Phishing headlines are unlikely to leave the cybersecurity news any time soon. This week’s cybersecurity updates indicate the surge in ransomware attacks, data thefts, and financial fraud, throwing light on the importance of adopting the right anti-phishing solutions to keep your and your organization’s critical information assets secure.


WooCommerce Patches Critical Vulnerability

The WooCommerce administrators urge all users of the e-commerce plugin for the WordPress content management system to update their plugins to version 5.5.51. This is because over 90 versions of the 5.5.0 plugin were vulnerable to a severe bug that adversaries could exploit without authentication.

Though the bug hasn’t yet received a tracking number, it is considered a critical one with a severity score of 8.2 out of 10 (Patchstack). It also affects the WooCommerce Blocks plugin that shows products on posts and pages. All WooCommerce plugin versions from 3.3 to 5.5 and WooCommerce Blocks from 2.5 to 5.5 have received an update to 5.5.1. The patches are being rolled out automatically for all affected WooCommerce installations. To ensure protection from phishing attacks, WooCommerce has also sent out notification emails to all users.

If unpatched, the vulnerability would enable the adversaries to access all administrative details, store-related information, and access customer-related data. Hence, WooCommerce urges all users to update to the latest version and change their passwords.


Cuba Ransomware Attacks Forefront Dermatology

The Wisconsin-based clinic Forefront Dermatology S.C recently discovered some unauthorized access in its IT system and sent out a ransomware notification to 2.4 million employees, patients, and clinicians. From the looks of it, the attack involved the less frequently seen ransomware gang Cuba and is the third-largest breach reported to the Department of Health and Human Services  HIPAA Breach Reporting Tool website this year.

Cuba operators dumped a 47MB file belonging to Forefront on its data leak site. This data dump included over 130 files with information on the clinic’s network, security, insurance, health login portals, and backup details. Over a hundred sets of passwords and login details were also exposed. As per sources, Forefront first discovered the breach on 4th June and found that its systems were accessed by the adversaries between 28th May and 4th June. In its breach notification, the clinic informs that the compromised information includes the names, DOBs, addresses, health insurance details, medical details, patient account numbers, provider details, and clinical treatment information.

Financial information, Social Security numbers, and driver’s license numbers stored on Forefront’s systems were not affected by the security incident. All of Forefront’s clients are advised to take anti-phishing measures to protect themselves from any potential attacks and watch out for targeted phishing emails.


Ransomware Attacks Hits PractiseFirst

The New York-based medical management services provider, PractiseFirst, recently underwent a supply chain ransomware attack that affected over 1.2 million individuals. This attack is the sixth-largest health data breach reported to the Department of Health and Human Services’ website this year.  The breach notification issued by PracticeFirst indicates that the attack was first detected on 30th December 2020, but it’s only on 1st July 2021 that the MSP reported the incident to federal regulators. The company had entered a negotiation with the ransomware operators and paid a ransom in exchange for an assurance that none of their files will be stored, shared, or sold further.

The compromised information included patients’  names, email addresses, DOBs, addresses, Social Security numbers, driver’s license numbers, patient identification numbers, laboratory, diagnosis, treatment information, tax identification numbers, medication information, and health insurance identification and claims information. It also included the employee usernames, passwords, security questions and answers, and payment card and bank details.

While PractiseFirst was quick to shut down its systems after spotting unauthorized access, the information lost to adversaries implies an impending cyber threat for all victims, despite the company meeting the ransom demands. Cyberattacks like this are widespread, and what PractiseFirst did to ensure phishing protection was elementary. It will be in the best interest of all stakeholders if they look out for abnormalities in their accounts or suspicious emails.


Chinese Hackers Target Nepal Telecom

Chinese hackers recently attacked the Oracle GlassFish Server used by Nepal Telecom. The adversaries deployed APT 41, APT 71, and backdoor weapons to access the systems of the telecom company and stole the call details of all Nepali users.

The Call Data Records of all victims are up on the dark web for sale since 29th June 2021. In its statements, the telecom company has assured that they took phishing prevention best practices and that the call data is safe, and servers remain protected.


Over 780k Emotet Affected Email Accounts Re-Secured

Ever since the authorities seized and shut down the servers of the malicious malware gang Emotet in January 2021, attempts have been made to re-secure the hundreds of thousands of email accounts compromised by the gang. Over 780,000 email accounts have been re-secured since April, thanks to the efforts of the cybersecurity organization Spamhaus.

Apart from an initial list of 4,324,770 compromised email addresses, the organization also received 1.3 million other addresses compromised by Emotet. More than 3000 organizations and 22,000 domain owners were approached to re-secure the email accounts by resetting the passwords. Over 60% of those 1.3 million addresses have been re-secured to date. Though many accounts continue to be vulnerable to Emotet or other cyberattackers’ malicious intentions, this is an outstanding achievement. All those who believe that their accounts continue to be under the control of the malware gang must adopt phishing prevention measures and look out for suspicious messages.


Cyberattack Hits Spreadshop

Renowned merchandise shop platform Spreadshop underwent an organized cyber attack recently. Consequently, the personal and bank details of employees, partners, external suppliers, and customers were compromised. The exposed information includes the payment details of customers who transferred money or received refunds from Spreadshirt, TeamShirts, or Spreadshop. The bank details of only this small group of customers were affected. The other information belonging to stakeholders compromised in the breach includes the addresses, bank details, password hashes from before 2014, and PayPal addresses.

The company notified users of the breach on 8th July 2021 and apologized for the disturbing attack. Spreadshop had some measures in place, and yet the adversaries could infiltrate its systems. It is now working with third-party cybersecurity experts to investigate the attack and restore its systems. Spreadshop account holders are advised to adopt measures to prevent phishing attacks and change their passwords for both the Spreadshop account and PayPal or bank accounts they may have used for their transactions with the company.


Data Breach At Mint Mobile

The telecommunications company Mint Mobile underwent a data breach between 8th to 10th June, which affected the personal details of some of its subscribers. In a recent breach notification to the victims, the company has informed that the adversaries gained unauthorized access to its systems. Consequently, some of the subscribers’ account information (including their names, contact numbers, addresses, call history, email addresses, and passwords) was ported to another carrier.

Mint Mobile assured users that the process was reversed and their services restored as soon as they discovered the breach. However, they still recommend users change their account passwords, enable multi-factor authentication, and take necessary anti-phishing measures. The company hasn’t disclosed how the attackers infiltrated its systems, but the hackers probably hacked one of their customer managing applications or user accounts.