ceasing to take place. \_While cybersecurity measures reach unmatched levels of sophistication and ultra protection, cyber attacks make an equal stride\_. Thus the stifle between the good and the bad actors of the cyber world is never-ending. However, anyone interested in these affairs would want to keep track of all \[phishing prevention\](/) measures that have been possibly invented. Keep yourself updated about the latest activities from the cybersecurity Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-41%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20Updates%20For%20The%20Week%2041&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-41%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-41%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-41%2F&title=Cybersecurity%20Updates%20For%20The%20Week%2041 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20Updates%20For%20The%20Week%2041&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-41%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2019/10/how-to-prevent-phishing-3692.jpg) Cybersecurity is a dynamic arena with some event or the other never ceasing to take place. _While cybersecurity measures reach unmatched levels of sophistication and ultra protection, cyber attacks make an equal stride_. Thus the stifle between the good and the bad actors of the cyber world is never-ending. However, anyone interested in these affairs would want to keep track of all [phishing prevention](/) measures that have been possibly invented. Keep yourself updated about the latest activities from the cybersecurity world as we bring you the major events from the past week: ### Malware Attack On Rheinmetall Branches In Three Nations Rheinmetall AG, Düsseldorf based German corporation, was [recently attacked by a malware](https://www.zdnet.com/article/malware-infection-disrupts-production-at-defence-contractor-plants-in-three-countries/) that has caused much disruption and distress in the plants of the company in three countries. _Rheinmetall is one of the biggest defense contractors in the world_, manufacturing armored fighting vehicles, tanks, ammunition, and various electronic systems. The malware infected their plants in Brazil, Mexico, and the US. Although the specifics of the attack have not been disclosed by the company yet, _Rheinmetall expects the malware to have a lasting impact in the long run_. They are confident that they would be able to assure deliverability in short term, however, the exact length of the disruption stands undefined, but it possibly would range from two to four weeks. The attack is expected to adversely affect operating results between **€3 million and €4 million per week** from the second week. As it turns out, many more such attacks have happened on various other companies in the past one year, and Rheinmetall is not the only company to have suffered because of a malware infection defying [phishing protection](/) measures. ### New Malware Hits Pcs In The US & Europe, Identity Dubious Thousands of PCs in the [United States and Europe have been affected](https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/) by a new malware which has been identified by Microsoft and Cisco Talos and named as “Nodersok” and “Divergent” respectively by both companies. _The malware operates by turning systems into proxies for performing malicious activities_. In spite of having its components, Nodersok/ Divergent makes use of existing tools to conduct its malicious work. It operates by leveraging the Node.js framework and WinDivert to convert the systems of victims into proxies. However, Microsoft and Cisco Talos have very different takes on the malware and its operation. While _Microsoft says that Nodersok turns machines into proxies and uses them as a relay to access other network entities_; Cisco Talos feels that the proxies created by the malware are used to conduct click fraud. Cisco Talos further adds that the malware is still under development. Nodersok launches a two-stage attack that downloads multiple components on a user’s PC. _It gets loaded when victims run an HTA file_. As an **anti-phishing** measure, _Microsoft suggests that users must not run HTA files found on their systems, particularly those whose origin cannot be tracked down._ ### Yet Another Sim Card Attacker Found, Also A Detector Invented [A sim card attacker similar to Simjacker has been recently identified](https://www.zdnet.com/article/new-sim-card-attack-disclosed-similar-to-simjacker/) by researchers, which is known as “WIBattack”. This lets malicious actors track the devices of users by abusing the lesser-known apps running on SIM cards. **WIBattack and Simjacker** have similar commands and operate similarly. However, they differ in their target apps: Simjacker runs against the S@T Browser app while WIBattack runs against the Wireless Internet Browser (WIB) app. These browsers support similar commands such as: getting the location data, sending an SMS, starting a call, sending SS and USSD requests, launching an internet browser with a specific URL, displaying some text on the device, playing a tone, etc. ![How to prevent phishing](https://media.mailhop.org/phishprotection/images/2019/10/how-to-prevent-phishing-3692.jpg) Researchers claim that WIBattack was located by them way back in 2015 when they found Simjacker\_,\_ but they chose to keep this from the public then. _They found that there are perhaps hundreds of millions of devices SIM cards with a WIB app_. But other researchers are skeptical of these figures. Experts from SRLabs have developed two apps, viz., SIMTester, and SnoopSnitch. SIMTester is a desktop app that can be used to test SIM cards for security flaws, and SnoopSnitch is an Android app that can check smartphones for various SIMs, mobile networks, and OS security flaws. These apps come as great [anti-phishing tools](/products/malware-and-ransomware-protection/) that can be used by curious users to check whether their SIM card runs the S@T or WIB apps. ### New Korean Malware Eyeing Indian Financial Institutions Kaspersky identified a new active malware in some of the Indian financial institutions, which is _capable of stealing confidential information like transaction details from the system_. The malware is supposedly a creation of the _Lazarus group which is under North Korea’s primary intelligence bureau_. A banking malware called ATMDtrack has been tracked by researchers in the Indian banks, which once planted in the ATMs can read and store the data of cards inserted into the ATMs. _Over 180 new malware samples with code sequences similar to the ATMDtrack were found_. The malware ATMDtrack was also spotted last year in its attempt at infiltrating Indian ATMs and stealing customer card data. The new spyware Dtrack uploads and downloads files to the device of the victim **records keystrokes** and conducts other malicious remote administration tool (RAT) actions. _Dtrack gives the attackers complete control over infected devices to perform their malicious activities like uploading and downloading files and executing key processes_. The systems that are infected with Dtrack have weak network security policies and password standards. Once successfully installed, Dtrack lists all the available files and running processes, keylogging, browser history, and host IP addresses. What makes Track all the more dangerous and hard for [anti-phishing services](/products/email-fraud-protection/) to track is the fact that the threat might seemingly disappear, but it can be revived in a new disguise and attack new targets at any time. ### Encrypted PDF Files No Longer Safe A new attack comes to the top, _which can access even encrypted PDF files._ Known as ‘PDFex’, the [malware seems to outsmart all major PDF viewers](https://cyware.com/news/new-attack-dubbed-pdfex-can-exfiltrate-data-from-encrypted-pdf-files-b3868b40) such as Adobe Acrobat, Foxit Reader, Evince, Nitro, and Chrome and Firefox’s built-in PDF viewers. PDFex operates in two forms: Data exfiltration and CBC Gadgets. _PDFex exfiltrates data from encrypted Portable Document Format (PDF) files and gives the attacker access to the encrypted files for manipulation, even without having the corresponding passwords_. This happens because PDF encryption uses the Cipher Block Chaining (CBC) encryption mode, which allows almost anyone to create **self-exfiltrating ciphertext** parts using CBC gadgets. Attackers exploit the [phishing protection](/) flaw in PDF apps that do not encrypt a PDF file completely, giving attackers the leeway to alter the unencrypted fields, add unencrypted objects. ### Oyo Leaves Customer Data Exposed Due To Security Flaw The Ritesh Agarwal founded hospitality chain OYO leaves customer [data unprotected and exposed because of a security flaw](https://ciso.economictimes.indiatimes.com/news/oyo-leaves-customer-data-exposed-due-to-a-security-flaw/71402882). This was pointed out by an independent researcher Jay Sharma in August. Sharma was required to furnish his booking ID and phone number to access the hotel’s WiFi after he had checked-in to an OYO hotel and made the bells ring in his head. He researched and found that the _“http” & “ssh” ports were open, without any rate limit for the IP which was hosting this_. The researcher posted about this on Linkedin where he said that guest data including booking IDs, phone numbers, the number of people staying in a room, the date of the booking, and location from the past few months could be easily accessed online. While Oravel Stays (parent company of OYO Hotels & Homes) has rewarded Sharma with a sum of Rs 25,000; he has asked users not to use the app until OYO fixes the issue. _The hotel, on the other hand has claimed that the vulnerability is only restricted to that particular property and has been fixed immediately_. They reassured about the quality of [phishing protection service](/) they employed and said that they are meticulous about the safety of their customers and take even the slightest of security threats very seriously. ### Major Ransomware Attack Hits Victorian Hospitals, Proceedings Delayed A major **ransomware attack** hit the computer networks in at least [seven major regional hospitals](https://amp-theage-com-au.cdn.ampproject.org/c/s/amp.theage.com.au/national/victoria/surgeries-delayed-and-patient-security-fears-after-cyber-attack-on-victorian-hospitals-20191001-p52wp1.html). This has brought down the booking systems, delayed surgeries, and put patient information security at stake. Several hospitals in Gippsland Health Alliance and South West Alliance of Rural Health, along with hospitals in Warrnambool, Colac, Warragul, Sale, and Bairnsdale, were affected in this attack. Following are the repercussions at some of the major hospitals in the chain: - **Geelong’s Major University Hospital**: The computer systems at the hospital have been shut down, making them switch back to the manual mode of recording details. - **West Gippsland Hospital**: There are high chances that the computer booking and record-keeping systems at the West Gippsland Hospital could be down for over two weeks. - **Barwon Health and University Hospital**: It is uncertain as to how many elective surgeries will be delayed as a result of the attack at Barwon Health facilities and University Hospital. Barwon Health handles a massive number of patients every year, with 86,000 patients being admitted in the previous financial year. - **Gippsland**: The attack has made the aged care at Warrnambool and radiation services in Gippsland suffer. _Premier Daniel Andrews said that it might take several weeks to restore the network_, but there is no indication of patient information being accessed by attackers, but in case it is unearthed later, the patients would be immediately informed of the same. Although the attack has created much havoc, the hospitals have not let it affect the emergency surgery and emergency departments. They are now working with the Victoria Police and experts from the Australian **Cyber Security Centre** to secure their system and get to the roots of the attack. What makes the attack less pitiable for viewers is the fact that the attack was imminent. _The Auditor-General of the state had warned way back in May that Victoria’s health databases contain some severe security flaws_. It is because of the authorities choosing to ignore the warnings and failing to adopt any [anti-phishing solutions](/products/advanced-threat-defense/) that the attack occurred in the first place! Jill Slay of La Trobe University says that the attack comes as a lesson for the authorities to act while there is still time. _This also means that not having your systems protected would make it all the more easier for attackers to execute phishing scams,_ since such mails can easily get into the inbox of employees, and a mere click by an employee is enough to bring down an entire system! ### Former Yahoo Engineer Penalized For Hacking Into 6000+ User Accounts The U.S. Department of Justice charged a _former Yahoo software engineer, who illegally hacked into the personal accounts of thousands of Yahoo users in search of sexual images and videos_. The 34 years old engineer Reyes Daniel Ruiz from Tracy, California, confessed to having misused his knowledge and [position to get into over 6,000 Yahoo accounts](https://www.cbsnews.com/news/yahoo-hack-former-engineer-reyes-daniel-ruiz-admits-hacking-6000-accounts-searching-for-sexual-images/). He cracked user passwords and accessed internal Yahoo systems to gain access. He also accessed the iCloud, Facebook, Gmail, DropBox, and other online accounts of users, particularly the accounts of younger women in search of private images and videos. He didn’t even spare his colleagues and friends. He had copies of their pictures and videos saved on his home network and later destroyed the computer and hard drive when Yahoo grew suspicious of his conduct. _Currently, he is facing a charge of five years in prison and has to pay a fine of $250,000._ ### Sportswear Brand Asics Becomes Victim Of Pornographic Cyber Attack The world witnesses an [innovation in pornographic cyber attacks](https://www.forbes.com/sites/zakdoffman/2019/09/30/asics-blames-hackers-for-running-hours-of-porn-on-store-window-display-screens/#57b135266ad3) with the recent invasion of major sportswear brand Asics. Asics undergoes an attack different from the usual ones with fake claims of having captured victims while accessing illicit sites and then demanding money for not exposing their conduct. _In the said attack, large storefront display screens of Asics played pornographic videos for nine hours from about 1 a.m. at 10 a.m_. This happened at a major high street in Auckland, New Zealand, last Sunday. ![Phishing prevention](https://media.mailhop.org/phishprotection/images/2019/10/phishing-prevention-2693.jpg) _Asics apologized for the blunder on Facebook since even children were the viewers of the dishonorable screening of the adult video_, which was allegedly because of a “cyber attack”. They added that measures are being adopted to ensure [phishing attack prevention](/) in future. _The police have been informed about the attack, and they too are investigating the attack._ ### Data Breach Exposes Details Of 20 Million Russians Bob Diachenko, A top Security Researcher, [discovered a database with records of over 20 million Russians](https://www.theinquirer.net/inquirer/news/3082128/russia-tax-records-exposed-online). The details contained therein consisted of the names, addresses, residency statuses, passport numbers, phone numbers, Tax ID numbers, employer names and tax amounts of citizens. This database was left exposed and unprotected, and anybody with a simple web browser could easily access the personal records of millions of Russians (particularly those based around Moscow) dated between 2009 and 2016. Although the databases were brought down last May, _they were out on the web for anybody to access for over 16 months_. It cannot be said for sure whether anybody founded the records online before they were brought down, but it’s wise for Russians to be on guard and try to identify and ensure [protection from phishing](/) attacks. With the basic personal information leaked, attackers could easily impersonate tax officials of other services and launch a phishing scam in the near future. Hence, it is recommended that the Russians stay vigilant! ### Protect Your Organization - [Learn how phishing attacks work and how to spot them](/learn-what-is-phishing/) - [See how Phish Protection blocks threats in real time](/anti-phishing-tools/) ## Topics [ Cybersecurity ](/tags/cybersecurity/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Intermediate 3m 13,000 Singapore-based students affected as a threat actor hacked into their devices! Aug 16, 2024 ](/blog/13000-singapore-based-students-affected-as-a-threat-actor-hacked-into-their-devices/)[ Intermediate 3m The 2024 Multi-Nation Elections Need to Steer Clear of Highly Potent Cyber Menaces May 9, 2024 ](/blog/2024-multi-nation-elections-cyber-threats-stay-vigilant/)[ Intermediate 6m 7 Commonly Overlooked But Crucial Security Threats That You Might be Ignoring Feb 6, 2023 ](/blog/7-commonly-overlooked-but-crucial-security-threats-that-you-might-be-ignoring/)[ Intermediate 17m 9+ Cybersecurity Software Solutions For Businesses To Use May 30, 2022 ](/blog/9-cybersecurity-software-solutions-businesses/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity Updates For The Week 41","description":"Cybersecurity Updates For The Week 41: Cybersecurity is a dynamic arena with some event or the other never ceasing to take place. While cybersecurity.","url":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-41/","datePublished":"2019-10-11T09:42:42.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2019-10-11T09:42:42.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-41/"},"articleSection":"intermediate","keywords":"Cybersecurity","wordCount":2255,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2019/10/how-to-prevent-phishing-3692.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Cybersecurity Updates For The Week 41","item":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-41/"}]} ```