---
title: "Cybersecurity Updates For The Week 42 | Phish Protection"
description: "Today"
image: "https://phishprotection.com/og/blog/cybersecurity-updates-for-the-week-42.png"
canonical: "https://phishprotection.com/blog/cybersecurity-updates-for-the-week-42/"
---

Quick Answer

Today's cyberspace includes computer resources, IT networks, and all the fixed and mobile devices which connect to the internet. Because of \_the borderless nature of the global internet, protection of critical infrastructure operations is emerging as a significant challenge\_. Hackers always look to \*\*exploit the vulnerability\*\* of an unsuspecting internet user. Hence, cybersecurity experts strive to combat these threats by inventing new \[anti-phishing solutions\](/) regularly. Here we present some of the latest news headlines from the cyber world.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-42%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20Updates%20For%20The%20Week%2042&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-42%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-42%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-42%2F&title=Cybersecurity%20Updates%20For%20The%20Week%2042 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20Updates%20For%20The%20Week%2042&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-42%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2019/10/phishing-prevention-best-practices-3651.jpg) 

Today’s cyberspace includes computer resources, IT networks, and all the fixed and mobile devices which connect to the internet. Because of _the borderless nature of the global internet, protection of critical infrastructure operations is emerging as a significant challenge_. Hackers always look to **exploit the vulnerability** of an unsuspecting internet user. Hence, cybersecurity experts strive to combat these threats by inventing new [anti-phishing solutions](/) regularly. Here we present some of the latest news headlines from the cyber world.

### Russian Group Turla Tries Modifying Chrome And Firefox

Russian hacking group Turla went ahead of contemporaries and attempted to achieve goals more significant than just [exploiting the vulnerabilities in a web browser](https://www.engadget.com/2019/10/06/russian-hackers-modify-chrome-firefox/?guccounter=1&guce%5Freferrer=aHR0cHM6Ly9jeXdhcmUuY29tL2N5YmVyLXNlY3VyaXR5LW5ld3MtYXJ0aWNsZXM%5FcD01&guce%5Freferrer%5Fsig=AQAAANtZ3ifaP-YZDpTW5F4S%5FdoiqP1t8TWQMBsWzlZuf-Vfhbgjs%5FTmu9RDX%5FmX0LK). It tried to fingerprint **TLS-encrypted** web traffic through modification of Chrome and Firefox.

#### How Does Turla Execute Its Scheme?

The Turla group initially infects systems with a remote access trojan (RAT) and then uses the same to make changes to the browsers. These modifications include installation of their certificates, (so that they can intercept TLS traffic from the host) and patching of the pseudo-random number generation that negotiates **TLS connections**. _This scheme allows the hacking group to add a fingerprint to every TLS action and thereby, track encrypted traffic secretly_.

_The Turla group is believed to be working under the aegis of the government of Russia_. It has successfully attacked Russia and Belarus in the past. The history explains how it manages to evade [phishing prevention](/) measures so swiftly.

### Cryptojacking Malware Targets Windows Users

Lemon\_Duck, a [cryptojacking malware campaign is rampantly spreading](https://securityintelligence.com/news/lemon%5Fduck-powershell-malware-targets-windows-users-with-cryptojacking-campaign/) as per security researchers. The malware is propagating via repeated up-gradation of its attack scripts through open-source repositories. _It spreads through organization networks via file-less script execution and through controlling CPU resources_.

#### What Is The Modus-Operandi Of Lemon\_Duck?

_With roots in Asia, the malware is now a cause of concern throughout the world._ Lemon\_Duck makes use of scheduled tasks to continually check on targeted Windows-based machines, while the **PowerShell attack** scans for listening ports and generates IP addresses randomly. Upon finding a remote computer with a responsive script, Lemon\_Duck launches **brute-force attacks** to win control over it. _It simultaneously checks for the EternalBlue exploit_. Lemon\_Duck spreads fast as it replicates and validates itself on an attacked machine as soon as the PowerShell malware campaign successfully downloads. 

However, this isn’t the end of the process; the malware then quickly operates and uses the first machine; it attacks a network as a beachhead to spread itself in devices. _Phishing attacks of this kind can be ensured by changing passwords from time to time and by blocking the latest scripts through intrusion detection and signature prevention measures_.

### Employee Induced Data Breach At American Express

[American Express recently spotted a data breach](https://www.bleepingcomputer.com/news/security/american-express-customer-info-accessed-by-employee-for-possible-fraud/) that was possibly carried out to perform identity theft by creating fake accounts at financial institutions. _This breach was, however, not a result of some security flaw exploited by adversaries_. It was a result of the unauthorized access and use of the customer details by an American Express employee. 

#### The Extent Of The Damage

The breached information includes the full name, physical and billing address, Social Security numbers, birth dates, and the credit card number of the members. Ever since the discovery of this breach by the employee, American Express extended its full support and cooperation to the law enforcement agencies. They are conducting investigations in this regard to prevent **phishing attacks** in the future.

#### Controlling The After-effects Of The Breach

American Express sent out “Notice of Data Breach” notifications to all affected users and warned them to look out for any unusual activity in their accounts. Furthermore, it also extended free credit monitoring through Experian Identity Works to all affected users. _Since the issue involves a criminal investigation, American Express hasn’t disclosed much information_. It only said that the employee is no longer associated with them and is undergoing legal proceedings.

### New Malware Capable Of Attacking Encrypted TLS Traffic

![Phishing prevention best practices](https://media.mailhop.org/phishprotection/images/2019/10/phishing-prevention-best-practices-3651.jpg) 

Researchers discovered a new malware called ‘Reductor’ which is capable of [attacking even encrypted TLS traffic](https://cyware.com/news/new-reductor-malware-compromises-encrypted-web-communication-9de7c69b). Its other functions include trojan activities and manipulation of **digital traffic**. Reductor comes as a replacement to certified installers by infecting them with corrupt ones and decoding encrypted TLS traffic. It evades standard **anti-phishing tools** and attacks software distributions like Internet Downloader Manager and WinRAR. It also attacks via COMPfun malware which can download files on compromised hosts.

#### How Reductor By-passes The Security Checks?

Reductor functions mysteriously by decoding the data, and it evades the watchful eyes of administrators. By compromising the **pseudo-random number generation** (PRNG), the attacker can estimate how traffic will be encrypted when a TLS connection establishes. It also makes Reductor send essential data to its command-and-control (C2) server post the data decoding.

_However, researchers suspect that the hacking group Turla is the mastermind behind Reductor as it has striking similarities with the COMPfun malware._

### Android Users Vulnerable To An Israeli Surveillance Dealer Attack

Google recently warned the world of a [vulnerability in Android devices](https://www.forbes.com/sites/thomasbrewster/2019/10/04/google-android-alert-millions-of-phones-are-vulnerable-to-hack-created-by-israeli-surveillance-dealers/#41f4adffcca3) and its own Pixel 1 and 2 devices. Security researcher Maddie Stone from Google described the vulnerability as a ‘kernel privilege escalation bug’. _It gives an attacker deeper access into a machine, making him the controller of the Android operating system_. This bug makes the attacker capable of altering all data stored on the device, thereby compromising user privacy beyond describable limits. Stone added that the vulnerability is active against targets of the Israeli spyware dealer NSO Group.

**Patches And New Devices To Remove The Vulnerability**

Android phones such as the Google Pixel 1 and 2, Huawei P20, Xiaomi Redmi 5A, Xiaomi Redmi Note 5, Xiaomi A1, Moto Z3, Oreo LG phones and the Samsung S7, S8, S9 models are the ones spotted without a patch of the vulnerability. However, researchers are striving to ensure protection from **phishing attacks** and shall soon launch Pixel 3 and 3a devices which are free from this vulnerability. Google shall also launch patches for the Pixel 1 and 2 devices in its October Security Release. The other android devices too are likely to be extended the patch soon after.

### Players Of Fifa 20 Global Series Face Privacy Breach

In what appears to be a [privacy flaw on the part of EA Sports](https://www.bbc.com/news/technology-49933683?intlink%5Ffrom%5Furl=&link%5Flocation=live-reporting-story), the names, dates of birth and email addresses of over **1600 people got compromised**. Investigations continue in this regard as the company behind the Fifa video games tries to understand why the personal information of some of the players was visible to other gamers.

As it turns out, the fans who signed up for the new Fifa 20 Global Series could see the details of other people in the fields of the online registration form. While the victims of this seemingly minor breach included commoners, it also had some of the renowned online gaming live-streamers as its victims.

#### The Situation Is Under Control, EA Sports

In its defence, EA Sports said that it was concerned about the privacy of its players and that it strived to ensure [phishing protection](/). It apologized for the unintentional blunder and added that they have the situation under control now.

### Ransomware Attack Hits Spanish City Jerez De La Frontera

[A ransomware attack recently hit the Spanish city of Jerez de la Frontera](https://thenextweb.com/hardfork/2019/10/04/ransomware-spain-jerez-frontera-bitcoin-cryptocurrency-attack/). The hacker seized their computer systems and is demanding an undefined amount of Bitcoin as a ransom to get their files unlocked. The attack caused much disruption in the city.

### Security Experts Flown In

As an [anti-phishing protection](/products/advanced-threat-defense/) measure, three computer experts were sent to Jerez de la Frontera by the interior ministry of Spain. They would look into the matter and attempt to undo the damages. Meanwhile, the mayor of the city announced that the site would become functional only after they are 100% certain that it is secure against any further **phishing attacks**.

### 8.7 Million Customer Details Of Russian ISP ‘Beeline’ Exposed

The Russian telecommunications company [Beeline underwent a data breach](https://www.zdnet.com/article/data-breach-at-russian-isp-impacts-8-7-million-customers/) way back in 2017 which wasn’t made public in spite of them catching the culprit. Now, two years later, data belonging to about **8.7 million** customers were sold and shared online, and Beeline admitted to the breach.

#### Russian Beeline Customers Are The Worst Affected

The data sold includes the personal details of customers, such as full names, addresses, and mobile and home phone numbers. Beeline has a customer base in Russia, Australia and Asia. However, as per their claims, only the Russian customers who applied for home broadband connections before November 2016 were victims of the breach. _The company added that those customers whose details got revealed are no longer associated with Beeline._ Also, the offence doesn’t affect customers in Australia, New Zeeland, Kazakhstan, Armenia, or other countries where Beeline operates.

### Iranian Hackers After Trump 2020 Campaign

Microsoft recently informed that a group called Phosphorous with links to Iran was trying to [gain access to the email accounts of its users illegally](https://threatpost.com/iran-linked-hackers-target-trump-2020-campaign-microsoft-says/148931/). _These people have associations in some way with the 2020 reelection campaign of President Trump_.

It was first brought to light by a group of researchers from the Microsoft Threat Intelligence Center. They also found that the official campaign website of Trump has its account linked to Microsoft’s **cloud email service**. It is the only competing body to use this facility.

After knowing the intents of the adversaries, Microsoft researchers kept an eye on the activities of Phosphorus for a period of 30 days stretching from August to September. They found that Phosphorus made over **2,700 attempts** at identifying consumer email accounts that belonged to individual targeted Microsoft customers. Then, they attempted attacking 241 of these accounts.

#### U.S Official Campaigns Not The Only Target

Hence, _Microsoft confirmed that Phosphorus was indeed after the accounts linked to the U.S. presidential campaign, and current and former U.S. government officials_. It also targeted journalists covering global politics and prominent Iranians not residing in Iran. Microsoft further notified that the Phosphorus made more successful attempts in the past to breach accounts that are not related to the U.S official campaigns, current or former. However, Microsoft says it already took measures to **secure the infected accounts**.

#### Well-Researched Attacks By Phosphorous

_What comes out as a peculiar trait of Phosphorus from these attacks is that the hackers put in a lot of effort at making the attacks precise_. The attacks are not necessarily technologically advanced. But, hackers researched thoroughly, and targeted people only post conducting a significant amount of research about the prospective victim. Researchers concluded that the Phosphorus group is exceptionally motivated and is ready to invest a considerable amount of time, energy and resources in gathering relevant information. It helps them defy **anti-phishing services** swiftly. Their research included collecting data that could be used to reset passwords or use account-recovery features while they are on the process of taking over the target’s account.

### Data Breach At New Zealand’s Commerce Commission (Comcom)

A lot of confidential information handled by the [Commerce Commission (ComCom) of New Zealand was compromised](https://www.zdnet.com/article/new-zealand-comcom-suffers-breach-after-laptop-theft/). It seems like a data breach induced by the theft of a laptop more than a **flaw in the security** network. _Among the affected data were more than 200 meeting and interview transcripts_. Although the affected transcripts date back to early 2016 and hold confidential information that businesses and individuals provided to the Commission, yet the Commission’s network stands unaffected by the breach.

#### Theft Under Section 100 Of The Commerce Act

Chief executive of ComCom, Adrienne Meikle said that they are aware of the theft and are quite confident that they will be able to recover the laptop. They extended cooperation to the police in this regard and notified that a part of the compromised information falls under a confidentiality order issued by the Commission under section 100 of the Commerce Act.

_It hints at the legal proceedings that might befall the thief when he gets caught_. Although the laptop belonged to an external provider, Meikle apologized for the breach and said people were boycotting the Commission. She said that the offence might be a result of the incompetence of the external provider or the vicious intents of the attacker. But, it was their _duty to safeguard the sensitive information of the users_.

#### The Commission Taking Measures To Control The Damage

As a [phishing attack prevention](/) measure, the Commission approached its suppliers, asking for security assurance. In addition to that, it also conducted a couple of independent reviews in this regard. _All those people who worry whether they were affected in the breach are advised to connect with ComCom immediately._

### India’s Justdial Exposed 156 Million Users’ Details

The local Indian search app JustDial got inflicted with a severe flaw that gave [attackers access to any of the 156 million users accounts of JustDial](https://thenextweb.com/security/2019/10/10/a-bug-in-indian-local-search-app-exposed-over-156-million-accounts/). It is a recent security flaw discovered by security researcher Ehraz Ahmed. The attackers could access information such as names, phone numbers, and email addresses, and gained access to the financial details. _These include balance and transactions of any account linked to JustDial Pay, the company’s payment service._ The flaw exploited the site’s Register API used for sign-ups.

Ahmed explained in a video that an attacker could use a person’s phone number as a user name and get into his/her account through the flaw. This bug also enabled hackers to change account details for JD Pay so that the money sent to that account gets redirected. But it did not allow the attackers to send cash as that action would need an additional PIN.

#### Our Users Are Safe With Us, JustDial

![Phishing attack prevention](https://media.mailhop.org/phishprotection/images/2019/10/phishing-attack-prevention-3695.jpg) 

In its defence, JustDial said that they take security and privacy of users very seriously. _They claimed that though a bug existed in one of their APIs which could help an attacker gain access into the user account, they have now fixed the bug_. JustDial boasts of having an association with several security researchers who help the company ensure [protection against phishing](/office-365-phishing-protection/) by strengthening their platform. It further said that no there was no data loss because of the mentioned bug and that their users are safe.

### Protect Your Organization

- [Learn how phishing attacks work and how to spot them](/learn-what-is-phishing/)
- [See how Phish Protection blocks threats in real time](/anti-phishing-tools/)

## Topics

[ Cybersecurity ](/tags/cybersecurity/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Intermediate 3m  13,000 Singapore-based students affected as a threat actor hacked into their devices!  Aug 16, 2024 ](/blog/13000-singapore-based-students-affected-as-a-threat-actor-hacked-into-their-devices/)[  Intermediate 3m  The 2024 Multi-Nation Elections Need to Steer Clear of Highly Potent Cyber Menaces  May 9, 2024 ](/blog/2024-multi-nation-elections-cyber-threats-stay-vigilant/)[  Intermediate 6m  7 Commonly Overlooked But Crucial Security Threats That You Might be Ignoring  Feb 6, 2023 ](/blog/7-commonly-overlooked-but-crucial-security-threats-that-you-might-be-ignoring/)[  Intermediate 17m  9+ Cybersecurity Software Solutions For Businesses To Use  May 30, 2022 ](/blog/9-cybersecurity-software-solutions-businesses/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity Updates For The Week 42","description":"Today's cyberspace includes computer resources, IT networks, and all the fixed and mobile devices which connect to the internet.","url":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-42/","datePublished":"2019-10-18T11:40:20.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2019-10-18T11:40:20.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-42/"},"articleSection":"intermediate","keywords":"Cybersecurity","wordCount":2369,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2019/10/phishing-prevention-best-practices-3651.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Cybersecurity Updates For The Week 42","item":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-42/"}]}
```