Connect with us

Hi, what are you looking for?



In Other News: Africa Cybercrime Crackdown, Unpatched macOS Flaw, Investor Disclosures

Weekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar for the week of August 21, 2023.

Cybersecurity news roundup

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.

Here are this week’s stories:

Interpol and Afripol crack down on cybercrime

Authorities arrested 14 suspects and disrupted thousands of suspicious cyber networks as part of Africa Cyber Surge II, a four-month operation across 25 African countries, focused on identifying cybercriminals and compromised infrastructure. Involved in online fraud, malware hosting, and other malicious activities, the cyber networks were linked to financial losses of more than $40 million. 

Florida man pleads guilty to role in hacking scheme 

Advertisement. Scroll to continue reading.

Eddly Joseph, 43, of Gainesville, Florida, admitted in court to participating in an India-based hacking scheme to steal $150,000 from an elderly Montana woman. The fraudsters hacked into the woman’s computer, made it look as if it was infected with malware, and told the woman to withdraw the money from her bank accounts and give it to them for ‘safekeeping’.

SentinelOne explores sale

Cybersecurity firm SentinelOne reportedly hired investment bank Qatalyst Partners to provide advice regarding a potential takeover. The company’s shares fell roughly 80% over the past two years and initial expressions of interest were below SentinelOne’s valuation expectations, Reuters reports

Facebook expands end-to-end encryption in Messenger

Facebook parent company Meta is expanding end-to-end encryption (E2EE) testing in Messenger, in preparation for enabling it by default for all one-to-one friends and family chats by the end of the year. To access default E2EE, users will need to update the application to newer builds, the internet giant announced

EY analyzes investor cyber disclosures

EY’s analysis of proxy statements and 10‑K filings over the past six years has shown “steady and significant increases in the percentage of disclosures in certain categories of cyber management and oversight.” The report also shows increases in the frequency of management reporting to the board, cybersecurity as a sought for area of expertise, and in the use of external independent advisors. 

CISA publishes first VDP Platform report

In its inaugural VDP Platform Annual Report, the US Cybersecurity and Infrastructure Security Agency (CISA) said its VPD platform facilitated the remediation of more than 1,000 vulnerabilities through December 2022, including nearly 200 critical issues.  

Power Platform privilege escalation

Secureworks has informed Microsoft about a Power Platform vulnerability that could have allowed an attacker to escalate privileges. Microsoft was informed about the flaw in April and quickly rolled out a patch. 

Nvidia driver vulnerability allows guest-to-host escape

Cisco Talos has detailed three Nvidia driver vulnerabilities that can be exploited for a guest-to-host escape. The vulnerabilities have been described as memory corruption issues that can be exploited using specially crafted executable or shader files. Nvidia has released updates that patch the vulnerabilities. 

Critical vulnerabilities in Jupiter X Core WordPress plugin

Patchstack has shared details on two critical-severity vulnerabilities in the Jupiter X Core premium plugin for WordPress. Tracked as CVE-2023-38388 and CVE-2023-38389, they are described as unauthenticated arbitrary file upload and unauthenticated account takeover issues addressed in Jupiter X Core versions 3.3.8 and 3.4.3, respectively.

WinRAR RCE vulnerability

Details were published on a high-severity WinRAR vulnerability (CVE-2023-40477) that can be exploited by remote attackers to execute arbitrary code using specially crafted archive files. The bug was resolved in WinRAR 6.23 in early August along with a zero-day vulnerability (CVE-2023-38831) exploited since at least April 2023 in attacks targeting traders

Unpatched macOS App Management vulnerability

A researcher has discovered a macOS App Management vulnerability that a malicious application downloaded from the internet can exploit to modify notarized apps. The vulnerability was reported to Apple in October 2022, but the researcher said it remains unpatched. He regrets participating in Apple’s bug bounty program, describing it as a “giant, frustrating waste of time”. 

Related: In Other News: macOS Security Reports, Keyboard Spying, VPN Vulnerabilities

Related: In Other News: US Hacking China, Unfixed PowerShell Gallery Flaws, Free Train Tickets

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.