--- title: "Cybersecurity Updates For The Week 7 of 2023 | Phish Protection" description: "Cybersecurity Updates For The Week 7 of 2023: Cyber threats are becoming more prevalent and are affecting organizations of all sizes and industries. With the." image: "https://phishprotection.com/og/blog/cybersecurity-updates-for-the-week-7-of-2023.png" canonical: "https://phishprotection.com/blog/cybersecurity-updates-for-the-week-7-of-2023/" --- Quick Answer \[Cyber threats\](/advanced-threat-protection/4-common-cyber-threats-business-face-2022) are becoming more prevalent and are affecting organizations of all sizes and industries. With the \*\*ever-increasing\*\* amount of sensitive information being stored online, the consequences of a cyber attack can be severe for both individuals and businesses. Here are this week's \*\*top headlines\*\* to keep you informed about the latest security incidents and data breaches. Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-7-of-2023%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20Updates%20For%20The%20Week%207%20of%202023&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-7-of-2023%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-7-of-2023%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-7-of-2023%2F&title=Cybersecurity%20Updates%20For%20The%20Week%207%20of%202023 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20Updates%20For%20The%20Week%207%20of%202023&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-7-of-2023%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2023/02/spear-phishing-protection-3684.jpg) [Cyber threats](/advanced-threat-protection/4-common-cyber-threats-business-face-2022) are becoming more prevalent and are affecting organizations of all sizes and industries. With the **ever-increasing** amount of sensitive information being stored online, the consequences of a cyber attack can be severe for both individuals and businesses. Here are this week’s **top headlines** to keep you informed about the latest security incidents and data breaches. --- ### Eurostar Forces Its Users To Do ‘Password Resets’ - Fails And Locks Them Out [Eurostar](https://www.bleepingcomputer.com/news/security/eurostar-forces-password-resets-then-fails-and-locks-users-out/?&web%5Fview=true), the International high-speed rail operator, e-mailed its users this week and insisted they **reset their account passwords** to “upgrade” security. But users who clicked on the password reset link encountered “technical problems,” making it **impossible to log in** or reset their accounts. Eurostar is famous for connecting the United Kingdom to Belgium, Netherlands, and France, with most trains passing through the Channel Tunnel. Eurostar password reset bug locks passengers out. Eurostar e-mailed all its customers this week and **forced** them to reset their account passwords as the railway operator claimed it was “busy” **upgrading** account [security](https://news.sky.com/story/reddit-cyber-attack-security-upgrade-warning-for-users-after-sophisticated-scam-targets-forums-staff-12807487) for all users. “You must reset your password to continue using your Eurostar account,” reads the e-mail. “You must update your Eurostar **mobile app** to the latest version .” However, following the instructions and **clicking the “reset password”** link does not solve anything. Instead, users receive the following error: “Sorry, we’re facing a few technical problems and cannot send the e-mail currently. Please try again.” ### Attackers Launch a Backdoor Attack Targeting 11,000 WordPress Sites Sucuri researchers reported a backdoor that successfully **infected** about 11,000 websites in recent months. Following are the details shared by the researchers in their technical report. Sucuri researchers identified over[75 pseudo-short URL domains](https://www.hackread.com/adsense-websites-hacked-backdoor-attack/?web%5Fview=true)in the past two months and linked them with **redirected traffic**. They noted that most malicious URLs belonged to the **same** [URL-shortening service](https://www.seguetech.com/what-is-a-url-shortening-service-and-how-can-it-help-my-website/#:~:text=A%20URL%20shortening%20service%20is,addresses)%20and%20makes%20them%20short.), and some **mimicked** the names of popular link-shortening services like Bitly. The visitors get redirected to a few **low-quality websites** designed on the Question2Answer CMS, discussing cryptocurrency or [blockchain](https://cointelegraph.com/news/crypto-and-blockchain-education-becomes-priority-at-top-universities)\-related topics. Backdoor Redirect Victims to Hacked Sites Sucuri’s researchers say the backdoor redirects victims to sites showing **fraudulent views** of [Google AdSense](https://whatsnewinpublishing.com/google-adsense-link-ads-are-going-away-this-march-what-publishers-need-to-know/) ads. Sucuri’s SiteCheck remote scanner detected over 10,890 infected sites, and the researchers claimed the activity intensified recently, with hackers disguising **70 new malicious domains** as legitimate in 2023. Sucuri’s researchers said all the infected websites were using **WordPress CMS**. ### Hackers Target Bahrain Airport, News Agencies to Mark Uprising A group labeling itself[Al-Toufan](https://www.securityweek.com/hackers-target-bahrain-airport-news-sites-to-mark-uprising/?web%5Fview=true), or “The Flood” in Arabic, said they **hacked** the airport’s website, which was down for about half an hour during the day. Furthermore, the group claimed responsibility for **targeting** the state-run Bahrain News Agency. The group said the hacking was to **support the revolution** of Bahrain’s oppressed people and posted images with [504 Gateway Timeout Errors](https://www.siteground.com/kb/504-gateway-timeout/#What%5Fdoes%5Fthe%5F504%5FGateway%5FTimeout%5FError%5Fmean). The same attackers’ group hacked and **altered articles** on Akhbar Al Khaleej’s website (Bahrain’s pro-government newspaper) hours earlier. The authorities refused any immediate comment. Bahrain’s Shiite majority started long-running **protests against the Sunni monarchy** on February 14, 2011\. Bahrain took the support of the United Arab Emirates and Saudi Arabia to **quash the rebellion**, but the movement has not died down. Authorities have deported Shiite [activists](https://www.bbc.com/news/world-middle-east-27601042), imprisoned others, stripped many of their citizenship, and shut down a leading independent newspaper. ![Spear phishing protection](https://media.mailhop.org/phishprotection/images/2023/02/spear-phishing-protection-3684.jpg) ### Pepsi Bottling Ventures Becomes a Data Breach Victim, and Hackers Download Confidential Information. Pepsi Bottling Ventures LLC became the latest victim of a [data breach](/phishing/data-breaches-how-they-impact-small-businesses) resulting from a **network intrusion** that led to the installation of information-stealing malware . The hackers then **extracted** crucial data from its IT systems. Pepsi Bottling Ventures, the largest[Pepsi-Cola beverages](https://www.bleepingcomputer.com/news/security/pepsi-bottling-ventures-suffers-data-breach-after-malware-attack/?&web%5Fview=true)bottler in the United States, manufactures, distributes, and sells popular consumer brands. It operates 18 bottling facilities across Virginia, Maryland, North, South Carolina, and Delaware. 27-day exposure window The company **filed a security incident** notice with Montana’s Attorney General’s office explaining that the company’s systems were breached on December 23, 2022 . But, it discovered the breach on January 10, 2023, or 18 days later, and the **remediation** took even longer. > The notice reads, “Based on our preliminary investigation, a malicious party \*\*accessed \*\* \[our internal IT systems\] around December 23, 2022, installed [malware](/content/protection-against-malware/what-is-malware), and accessed certain **information** on our IT systems,”. The following information may have been impacted: - Full name Home address Financial account information (passwords, PINs, access numbers) State and Federal **driver’s license numbers** and government-issued ID numbers ID cards - **Social Security Numbers (SSNs)** Passport information - [Digital signatures](https://www.cisa.gov/news-events/news/understanding-digital-signatures) Information linked to benefits and employment (medical history and health insurance claims) ### Indian Social Media App Slick Exposes Children’s Data An emerging Indian [social media](https://www.computerweekly.com/news/365531132/Social-media-platform-Reddit-breached-in-phishing-attack) app left an **internal database** publicly **exposed** to the internet for months. The database contained users’ personal information, including details of school-going children . Since December 11, a database containing full names, dates of birth, mobile numbers, and profile pictures of **Slick users** has been available online without a password. Slick, available on Android and iOS, works like Gas, a popular US compliments-based app . It also allows school and college-going students to talk with and about their friends **anonymously**. Security researcher Anurag Sen working with[CloudDefense.ai](https://techcrunch.com/2023/02/10/slick-social-media-app-data-exposed/?&web%5Fview=true)discovered the **exposed database** and approached TechCrunch to help report the incident to the social media startup . After TechCrunch reached out to Slick on Friday, it \*\*secured \*\*the database. Due to a **misconfiguration**, any user familiar with the database’s IP address could access it, which contained entries of over 153,000 users . TechCrunch also discovered that [hackers](/phishing/hackers-now-going-after-software-tools-which-help-workers-collaborate) could access the database through an **easy-to-guess subdomain** on Slick’s website. ### Android Mobile Devices From Top Chinese Vendors Coming With Preinstalled Malware, A Study Today, China has the largest number of **Android device** users. However, a recent study by researchers from the Trinity College of Dublin and the University of Edinburgh revealed that popular[Android devices](https://securityaffairs.com/141989/malware/android-mobile-devices-china-malware.html?web%5Fview=true)sold in the country come **loaded with spyware**. The researchers performed **static and dynamic code analysis** to study the data transmitted by Android smartphones’ pre-installed [system apps](https://www.hexnode.com/mobile-device-management/help/what-are-system-apps/). The experts analyzed three of the most popular Chinese vendors - Xiaomi , OnePlus , and Oppo Realme and discovered several systems, third-party and vendor apps with **dangerous privileges**. \_The apps could stealthily **exfiltrate** user and device information, including system info, user profiles, social relationships, geolocation, and call history. \_ The researchers observed that the analyzed smartphones **sent data** to the [Chinese](https://thehackernews.com/2022/12/chinese-hackers-target-middle-east.html) mobile network operators (China Mobile and China Unicom) and **device vendors**. Additionally, the smartphones were beaming the data even if the listed operators did not provide any service to the device. Thus, the experts concluded that [malicious](/phishing/malicious-actors-exploit-commenting-feature-in-google-docs-to-send-phishing-emails) software puts **users’ privacy at risk**, and one can use it to spy on users and unmask their identities. Furthermore, they pointed out that the **preinstalled software** exposes users who leave the country to surveillance. ### Mount Saint Mary College Confirms Ransomware Attack Mount Saint Mary College, a New York liberal arts college, acknowledged it suffered a[ransomware attack](https://therecord.media/mount-saint-mary-college-confirms-december-ransomware-attack/?web%5Fview=true)in December after attackers publicly shared the incident’s details this week. The Vice **Society ransomware group**, famous for various attacks on K-12 schools, colleges, and universities, claimed they **attacked the school** on Wednesday. When asked for comment, a Mount Saint Mary College representative directed The Record to a recent statement where the school mentions it **detected and stopped** an attack on December 20, 2022 . The cybercriminals accessed and **disabled** some of the school’s systems, leading to officials disconnecting part of the **affected network** before hiring [phishing protection](/) specialists to guide with the response. > “After learning about the incident, the college notified **law enforcement** quickly, including the FBI. Furthermore, following recommendations from the FBI, the college **refused** to comply with a [ransom](https://www.infosecurity-magazine.com/news/firms-pay-ransom-subsidise-10/) demand from the group,” the school said. ![Prevent spear phishing](https://media.mailhop.org/phishprotection/images/2023/02/prevent-spear-phishing-6379.jpg) ### Hackers Abuse PayPal And Twitter in Turkey Relief Donation Scams _Scammers are exploiting the current humanitarian crisis in Turkey and Syria, stealing donations by abusing legitimate PayPal and Twitter._ Recently, high-magnitude **earthquakes** claimed over 15,000 lives, disrupted network connectivity, and caused extensive infrastructural damage across the Middle East and Mediterranean region. As the government, charity organizations, and businesses stepped up to raise funds and aid victims, [threat actors](/phishing/threat-actors-using-russia-ukraine-conflict-to-launch-phishing-attacks) wasted no time in targeting **unsuspecting donors**. Fundraising scam abuses PayPal.com. [BleepingComputer](https://www.bleepingcomputer.com/news/security/paypal-and-twitter-abused-in-turkey-relief-donation-scams/?&web%5Fview=true)identified **multiple scams** on Twitter abusing legitimate platforms like PayPal’s fundraising pages. The attackers create convincing **scam websites** and target donors hoping to aid earthquake victims. One of the scams labels itself on Twitter as a ” Turkey Earthquake Relief .” The account frequently **retweets updates** from government officials and established news outlets to lend itself **credibility**. Such scams are especially convincing because [cybercriminals](/blog/cybercriminals-are-duping-millions-of-accounts-in-the-latest-facebook-phishing-campaign/) use trustworthy payment platforms like PayPal instead of a separate scam or **phishing domain**. ### Protect Your Organization - [Learn how phishing attacks work and how to spot them](/learn-what-is-phishing/) - [See how Phish Protection blocks threats in real time](/anti-phishing-tools/) ## Topics [ Announcements ](/tags/announcements/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Intermediate 5m Cybersecurity Updates For The Week 33 of 2022 Aug 22, 2022 ](/blog/cyber-security-news-update-week-33-2022/)[ Intermediate 6m Cybersecurity Updates For The Week 41 of 2022 Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[ Intermediate 5m Cybersecurity Updates For The Week 1 of 2021 Jan 1, 2021 ](/blog/cybersecurity-updates-for-the-week-1-of-2021/)[ Intermediate 6m Cybersecurity Updates For The Week 1 of 2022 Jan 7, 2022 ](/blog/cybersecurity-updates-for-the-week-1-of-2022/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity Updates For The Week 7 of 2023","description":"Cybersecurity Updates For The Week 7 of 2023: Cyber threats are becoming more prevalent and are affecting organizations of all sizes and industries. With the.","url":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-7-of-2023/","datePublished":"2023-02-13T06:55:11.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2023-02-13T06:55:11.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-7-of-2023/"},"articleSection":"intermediate","keywords":"Announcements","wordCount":1498,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2023/02/spear-phishing-protection-3684.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Cybersecurity Updates For The Week 7 of 2023","item":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-7-of-2023/"}]} ```