---
title: "Cybersecurity Updates For The Week 51 of 2020 | Phish Protection"
description: "Cybersecurity Updates For The Week 51 of 2020: Even if all patches are updated, and phishing prevention measures are taken, a cyber adversary manages to."
image: "https://phishprotection.com/og/blog/cybersecurity-updates-for-the-week-51-of-2020.png"
canonical: "https://phishprotection.com/blog/cybersecurity-updates-for-the-week-51-of-2020/"
---

Quick Answer

Even if all patches are updated, and \[phishing prevention\](/) measures are taken, a \_cyber adversary manages to access online networks and steal sensitive personal data\_; such is the supremacy of cyber adversaries in today's cyber world. Read on to find more instances of data breaches in organizations of repute that have taken place over the week

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-51-of-2020%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20Updates%20For%20The%20Week%2051%20of%202020&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-51-of-2020%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-51-of-2020%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-51-of-2020%2F&title=Cybersecurity%20Updates%20For%20The%20Week%2051%20of%202020 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20Updates%20For%20The%20Week%2051%20of%202020&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-51-of-2020%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2020/12/phishing-prevention-tips-4856.jpg) 

Even if all patches are updated, and [phishing prevention](/) measures are taken, a _cyber adversary manages to access online networks and steal sensitive personal data_; such is the supremacy of cyber adversaries in today’s cyber world. Read on to find more instances of data breaches in organizations of repute that have taken place over the week

### \*\*\*\* Severe Data Breach Hits Panasonic India

_A group of attackers have compromised two internal Microsoft domains of Panasonic India_ and are now selling the stolen data and company network access to fellow attackers for **$40,000 in bitcoin**. They have demanded a ransom of $500,000 from [Panasonic India](https://www.govinfosecurity.com/panasonic-indias-data-released-in-extortion-plot-a-15573?&web%5Fview=true), which needs to be paid in seven days. The compromised information includes the bank account details of suppliers, passwords for software systems, email IDs, details of customers, employees, etc. Panasonic has acknowledged the breach and assured stakeholders that the attack on Panasonic India doesn’t affect the global Panasonic fraternity.

Several revelations have come forth from this breach, which may be listed as:

- The adversaries behind the Panasonic breach are also responsible for the recent attack on Foxconn.
- Hold Security CISO, Alex Holden opines that Panasonic India portrays the damage to be minimal when it is quite significant in reality.
- Usually, attackers merely dump the stolen data, but in this case, the adversaries have categorized the stolen data to make it presentable.
- The victim company’s internal advice on [anti-phishing protection](/products/advanced-threat-defense/) was also compromised, suggesting that Panasonic failed to heed its advice on using strong passwords.

### \*\*\*\* PDF Files Can Expose Details With New Injection Technique

PortSwigger researcher Gareth Heyes brings to light a significant [vulnerability with PDF files](https://www.securityweek.com/new-injection-technique-exposes-data-pdfs?&web%5Fview=true) that can expose all contents of documents with just a link. _The vulnerability lets the adversaries inject code and launch cross-site scripting attacks on a PDF file_.

![Phishing prevention tips](https://media.mailhop.org/phishprotection/images/2020/12/phishing-prevention-tips-4856.jpg) 

The wide acceptance of PDF across all industries and aspects makes this a more significant threat because this **code-injection technique** lets hackers execute arbitrary JavaScript, hijack links, and steal PDF contents. The research by Heyes revealed that two PDF libraries are vulnerable to this code-injection method of exploitation, PDF-Lib, and jsPDF. PDF libraries need to take [phishing protection](/) seriously and parse codes correctly to avoid such threats in the future.

### \*\*\*\* Marriage Tax Refund Exposes Over 100,000 Client Records

The UK-based company Marriage Tax Refund engaged in providing tax relief to clients has recently exposed more than [100,000 clients](https://www.infosecurity-magazine.com/news/tax-biz-exposed-personal-info/?&web%5Fview=true)‘ personal information. _The breach resulted from a misconfigured content management system (CMS) in the company’s WordPress domain_. Consequently, PDF documents containing the PII of **over 100,000 clients** were publicly available without any password or [anti-phishing protection](/products/advanced-threat-defense/). The compromised data included the full names of applicants, their home address, partners’ full names, and the refund amount on marriage tax that they can claim.

This combination of information is just what attackers need to forge a refund claim under the victim’s name, or worse, launch **spear-phishing attacks** later. But the good news is that Marriage Tax Refund fixed the misconfiguration soon after being notified about it.

### \*\*\*\* Dental Care Alliance Breach Exposes 1M Patient Records

_The American healthcare provider Dental Care Alliance (DCA) became the victim of an unidentified cyberattack on 18th September 2020_. The breach was discovered on 11th October and contained within two days, but it has affected the personal details of over [1 million patients](https://www.infosecurity-magazine.com/news/1m-us-dental-patients-impacted-by/?&web%5Fview=true). DCA is now in the process of notifying all affected patients about the security incident. The compromised information includes the names, addresses, treatment information, bank account numbers, health insurance information, dentist’s name, etc.

However, the healthcare provider hasn’t extended any [anti-phishing solutions](/products/advanced-threat-defense/) like free credit monitoring to its patients because it hasn’t found any evidence of patient information being misused. DCA believes that the attack’s impact isn’t severe since malicious third parties accessed only 10% of all bank account numbers. At the same time, DCA has also assured to do the needful and extend measures for [protection against phishing](/) to affected individuals in the coming days.

### \*\*\*\* Weak Credentials Exploited By A Malwareless Ransomware Campaign

_A seemingly simple ransomware campaign targets Internet-facing SQL servers with weak passwords_. The ransomware is delivered from UK IP addresses and attacks the many MySQL servers found online. After successfully hacking a server, the adversaries initiate a **double extortion attack** where they threaten the victims to publish all data if the demanded ransom isn’t paid.

The campaign has successfully compromised the details of **83,000 victims** and collected over $25,000 from victims as ransom. Ideally, this should have implied that these threat actors won’t put up the stolen data for sale, but around [250,000 breached databases](https://www.theregister.com/2020/12/10/mysql%5Fmalwareless%5Fransomware/?&web%5Fview=true) are currently up for sale on the dark web. _WordPress MYSQL databases are a prime target of the adversaries_. These reveal the usernames and login details of users, any user who recycles and uses the same password on other social accounts stands at higher risks of a cyber attack. Here comes the age-old tip to prevent\*\* phishing attacks\*\*: _always use strong and unique passwords_.

### \*\*\*\* Data Breach Hits Tech Unicorn Uipath

Robotics Process Automation provider, _Tech unicorn UiPath was recently hit by a cyberattack that compromised its users’ PII_. The company is now informing all users who registered on or before 17th March about the breach. The exposed file was an old backup, but the usernames, real names, email addresses, company names, locations, and UiPath certification details of users were revealed.

![Phishing prevention best practices](https://media.mailhop.org/phishprotection/images/2020/12/phishing-prevention-best-practices-4963.jpg) 

However, _no financial or account details were exposed in the breach_. The company’s official products too remain unaffected.[ UiPath has refrained](https://www.zdnet.com/article/robotics-unicorn-uipath-discloses-data-breach/?&web%5Fview=true) from disclosing further information to ensure [phishing attack prevention](/).

### \*\*\*\* Hackers Exploit Pickpoint’s Post-Gateway Network

_Adversaries used an innovative way to exploit a post-gateway network flaw at PickPoint_, Russia’s local delivery service. Consequently, around [2732 PickPoint delivery lockers](https://cyware.com/news/a-hacker-unlocked-thousands-of-pickpoint-package-delivery-lockers-d08b56ee) across Saint Petersburg and Moscow were compromised. Customers used these lockers to track their orders and open their locker doors using their phones once the order arrives. The cyber adversaries used this same feature to open doors to the **2,732 lockers**, thus exposing them to theft.

Though it was too late to adopt [anti-phishing solutions](/products/advanced-threat-defense/), guards and landlords came to the locker owners’ rescue and prevented unfortunate thefts. All 2,732 affected PickPoint lockers have now been disabled. But organizations must take special care to update software and patch their systems regularly to avoid such attacks on the post-gateway network.

### Card Details of 70 Lakh Indians Available On Dark Web

Cybersecurity researcher Rajshekhar Rajaharia recently found a large chunk of card details on the dark web that belongs to over [70 lakh Indians](https://ciso.economictimes.indiatimes.com/news/data-of-70-lakh-indian-cardholders-leaked-on-dark-web/79640281). The exposed details include the names, phone numbers, email addresses, employed firms’ names, types of the user account, PAN numbers and annual income, etc., of victims. _The 2GB sized database containing 70 lakh Indians’ card records between 2010- 2019_ shall prove to be quite a treasure for adversaries.

Though card numbers were compromised in the breach, the other details can still be used for targeted attacks, which is why netizens are advised to invest in [anti-phishing services](/products/advanced-threat-defense/) well in advance!

### Protect Your Organization

- [Learn how phishing attacks work and how to spot them](/learn-what-is-phishing/)
- [See how Phish Protection blocks threats in real time](/anti-phishing-tools/)

## Topics

[ Announcements ](/tags/announcements/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Intermediate 5m  Cybersecurity Updates For The Week 33 of 2022  Aug 22, 2022 ](/blog/cyber-security-news-update-week-33-2022/)[  Intermediate 6m  Cybersecurity Updates For The Week 41 of 2022  Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[  Intermediate 5m  Cybersecurity Updates For The Week 1 of 2021  Jan 1, 2021 ](/blog/cybersecurity-updates-for-the-week-1-of-2021/)[  Intermediate 6m  Cybersecurity Updates For The Week 1 of 2022  Jan 7, 2022 ](/blog/cybersecurity-updates-for-the-week-1-of-2022/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity Updates For The Week 51 of 2020","description":"Cybersecurity Updates For The Week 51 of 2020: Even if all patches are updated, and phishing prevention measures are taken, a cyber adversary manages to.","url":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-51-of-2020/","datePublished":"2020-12-19T14:28:16.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2020-12-19T14:28:16.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-51-of-2020/"},"articleSection":"intermediate","keywords":"Announcements","wordCount":1193,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2020/12/phishing-prevention-tips-4856.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Cybersecurity Updates For The Week 51 of 2020","item":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-51-of-2020/"}]}
```