Video Episode: https://youtu.be/otdn468NX9Y
In today’s episode, we explore the alarming implications of a rogue WHOIS server exploited by Benjamin Harris, the CEO of watchTowr, enabling him to generate counterfeit HTTPS certificates and potentially manipulate thousands of servers. We also discuss new malicious tactics employed by the Lazarus Group, including fake coding tests for software developers to disseminate malware, and Microsoft’s recent patch release addressing 79 vulnerabilities, including three actively exploited flaws. Additionally, we touch on Ivanti’s urgent updates for critical vulnerabilities in its Endpoint Manager software.
00:00 – Intro
01:07 – Ivanti Vulnerability
02:30 – Microsoft Patch Tuesday
04:00 – Lazarus Fake Code Challenges
07:00 – Researcher Exposes WHOIS Server Vulnerabilities
Articles referenced in this episode:
- https://arstechnica.com/security/2024/09/rogue-whois-server-gives-researcher-superpowers-no-one-should-ever-have/
- https://thehackernews.com/2024/09/developers-beware-lazarus-group-uses.html
- https://thehackernews.com/2024/09/microsoft-issues-patches-for-79-flaws.html
- https://thehackernews.com/2024/09/ivanti-releases-urgent-security-updates.html
Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com
Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/
Logo Design by https://www.zackgraber.com/
Tags: Benjamin Harris, WHOIS server, HTTPS certificates, vulnerabilities, Lazarus Group, Malware, VMConnect, Cybersecurity, Microsoft, Endpoint Manager, remote code execution
Search Phrases: What are today’s top cybersecurity news stories?, Benjamin Harris WHOIS server exploit, fake HTTPS certificates tracking, vulnerabilities in internet security, Lazarus Group malware campaign, VMConnect software developer scams, Microsoft security patch urgency, critical vulnerabilities in Windows, Ivanti Endpoint Manager updates, remote code execution risks
Leave a Reply