---
title: "Cybersecurity Updates For The Week 48 of 2020 | Phish Protection"
description: "The struggle to ensure phishing protection is tedious because phishing emails never cease to lure people into clicking on malicious links or downloading."
image: "https://phishprotection.com/og/blog/cybersecurity-updates-for-the-week-48-of-2020.png"
canonical: "https://phishprotection.com/blog/cybersecurity-updates-for-the-week-48-of-2020/"
---

Quick Answer

The struggle to ensure \[phishing protection\](/) is tedious because \_phishing emails never cease to lure people into clicking on malicious links or downloading corrupt files\_. The following news headlines testify to the enormous financial loss and data theft caused by \*\*phishing attacks\*\*.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-48-of-2020%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20Updates%20For%20The%20Week%2048%20of%202020&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-48-of-2020%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-48-of-2020%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-48-of-2020%2F&title=Cybersecurity%20Updates%20For%20The%20Week%2048%20of%202020 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20Updates%20For%20The%20Week%2048%20of%202020&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-48-of-2020%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2020/11/phishing-prevention-tips-7458.jpg) 

The struggle to ensure [phishing protection](/) is tedious because _phishing emails never cease to lure people into clicking on malicious links or downloading corrupt files_. The following news headlines testify to the enormous financial loss and data theft caused by **phishing attacks**.

### \*\*\*\* The North Face Undergoes Cyberattack

_Popular U.S shopping website the North Face underwent a credential stuffing attack_ on 8-9 October, which has caused account [details compromise](https://threatpost.com/credential-stuffing-attack-north-face/161190/?web%5Fview=true) for some of its customers. To ensure [phishing prevention](/), the North Face has **reset the passwords** of affected customers. In the notification forwarded to affected customers, the North Face informed them that the _attacker probably gained access to their email address and password from a previously hacked application or website_.

As such, customers were encouraged to change their passwords to something unique and _abstain from using the same password for more than one account_. The compromised details include the customers’ email address, password, purchase history at the North Face, billing and shipping address, loyalty points, name, birthday, contact number, etc. However, no payment card information has been accessed by third parties.

Another [anti-phishing solution](/products/advanced-threat-defense/) adopted by the North Face is disabling passwords from affected accounts and erasing the payment-card tokens stored on their website. This implies that all users will have to create new passwords before trying to shop again on the North Face.

### \*\*\*\* Data Breach Hits Pluto TV

_Leading internet television service Pluto TV recently underwent a data breach_ that exposed the account [details of millions](https://www.androidpolice.com/2020/11/14/pluto-tv-likely-suffered-a-security-breach-affecting-3-2-million-accounts/?web%5Fview=true) of its customers from 2018\. Although the stolen credentials may not still be in use, they still form the basis of **credential stuffing** or [spear-phishing attacks](/blog/13-spear-phishing-attacks-examples-to-justify-investment-for-phishing-prevention-solutions-in-your-organization/). The threat actor believed to be behind the attack is the _ShinyHunters hacker group_. The stolen details include the names, email addresses, hashed passwords, IP addresses, and users’ birthdays.

![Phishing prevention tips](https://media.mailhop.org/phishprotection/images/2020/11/phishing-prevention-tips-7458.jpg) 

Since no paid plans are available with Pluto TV, there is no question of the leak of payment card details. In its statement, Pluto TV has stressed its prompt application of **anti-phishing** measures when the personal information of its customers is at stake.

### \*\*\*\* Reddit’s Telegram Channel Hacked, Along With Others

_Cyber adversaries are now focusing on hacking and gaining admin access over popular channels on telegram_. Reddit and Baza are among the many channels targeted by hackers. The Reddit channel has **around 230 thousand subscribers**, and suddenly, after opening a file sent by the adversary, Reddit administrators could no longer access the channel. The administrators had received a [Trojan-infected file](https://www.ehackingnews.com/2020/11/hackers-attacked-major-telegram.html) under the pretext of a video from the hackers who pretended to be interested in buying advertising space.

The video was available for download on Yandex.Disk but only on desktop computers. Once the Reddit administrators opened this file, they were unable to access the channel. _The method used by the hackers isn’t new, but people seem to fall for it in spite of that_.

### \*\*\*\* Miltenyi Biotec Recovers From Malware Attack

The last couple of weeks have been challenging for the [anti-phishing protection](/products/advanced-threat-defense/) experts at the international biotechnology company Miltenyi Biotec. They underwent a [malware attack](https://www.securityweek.com/biotech-company-miltenyi-biotec-discloses-malware-attack?&web%5Fview=true) recently, which disrupted their order processing system.

_The Mount Locker ransomware group is responsible for the attack on Miltenyi Biotec_. The adversaries **stole 1GB worth** of documents from the biotechnology provider. The firm claims that no customer or partner information has been impacted in the attack and is doing everything in their capacity to tackle the attack and minimize its impact.

### \*\*\*\* 60k Iowans’ Data Leaked By Mercy Iowa City

_Mercy Iowa City underwent a data breach from May 15th to June 24th_, which has exposed the PII of over [60,000 Iowa residents](https://www.kcrg.com/2020/11/18/mercy-iowa-city-reports-data-breach-over-60000-iowans-affected/?&web%5Fview=true). The disclosed information includes the names, DOBs, healthy insurance details, Social Security numbers, and driver’s license numbers of patients.

The hospital had noticed unusual activity in one of their employee’s email account, which was hacked and used to send **phishing emails**. The hospital is extending free [identity theft protection](/products/email-impersonation-protection/) to all patients whose social security numbers and driver’s license numbers were compromised. They have further said that they’re adopting measures to ensure [protection from phishing](/) attacks in the future.

### \*\*\*\* Tronicsxchange Exposes 2.6 Million Records

California-based electronics retailer TronicsXchange had a _misconfigured AWS S3 bucket available online **without a password**_, which contained more than [2.6 million](https://www.infosecurity-magazine.com/news/80000-id-cards-fingerprint-exposed/?&web%5Fview=true) files. The files included the ID cards, biometric images, driver’s licenses, etc., of TronicsXchange customers between 2012 and 2015\. _Although the S3 bucket was eventually secured_, over 80,000 images containing PII and fingerprint scans of customers were leaked. If discovered by the malicious actors, the stolen records can be used to apply for credit cards, create bank accounts, and other identity frauds.

All people who think they might have been victims must take measures to [prevent phishing](/) attacks and keep monitoring their financial statements regularly.

### \*\*\*\* Cyberattack Hits Capcom

Capcom underwent a **ransomware attack** recently, which _compromised vast amounts of data from its systems_. These included the names, addresses, passport records, financial statements, bank details, etc., of customers and employees. The [compromised data](https://www.securityweek.com/capcom-confirms-hackers-stole-data-recent-attack?&web%5Fview=true) also had the list of shareholders, shareholder numbers, and former employees and job applicants’ records.

![Phishing prevention best practices](https://media.mailhop.org/phishprotection/images/2020/11/phishing-prevention-best-practices-0347.jpg) 

Although _no money laundering has been reported because of this attack_, the vast expanse of PII compromised has caused an equal, if not greater, loss for Capcom. Allegedly, the ransomware group Ragnar Locker is behind this attack, which has affected **over 350,000 people**. Victims are being informed as Capcom engages in strengthening its [phishing attack prevention](/products/advanced-threat-defense/) measures.

### \*\*\*\* Over 100,000 Facebook Users’ Records Leaked

In a Facebook scam that lured victims with the facility to show who ‘viewed their profile last,’ adversaries _**stole over 100,000** Facebook users’ login credentials_. The database containing all these stolen records was exposed by the hackers, which adds to the victims’ vulnerability.

The cyber attackers used these [compromised accounts](https://threatpost.com/exposed-database-100k-facebook-accounts/161247/?web%5Fview=true) to spam Facebook posts with comments leading people to their **scam websites**, which then led the victims to a fraudulent Bitcoin trading platform.

### \*\*\*\* Cyberattack Hits Americold

_Cold storage company Americold Realty Trust recently underwent a cyberattack_, which has affected its phone system, email communication, order fulfillment, and other operations. They had to shut down all computer systems immediately after the attack to avoid further damage. Americold was efficient in implementing its [business continuity plans](https://www.bleepingcomputer.com/news/security/cold-storage-giant-americold-hit-by-cyberattack-services-impacted/?&web%5Fview=true) and is _currently working with law enforcement and external security experts_.

The company is doing its best to ensure [protection against phishing](/) and regards client-data discretion as an essential work principle. They notified in a statement about their integrity towards **ensuring cybersecurity** for all at the work front.

### Protect Your Organization

- [Learn how phishing attacks work and how to spot them](/learn-what-is-phishing/)
- [See how Phish Protection blocks threats in real time](/anti-phishing-tools/)

## Topics

[ Announcements ](/tags/announcements/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Intermediate 5m  Cybersecurity Updates For The Week 33 of 2022  Aug 22, 2022 ](/blog/cyber-security-news-update-week-33-2022/)[  Intermediate 6m  Cybersecurity Updates For The Week 41 of 2022  Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[  Intermediate 5m  Cybersecurity Updates For The Week 1 of 2021  Jan 1, 2021 ](/blog/cybersecurity-updates-for-the-week-1-of-2021/)[  Intermediate 6m  Cybersecurity Updates For The Week 1 of 2022  Jan 7, 2022 ](/blog/cybersecurity-updates-for-the-week-1-of-2022/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity Updates For The Week 48 of 2020","description":"The struggle to ensure phishing protection is tedious because phishing emails never cease to lure people into clicking on malicious links or downloading.","url":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-48-of-2020/","datePublished":"2020-11-27T10:19:14.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2020-11-27T10:19:14.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-48-of-2020/"},"articleSection":"intermediate","keywords":"Announcements","wordCount":1102,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2020/11/phishing-prevention-tips-7458.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Cybersecurity Updates For The Week 48 of 2020","item":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-48-of-2020/"}]}
```