--- title: "Cybersecurity Updates For The Week 6 of 2021 | Phish Protection" description: "The headlines are crowded again with instances of cyberattacks on organizations, and the loss of information is immense, yet again." image: "https://phishprotection.com/og/blog/cybersecurity-updates-for-the-week-6-of-2021.png" canonical: "https://phishprotection.com/blog/cybersecurity-updates-for-the-week-6-of-2021/" --- Quick Answer The headlines are crowded again with instances of cyberattacks on organizations, and the loss of information is immense, yet again. The following are the latest phishing updates that might convince you to renew that \[anti-phishing service\](/) bill you had been deferring! Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-6-of-2021%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20Updates%20For%20The%20Week%206%20of%202021&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-6-of-2021%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-6-of-2021%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-6-of-2021%2F&title=Cybersecurity%20Updates%20For%20The%20Week%206%20of%202021 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20Updates%20For%20The%20Week%206%20of%202021&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-6-of-2021%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2021/02/phishing-definition-5842.jpg) The headlines are crowded again with instances of cyberattacks on organizations, and the loss of information is immense, yet again. The following are the latest phishing updates that might convince you to renew that [anti-phishing service](/) bill you had been deferring! ### Pakistani Company Bykea Exposes Over 400million User Records In a recently reported security incident, _the Pakistan based parcel delivery and vehicle-for-hire company Bykea was found exposing the details of **over 400 million users**_. The exposed details include the names, addresses, and other PII of users. The [200 GB database](https://www.safetydetectives.com/blog/bykea-leak-report/?&web%5Fview=true) was left **unprotected and unencrypted online**, thereby exposing its production server information. Consequently, _anyone in possession of the server’s IP address could access and make changes to the database_. Further details revealed that Bykea was involved in a security incident back in September 2020, but it can’t be said for sure whether these two breaches are connected. Byker customers can only hope that [phishing protection services](/) can save them from targeted **phishing attacks**! ![Phishing definition](https://media.mailhop.org/phishprotection/images/2021/02/phishing-definition-5842.jpg) ### Woodland Trust, UK Discloses Major Cyberattack The UK’s largest charity for wildlife conservation, the Woodland Trust, _recently disclosed a security incident, which it described as high level and sophisticated_. The charity was attacked on the evening of 14th December 2020 and claims to have taken [phishing attack prevention](/) measures soon after. Since investigations are ongoing, not many details about the breach has been revealed. However, the Woodland Trust has ensured that _it will notify members if it finds that their data has been breached_. The charity has taken down a couple of its services as a damage-control measure. It has reassured [its members](https://www.zdnet.com/article/a-month-after-a-high-level-cyberattack-charity-says-many-it-systems-are-still-offline/?&web%5Fview=true) that it is doing everything in its capacity to contain the attack, identify the threat actors and penalize them. The Information Commissioner’s Office and the police have also been approached to ensure [phishing prevention.](/) ### Major Cyberattack Hits Georgetown County Georgetown County in coastal South Carolina shelters around 60,000 people, and _the county’s computer systems were hacked last weekend_. The incident has rendered the county’s electronic and [email system](https://www.securityweek.com/south-carolina-county-suffers-weekend-cyberattack?&web%5Fview=true) out of order and can be called a significant infrastructure breach. It’s a relief that the county’s jail operations and 911 system are functioning normally. At this point, _it is uncertain as to when the operations will be up and running again_. Thankfully, the county had cyber insurance, which is likely to pay for the damage. Besides, measures for [protection from phishing](/products/advanced-threat-defense/) attacks are adopted, and security experts have been summoned to investigate the breach. ### Vipgames.Com Leaves Misconfigured Elasticsearch Server Unencrypted Online _The renowned gaming platform VIPGames.com was recently found leaving a misconfigured Elasticsearch server unencrypted and unprotected online_. The app has been **downloaded over 100,000 times** on Google Play Store and hence is quite popular among those playing any of its featured games (Hearts, Euchre, Backgammon, Crazy Eights, Ludo, Rummy, Dominoes, or Yatzy). Over tens of thousands of users lost their [data](https://www.infosecurity-magazine.com/news/misconfigured-cloud-server-exposes/?&web%5Fview=true) in his breach, which gave attackers access to the usernames, IP addresses, email addresses, hashed passwords, Twitter and Facebook handles, device details, info about banned users, in-game transaction details, etc. _Security researchers could procure 66k users’ records from the public server_ and say that any hacker would be able to launch **spear-phishing attacks** with these details. There could also be the risk of defamation, blackmailing, and extortion. Hence, gamers using the platform must adopt the [phishing prevention best practices](/resources/phishing-prevention-best-practices/) and change their passwords for all online accounts where they may have used the same password. ### Researchers Discovered A Misconfigured Database Which Believedly Belonged To Cook County Government Cybersecurity researcher J. Fowler and others from Website Planet recently discovered a _misconfigured database online that exposed the court records of **over 320,000 immigrants** and family or criminal court pleaders_. The [database containing](https://www.infosecurity-magazine.com/news/cook-county-leaks-320000-court/) the full names, addresses, case numbers, email ids, etc., of victims was believed to belong to the Cook County Government. The vast expanse of data stored on the publicly available database was accessible and open to the (mis)use of anyone with internet connectivity, which compelled researchers to call this the largest breach of internal records in the history of Cook County. _Though the database was secured two days after its discovery_, the Cook Bureau of Technology later informed that the Cook County government didn’t own the server. It remains unclear as to who is the owner of the database. Still, the records contained therein can cause much harm to people, particularly the immigrants, who are quite often without resources to prove their innocence. The exposed records pertain to cases registered nine years ago but can still pose serious cyber threats for those involved. Affected individuals are advised to adopt [anti-phishing protection](/products/advanced-threat-defense/) measures as early as possible. ### Tiktok Exposing The Phone Numbers Of App Users In yet another security incident, _researchers discovered a flaw with the popular video-sharing app TikTok_ which enabled adversaries to access the phone numbers associated with a user’s TikTok account. The flaw was found in the app’s Find Friends feature, where a user had to sync their phone contacts to the app to find out which of their contacts has a TikTok account. _The HTTP request, which displays contacts using TikTok_, includes their usernames, photos, numbers, and other profile details. Though there is an upper limit of syncing 500 contacts [per device,](https://thehackernews.com/2021/01/tiktok-bug-could-have-exposed-users.html?&web%5Fview=true) per user, per day, the adversaries have a way to manipulate this. _They can modify the HTTP requests to fit the number of contacts they want to sync_. The breach of phone numbers is scary, especially when even our bank accounts are connected to our phone numbers. But we can only hope that the adversaries don’t use the personal details of users for attacks. The good news is that _TikTok has responsibly fixed the vulnerability_. Users are advised to be vigilant and adopt necessary security measures. ### Cyberattack Hits Palfinger _Australia based crane and lifting manufacturer Palfinger recently underwent a cyberattack that brought down its IT systems_. Palfinger’s website displays a message saying that their operations are down because of a cyberattack that has brought down their email and IT systems. Consequently, the enterprise won’t respond to queries on orders; the only way to contact them is via telephone. ![What is phishing](https://media.mailhop.org/phishprotection/images/2021/02/what-is-phishing-6436.jpg) Since the attack is still being investigated, [Palfinger requests](https://www.bleepingcomputer.com/news/security/leading-crane-maker-palfinger-hit-in-global-cyberattack/?&web%5Fview=true) its partners to _avoid making purchases and contact them via other channels like Whatsapp and phone calls_. They are adopting the required measures for [protection against phishing](/) and hope to be back in business soon. ### Records Of Dutch COVID Patients Selling On The Dark Forum _The Dutch police have arrested two criminals for selling the private data of patients registered on the COVID-19 systems of the Dutch health ministry_. Advertisements of these sales were all over Snapchat, Telegram, and Wickr. The stolen records have been [selling online](https://www.zdnet.com/article/dutch-covid-19-patient-data-sold-on-the-criminal-underground/?&web%5Fview=true) at prices ranging between **€30, €50 per record**. The records being sold include the addresses, phone numbers, email ids, DOBs, and patients’ social security numbers. The two convicted men worked at the DDG call centers, which is how they had access to the COVID-19 systems of the Dutch government. _This security breach poses a significant threat to the patients_ as their social security numbers can be used for financial fraud and blackmailing purposes. ### Protect Your Organization - [Learn how phishing attacks work and how to spot them](/learn-what-is-phishing/) - [See how Phish Protection blocks threats in real time](/anti-phishing-tools/) ## Topics [ Announcements ](/tags/announcements/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Intermediate 5m Cybersecurity Updates For The Week 33 of 2022 Aug 22, 2022 ](/blog/cyber-security-news-update-week-33-2022/)[ Intermediate 6m Cybersecurity Updates For The Week 41 of 2022 Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[ Intermediate 5m Cybersecurity Updates For The Week 1 of 2021 Jan 1, 2021 ](/blog/cybersecurity-updates-for-the-week-1-of-2021/)[ Intermediate 6m Cybersecurity Updates For The Week 1 of 2022 Jan 7, 2022 ](/blog/cybersecurity-updates-for-the-week-1-of-2022/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity Updates For The Week 6 of 2021","description":"The headlines are crowded again with instances of cyberattacks on organizations, and the loss of information is immense, yet again.","url":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-6-of-2021/","datePublished":"2021-02-05T14:07:59.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2021-02-05T14:07:59.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-6-of-2021/"},"articleSection":"intermediate","keywords":"Announcements","wordCount":1210,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2021/02/phishing-definition-5842.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Cybersecurity Updates For The Week 6 of 2021","item":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-6-of-2021/"}]} ```