Welcome to our weekly IT security recap for the week 34.

We compile noteworthy news incidents and vulnerabilities from the past week, shedding light on the ongoing challenges in maintaining digital security.

Data leak

  1. French government agency for registering the unemployed and financial aid, reports on data leak that exposed the data of 10 million people.
    https://www.pole-emploi.org/accueil/communiques/un-prestataire-de-pole-emploi-victime-dun-acte-de-cyber-malveillance.html?type=article rel=”nofollow”
  2. Data of 2.6 million Duolingo users leaked to hacker forum.
    https://therecord.media/duolingo-investigating-dark-web-post-offering-data-from-2-6-million-accounts
  3. Ransomware group BlackCat/ALPHV has begun releasing data stolen from Japanese watch giant Seiko.
    https://www.sii.co.jp/en/news/topics/2023/08/10/12208/

Ransomware

  1. Danish hosting companies CloudNordic and AzeroCloud were hit by a ransomware attack that caused the loss of most customer data.
    https://www.cloudnordic.com/

Vulnerability

  1. The U.S. Federal Bureau of Investigation (FBI) warns that Barracuda Networks Email Security Gateway (ESG) devices that have been updated against a recently disclosed critical vulnerability remain at risk
    https://www.ic3.gov/Media/News/2023/230823.pdf
  2. Thousands of Openfire XMPP servers are vulnerable to the recently disclosed high-severity CVE-2023-32315 vulnerability, according to a new report from VulnCheck.
    https://vulncheck.com/blog/openfire-cve-2023-32315
  3. Cisco on Wednesday announced fixes for six vulnerabilities in its products, including three high severity vulnerabilities in NX-OS and FXOS software that can be exploited in a DoS attack.
    https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75058
  4. Vulnerability in TP-Link Tapo L530E smart bulb can be exploited to obtain Wi-Fi password.
    https://arxiv.org/pdf/2308.09019.pdf
  5. A flaw in WinRAR CVE-2023-40477 allows code execution by simply opening the archive.
    https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=232&cHash=c5bf79590657e32554c6683296a8e8aa

Encryption

  1. Meta has confirmed plans to introduce support for end-to-end encryption (E2EE) by default in Messenger by the end of the year.
    https://messengernews.fb.com/2023/08/22/expanding-testing-for-end-to-end-encryption-on-messenger/