--- title: "Cybersecurity Updates For The Week 47 of 2021 | Phish Protection" description: "Cybersecurity Updates For The Week 47 of 2021: Every week we see the adversaries successfully stealing information through various social engineering tactics." image: "https://phishprotection.com/og/blog/cybersecurity-updates-for-the-week-47-of-2021.png" canonical: "https://phishprotection.com/blog/cybersecurity-updates-for-the-week-47-of-2021/" --- Quick Answer As part of its \[phishing attack prevention\](/content/phishing-prevention/) measures, the DESE and the Office of Administration Information Technology Services Division (OA-ITSD) will send out breach notification letters to all teachers whose PII (Personally Identifiable Information) was compromised in the incident. \_The department realizes that teachers and educators have a lot to handle because of the pandemic and regret having caused them the trouble\_. To help these teachers deal with any unforeseen attack attempts triggered by this incident, the DESE provides over Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-47-of-2021%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20Updates%20For%20The%20Week%2047%20of%202021&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-47-of-2021%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-47-of-2021%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-47-of-2021%2F&title=Cybersecurity%20Updates%20For%20The%20Week%2047%20of%202021 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20Updates%20For%20The%20Week%2047%20of%202021&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-47-of-2021%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2021/11/what-is-spear-phishing-4512.jpg) _Every week we see the adversaries successfully stealing information through various [social engineering tactics](/resources/common-phishing-scams/)_. This cycle of malicious actors accessing one’s personal and organizational networks needs to be stopped. The first step towards that is keeping yourself up-to-date with how these threat actors operate. Here are the [phishing news](/tags/announcements/) headlines of this week. ### Data Breach at Missouri’s Department of Elementary and Secondary Education (DESE) _Newspaper reporter Josh Renaud first discovered a vulnerability in the DESE certification database_. As a result of this vulnerability, the sensitive information of **over 620,000** present and former teachers, including their social security numbers, was compromised. _Renaud first informed the DESE and waited for them to patch the vulnerability_, but he [published his story](https://www.infosecurity-magazine.com/news/data-breach-could-cost-missouri-50m/) when the Missouri Governor accused him of hacking into the database. The controversy aside, DESE is apologetic for this **security negligence**. As part of its [phishing attack prevention](/content/phishing-prevention/) measures, the DESE and the Office of Administration Information Technology Services Division (OA-ITSD) will send out breach notification letters to all teachers whose PII (Personally Identifiable Information) was compromised in the incident. _The department realizes that teachers and educators have a lot to handle because of the pandemic and regret having caused them the trouble_. To help these teachers deal with any unforeseen attack attempts triggered by this incident, the DESE provides over 620,000 present and former teachers with one year of complimentary [identity theft](/blog/understanding-business-identity-theft-and-what-makes-businesses-vulnerable-to-these-identity-thefts/) and credit monitoring through IDX. While the free services offered to victims will cost the state **over $800,000**, this enables those affected to approach the IDX call center (833-325-1777) for any assistance needed. ### Threat Actors Access HPE’s Aruba Central Network _The data repositories for HPE’s Aruba Central network were recently compromised_, enabling adversaries to monitor devices and their locations and access and collect data. The access key to the cloud networking solution provider Aruba Central was accessed by malicious third parties for 18 days between 9th and 27th October. During that time, they could [access the customer data](https://www.bleepingcomputer.com/news/security/hpe-says-hackers-breached-aruba-central-using-stolen-access-key/) contained in the Aruba Central environment. The data stored in the exposed repository contains two datasets related to network analytics and Aruba Central’s ‘Contact Tracing’ feature, respectively. While the network analytics data set stored customers’ network telemetry data, the contact **tracing database** stored their location-oriented data. The first dataset revealed the IP and MAC addresses, hostnames, operating systems, hostname, usernames, and authenticated Wi-Fi networks. The second exposed the time, and Wi-Fi access points users were connected to. _This data possibly enabled the adversaries to track the location of users_. As part of its measures for [protection against phishing](/), HPE first revoked the adversaries’ access to their datasets and then began investigations into the access point and extent of the attack. The company’s research revealed Aruba Central’s environment is such that data is only **stored for 30 days**. As such, the adversaries would have accessed its network for no more than 30 days at any given time. Though the environment included personal data, it didn’t include sensitive personal data of users. Going by the nature of the attack, there is no need to change usernames, key configuration, or passwords at the user level. However, HPE is taking [phishing prevention measures](/content/phishing-prevention/phishing-attack-prevention/) to ensure that such a security incident doesn’t happen again. ### Ransomware Hits Stor-a-File In another after-effect of the SolarWinds breach, the _British data storage and capture enterprise Stor-a-File underwent a ransomware attack_ where adversaries [exploited an unpatched SolarWinds](https://www.theregister.com/2021/11/10/stor%5Fa%5Ffile%5Fransomware%5Fattack%5Fsolarwinds%5Fserv%5Fu/)‘ Serv-U FTP software. ![What is spear phishing](https://media.mailhop.org/phishprotection/images/2021/11/what-is-spear-phishing-4512.jpg) While the organization disclosed the attack to the public, it informed its organization’s decision not to succumb to **ransom demands**. Stor-a-File’s clients also include medical companies whose data may have been exposed in the breach. Stor-a-File informed the police and the ICO and sent breach notifications to its clients as part of its [anti-phishing measures](/blog/ransomware-hits-reason-why-businesses-need-to-adopt-robust-anti-phishing-measures/). The enterprise said that the attack only affected its clients and customers; all data stored in its offline servers (which comprise the primary section of its data) remains unaffected. Fortunately, the outdated version of SolarWinds’ Serv-U FTP server software and the third-party access has been removed. The organization is adopting [phishing prevention best practices](/resources/phishing-prevention-best-practices/) to prevent such an incident from happening again. ### Ransomware Hits Nationwide Laboratory Services _Florida-based Nationwide Laboratory Services recently underwent a data breach that exposed the personal health information_ (PHI) of over 33,437 patients. A **ransomware attack** was [detected in the laboratory](https://www.infosecurity-magazine.com/news/ransomware-attack-on-florida-lab/)‘s network on 19th May, which brought down its network and encrypted its content. In addition to hacking into their systems, the adversaries also deleted some files from Nationwide’s servers. The details compromised in the incident include patients’ names, test results, DOBs, medical record numbers, health insurance details, etc. The notice released by the lab also mentions that the social security numbers of a limited number of people were also exposed. Fortunately, the attack did not impact all of Nationwide’s patients. So far, _the lab has no evidence to prove that the data stolen in the attack was misused in any way_. As part of its measures to ensure [protection from phishing](/), the lab hired a third-party cybersecurity firm to investigate and get to the roots of the attack. Nationwide also informed the Department of Health and Human Services for Civil Rights about the breach on 28th October. In its breach notification to patients, the lab provides them with [phishing prevention best practices](/resources/phishing-prevention-best-practices/) and asks them to monitor their financial account statements for any suspicious activity. ### Hive Ransomware Attacks MediaMarkt _The Hive ransomware recently attacked the electronics retail giant MediaMarkt and **demanded $240 million** as a ransom for the decryption key_. The attacker caused all MediaMarkt IT systems in the Netherlands and Germany to shut down. With over 1000 stores in 13 nations, MediaMarkt is quite a big retail name. The [attack hit its network](https://www.bleepingcomputer.com/news/security/mediamarkt-hit-by-hive-ransomware-initial-240-million-ransom/) over the weekend, which compelled the store to shut down its IT systems to prevent the attack’s spread. The retail stores in the Netherlands underwent the highest impact. While online shopping facilities were still functioning, the cash registers at the offline stores could not accept credit cards or give out payment receipts. This incident also disrupted the return procedure for orders as the staff could not access customers’ purchase history. MediaMarkt’s social media posts suggest that around **3100 servers were affected** by the [ransomware attack](/resources/ransomware-attack-why-organizations-pay-ransom/). As part of its [phishing protection](/) measures, the retail giant instructs its staff to refrain from using the encrypted systems and bring cash registers offline. ![Phishing prevention](https://media.mailhop.org/phishprotection/images/2021/11/phishing-prevention-4589.jpg) It is typical of ransomware gangs to demand an exorbitant amount initially, but they reduce the amount quite quickly, and as per reports, Hive too reduced the ransom amount. It is uncertain whether the encrypted data has also been stolen, but that is almost a given in Hive attacks. \*\* \*\* ### UK’s Largest Fishing Store Angling Direct Undergoes Cyberattack Angling Direct is the UK’s largest store selling fishing gear both in online and offline mode. Unfortunately, _this fishing giant underwent a cyberattack over the weekend_, directing its online customers to adult sites. In addition, _its official Twitter account has also been compromised_. It now [directs visitors to a porn site](https://www.bbc.com/news/technology-59209493) and provides users with an email address to reach the adversaries for further details of the attack. The notorious threat actors behind the attack tweeted from Angling Direct stating that the organization had been sold to the adult site Pornhub. As part of its [phishing attack prevention](/) measures, the enterprise has engaged third-party cybersecurity experts to investigate the breach and informed the concerned regulatory bodies. While the attackers have made no formal ransom demands, the attack looks like the work of an amateur adversary who is keen on driving attention. Either way, the loss to Angling Direct’s customers and its sales is irrevocable. The enterprise says that the personal or financial data of users remain unaffected. It apologized to all customers who were redirected to inappropriate sites because of this **security breach** and is strengthening its security infrastructure. ### Protect Your Organization - [Learn how phishing attacks work and how to spot them](/learn-what-is-phishing/) - [See how Phish Protection blocks threats in real time](/anti-phishing-tools/) ## Topics [ Announcements ](/tags/announcements/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Intermediate 5m Cybersecurity Updates For The Week 33 of 2022 Aug 22, 2022 ](/blog/cyber-security-news-update-week-33-2022/)[ Intermediate 6m Cybersecurity Updates For The Week 41 of 2022 Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[ Intermediate 5m Cybersecurity Updates For The Week 1 of 2021 Jan 1, 2021 ](/blog/cybersecurity-updates-for-the-week-1-of-2021/)[ Intermediate 6m Cybersecurity Updates For The Week 1 of 2022 Jan 7, 2022 ](/blog/cybersecurity-updates-for-the-week-1-of-2022/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity Updates For The Week 47 of 2021","description":"Cybersecurity Updates For The Week 47 of 2021: Every week we see the adversaries successfully stealing information through various social engineering tactics.","url":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-47-of-2021/","datePublished":"2021-11-20T12:59:26.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2021-11-20T12:59:26.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-47-of-2021/"},"articleSection":"intermediate","keywords":"Announcements","wordCount":1328,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2021/11/what-is-spear-phishing-4512.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Cybersecurity Updates For The Week 47 of 2021","item":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-47-of-2021/"}]} ```