---
title: "Cybersecurity Updates For The Week 52 of 2021 | Phish Protection"
description: "Cybersecurity Updates For The Week 52 of 2021: Ensuring phishing attack prevention is challenging when some form of cyberattack happens every minute. The."
image: "https://phishprotection.com/og/blog/cybersecurity-updates-for-the-week-52-of-2021.png"
canonical: "https://phishprotection.com/blog/cybersecurity-updates-for-the-week-52-of-2021/"
---

Quick Answer

Ensuring \[phishing attack prevention\](/content/phishing-prevention/) is challenging when some form of cyberattack happens every minute. \_The global cybersecurity landscape is changing with more people becoming aware of cyber threats\_ and doing their bit to ensure protection. But with every positive \[phishing protection\](/) measure that emerges, there is a similar (if not greater) growth in cyberattack vectors. Therefore, one must never stop looking up the latest attack schemes and upgrading their safety measures accordingly. In that capacity, here are the headlines of

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-52-of-2021%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20Updates%20For%20The%20Week%2052%20of%202021&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-52-of-2021%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-52-of-2021%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-52-of-2021%2F&title=Cybersecurity%20Updates%20For%20The%20Week%2052%20of%202021 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20Updates%20For%20The%20Week%2052%20of%202021&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-52-of-2021%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2022/01/anti-phishing-software-6734.jpg) 

Ensuring [phishing attack prevention](/content/phishing-prevention/) is challenging when some form of cyberattack happens every minute. _The global cybersecurity landscape is changing with more people becoming aware of cyber threats_ and doing their bit to ensure protection. But with every positive [phishing protection](/) measure that emerges, there is a similar (if not greater) growth in cyberattack vectors. Therefore, one must never stop looking up the latest attack schemes and upgrading their safety measures accordingly. In that capacity, here are the headlines of this week.

### Ransomware Hits Inetum Group

One week ahead of the Christmas holiday, _French IT services organization Inetum Group underwent a ransomware attack_. As per the editor-in-chief of the French publication LeMagIt, the [BlackCat ransomware gang](https://www.bleepingcomputer.com/news/security/global-it-services-provider-inetum-hit-by-ransomware-attack/) is responsible for this attack. With branches in **over 26 countries**, Inetum serves companies across sectors like defense, aerospace, energy, banking, healthcare, automotive, retail, transportation, insurance, media, telecom and public sector. Though limited in intensity, the attack disrupted Inetum services across industries and regions.

![Anti phishing software](https://media.mailhop.org/phishprotection/images/2022/01/anti-phishing-software-6734.jpg) 

Fortunately, the attack affected Inetum operations in a few locations in France and did not impact any large infrastructure, delivery services or collaboration tools used by the customers. Inetum’s incident response team quickly took [phishing prevention measures](/content/phishing-prevention/phishing-attack-prevention/) such as isolating the infected system and blocking client VPN connections. Investigation revealed that the recent attack did not exploit the existing [Log4j vulnerability](/watchdog/). Inetum Group has informed the relevant authorities and hired an external cybersecurity expert to investigate the breach as part of its **anti-phishing measures**.

### Albanian Government Database Leaks Employee Data

Albanian Prime Minister, _Edi Rama extended an apology to citizens for the unintentional leak of a government database containing details of state and private employees_. Though this seems more like an inside job rather than a move by unauthorized third parties, it has [exposed a lot of data](https://abcnews.go.com/International/wireStory/albanian-prime-minister-apologizes-database-leak-81913636). As a consequence of this incident, the salary and employment data and identity cards of **over 637,000** individuals were exposed via messaging apps.

While investigations into the breach continue, Edi Rama mentioned in a statement that this is _most probably an internal move to create tension between citizens and the government_. Whatever may be the motive, an exposure of citizens’ private data is never good news. The government should have been stricter with its measures for [protection against phishing](/).

### Data Breach Hits Monongalia Health System

Adversaries recently used an [email phishing attack](/blog/phishing-attacks-are-no-longer-just-malicious-links-in-emails/) scheme to [compromise the Monongalia Health System](https://www.zdnet.com/article/phishing-incident-causes-data-breach-at-west-virginia-hospitals/). Consequently, the several email accounts of the _Stonewall Jackson Memorial Hospital enterprise and the Monongalia County General Hospital enterprise in West Virginia were under the attackers’ control_ between 10th May 2021 to 15th August 2021\. These email accounts contained confidential data related to employees, patients, providers and contractors.

An external vendor discovered the breach on 28th July 2021\. After the investigations were completed on 29th October, it was revealed that the adversaries had compromised the email account of a Mon Health contractor and used that account to ask for fraudulent wire transfers from the hospital.

As part of its measures for [protection from phishing](/) attacks, Mon Health secured the contractor’s account and reset the password. It also informed law enforcement and engaged third-party security experts to investigate the incident. Fortunately, the attack did not affect Mon Health’s other branches like Mon Health Marion Neighborhood Hospital and Mon Health Preston Memorial Hospital. The hospital has sent out breach notifications to all victims and set up a toll-free number to answer all their queries regarding the incident.

### Ghana NSS Exposes Citizens’ Data

_The National Service Secretariat (NSS), Ghana, recently left an AWS S3 bucket misconfigured, which exposed the confidential data_ of **over 700,000 citizens**. The 55GB NSS database was left [misconfigured online](https://www.hackread.com/ghana-govt-agency-citizens-data-leak/) and discovered only on 29th September.

The NSS is a program managing the public service criterion, which is mandatory for all Ghana-based graduates. While the NSS uses AWS to store many of its program files, not all of them were **password-protected**. The S3 bucket itself was left public, meaning anyone on the web could have accessed the files if they wished to.

The data compromised in this incident include citizens’ professional IDs, passport photos, program membership cards, etc. NSS is doing everything in its capacity to restore the database now and is also coordinating with the CERT to ensure [anti-phishing protection](/) in the future.

### Data Breach Hits Ubisoft’s Video Game Franchise Just Dance

_The renowned video game franchise of Ubisoft, Just Dance was recently hit by a cyberattack_ where adversaries [exploited a system misconfiguration](https://portswigger.net/daily-swig/ubisoft-confirms-just-dance-video-game-data-breach) to breach user data. The data exposed in the breach includes users’ profile IDS, GamerTags, device IDs and Just Dance videos shared online.

Investigations into the breach revealed that the attackers got in through a misconfiguration, patched soon after detecting the attack. So far, there is no evidence to believe that any Ubisoft account information has been affected by the breach. _Ubisoft has advised all Just Dance users to activate 2FA and reset their account passwords to protect themselves from any potential phishing attempts_.

### NCA Provides 585 Million Compromised Passwords to HIBP

After the US Federal Bureau of Investigations, the UK National Crime Agency (NCA) is the second _law enforcement body to share compromised passwords with Have I Been Pwned (HIBP)_. HIBP is a platform enabling users and organizations to check whether their phone numbers or email addresses have been compromised. Recently, NCA has shared **over 585 million** compromised passwords with [Have I Been Pwned](https://therecord.media/the-nca-shares-585-million-passwords-with-have-i-been-pwned/) to add to its website’s “Pwned Passwords” section. The NCA reportedly found these passwords along with email addresses from a UK cloud storage facility account. While the NCA couldn’t trace back the passwords and email accounts to any particular platform, their retrieval from a cloud storage facility suggests that these credentials have been public for a long time.

![Email phishing protection](https://media.mailhop.org/phishprotection/images/2022/01/email-phishing-protection-5847.jpg) 

HIBP creator Troy Hunt stated that among the 585 million passwords shared by NCA, 225 million were unique and new. At present, there are **over 5.5 billion** entries in the HIBP Pwned Passwords collection, and over 847 million of these are unique. To enable companies to plan their [anti-phishing solutions](/) better, HIBP allows users to free copies of all these passwords to compare and check whether their passwords have been compromised.

### DeFi Platform Grim Finance Loses $30M to Cyberattack

_Popular decentralized finance (DeFi) protocol Grim Finance recently underwent a cyberattack_ that caused a **loss of $30 million** from its platform deposits. Grim Finance calls it an [advanced attack](https://cointelegraph.com/news/defi-protocol-grim-finance-lost-30m-in-5x-reentrancy-hack) where adversaries exploited five re-entrancy loops in its vault contract, meaning that the _attackers could fake five deposits while the first one was still being processed_.

Grim has paused all vaults to [prevent phishing](/) attacks and requested users to withdraw their funds at the earliest. In addition, the platform has notified all involved entities like Dai (DAI), Circle (USDC) and AnySwap to block all fund transfers for the time being.

### Sennheiser Leaves Misconfigured S3 Bucket Public

_Another misconfigured Amazon Web Services S3 bucket was recently left unencrypted online by the audio equipment manufacturer, Sennheiser_. Consequently, the personal information of **over 28,000 customers** was exposed. The [bucket stored data](https://www.itpro.co.uk/cloud/amazon-s3/361864/sennheiser-exposed-data-28000-customers-aws-s3-bucket) collected between 2015 and 2018 and included customers’ names, contact numbers, email addresses, home addresses, organization names, employee strength etc. The data stored was approximately **55 GB in size** and contained over 407,000 files.

Researchers say that Sennheiser was ignorant about the sensitive nature of the data stored in its S3 bucket and did not use adequate measures for [protection from phishing](/blog/protection-from-phishing-a-growing-threat-in-todays-information-age/). The exposed bucket was first discovered on 26th October, and Sennheiser locked the server soon after being notified.

### Protect Your Organization

- [Learn how phishing attacks work and how to spot them](/learn-what-is-phishing/)
- [See how Phish Protection blocks threats in real time](/anti-phishing-tools/)

## Topics

[ Announcements ](/tags/announcements/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Intermediate 5m  Cybersecurity Updates For The Week 33 of 2022  Aug 22, 2022 ](/blog/cyber-security-news-update-week-33-2022/)[  Intermediate 6m  Cybersecurity Updates For The Week 41 of 2022  Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[  Intermediate 5m  Cybersecurity Updates For The Week 1 of 2021  Jan 1, 2021 ](/blog/cybersecurity-updates-for-the-week-1-of-2021/)[  Intermediate 6m  Cybersecurity Updates For The Week 1 of 2022  Jan 7, 2022 ](/blog/cybersecurity-updates-for-the-week-1-of-2022/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity Updates For The Week 52 of 2021","description":"Cybersecurity Updates For The Week 52 of 2021: Ensuring phishing attack prevention is challenging when some form of cyberattack happens every minute. The.","url":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-52-of-2021/","datePublished":"2022-01-03T10:45:59.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2022-01-03T10:45:59.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-52-of-2021/"},"articleSection":"intermediate","keywords":"Announcements","wordCount":1272,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2022/01/anti-phishing-software-6734.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Cybersecurity Updates For The Week 52 of 2021","item":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-52-of-2021/"}]}
```