Video Episode: https://youtu.be/otdn468NX9Y

In today's episode, we explore the alarming implications of a rogue WHOIS server exploited by Benjamin Harris, the CEO of watchTowr, enabling him to generate counterfeit HTTPS certificates and potentially manipulate thousands of servers. We also discuss new malicious tactics employed by the Lazarus Group, including fake coding tests for software developers to disseminate malware, and Microsoft's recent patch release addressing 79 vulnerabilities, including three actively exploited flaws. Additionally, we touch on Ivanti's urgent updates for critical vulnerabilities in its Endpoint Manager software.

00:00 - Intro

01:07 - Ivanti Vulnerability

02:30 - Microsoft Patch Tuesday

04:00 - Lazarus Fake Code Challenges

07:00 - Researcher Exposes WHOIS Server Vulnerabilities

Articles referenced in this episode:

1. https://arstechnica.com/security/2024/09/rogue-whois-server-gives-researcher-superpowers-no-one-should-ever-have/
2. https://thehackernews.com/2024/09/developers-beware-lazarus-group-uses.html
3. https://thehackernews.com/2024/09/microsoft-issues-patches-for-79-flaws.html
4. https://thehackernews.com/2024/09/ivanti-releases-urgent-security-updates.html

Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com

Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/

Logo Design by https://www.zackgraber.com/

Tags: Benjamin Harris, WHOIS server, HTTPS certificates, vulnerabilities, Lazarus Group, Malware, VMConnect, Cybersecurity, Microsoft, Endpoint Manager, remote code execution

Search Phrases: What are today's top cybersecurity news stories?, Benjamin Harris WHOIS server exploit, fake HTTPS certificates tracking, vulnerabilities in internet security, Lazarus Group malware campaign, VMConnect software developer scams, Microsoft security patch urgency, critical vulnerabilities in Windows, Ivanti Endpoint Manager updates, remote code execution risks