Video Episode: https://youtu.be/wJO-8X_Wvww

In today's episode, we discuss critical security updates from Adobe that address severe vulnerabilities in Acrobat and Reader, specifically CVE-2024-41869 and CVE-2024-45112, as well as the implications of a newly discovered PoC exploit. We also explore the rise of Vo1d malware, which has infected 1.3 million Android TV boxes globally, compromising outdated systems from various brands. Lastly, we cover GitLab's urgent advisory regarding a significant pipeline execution vulnerability, CVE-2024-6678, urging users to update to secure versions immediately.

00:00 - Intro

00:55 - Adobe Patches

01:56 - GitLab

03:00 - Android TV Vulnerabilities

Resources:

1. https://www.helpnetsecurity.com/2024/09/12/cve-2024-41869/
2. https://thehackernews.com/2024/09/beware-new-vo1d-malware-infects-13.html
3. https://www.bleepingcomputer.com/news/security/gitlab-warns-of-critical-pipeline-execution-vulnerability/

Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com

Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/

Logo Design by https://www.zackgraber.com/

Adobe, CVE-2024-41869, vulnerabilities, zero-day, Vo1d, Android TV box, malware, Doctor Web, GitLab, CVE-2024-6678, execute

What are today's top cybersecurity news stories?, Adobe security updates, CVE-2024-41869 zero-day, Vo1d malware Android TV box, protect Android TV box Vo1d malware, GitLab critical vulnerability, CVE-2024-6678, vulnerabilities in software updates, implications of delaying updates, securing GitLab installations

Video Episode: https://youtu.be/otdn468NX9Y

In today's episode, we explore the alarming implications of a rogue WHOIS server exploited by Benjamin Harris, the CEO of watchTowr, enabling him to generate counterfeit HTTPS certificates and potentially manipulate thousands of servers. We also discuss new malicious tactics employed by the Lazarus Group, including fake coding tests for software developers to disseminate malware, and Microsoft's recent patch release addressing 79 vulnerabilities, including three actively exploited flaws. Additionally, we touch on Ivanti's urgent updates for critical vulnerabilities in its Endpoint Manager software.

00:00 - Intro

01:07 - Ivanti Vulnerability

02:30 - Microsoft Patch Tuesday

04:00 - Lazarus Fake Code Challenges

07:00 - Researcher Exposes WHOIS Server Vulnerabilities

Articles referenced in this episode:

1. https://arstechnica.com/security/2024/09/rogue-whois-server-gives-researcher-superpowers-no-one-should-ever-have/
2. https://thehackernews.com/2024/09/developers-beware-lazarus-group-uses.html
3. https://thehackernews.com/2024/09/microsoft-issues-patches-for-79-flaws.html
4. https://thehackernews.com/2024/09/ivanti-releases-urgent-security-updates.html

Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com

Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/

Logo Design by https://www.zackgraber.com/

Tags: Benjamin Harris, WHOIS server, HTTPS certificates, vulnerabilities, Lazarus Group, Malware, VMConnect, Cybersecurity, Microsoft, Endpoint Manager, remote code execution

Search Phrases: What are today's top cybersecurity news stories?, Benjamin Harris WHOIS server exploit, fake HTTPS certificates tracking, vulnerabilities in internet security, Lazarus Group malware campaign, VMConnect software developer scams, Microsoft security patch urgency, critical vulnerabilities in Windows, Ivanti Endpoint Manager updates, remote code execution risks

In today's episode, we explore the alarming rise of sextortion and its devastating impact on individuals, families, and communities. We discuss recent cases involving Nigerian brothers sentenced for their role in the tragic death of a Michigan teenager, the emergence of sadistic sextortion targeting children in Australia, and new scams using personal information to exploit victims. Together, we shine a light on this critical issue, emphasize the importance of online safety, and share resources for those affected.

Those worried their intimate images will be shared can use a tool such as StopNCII, which creates a digital hash, or fingerprint, of images that is shared with companies such as Instagram, Snapchat, OnlyFans and Pornhub so they can block them from being posted to the platform.

Article URLs:

1. Nigerian brothers whose sextortion plot led to death of Michigan teen get 17 years: https://www.theguardian.com/us-news/article/2024/sep/06/sextortion-samuel-samson-ogoshi-jordan-demay?CMP=oth_b-aplnews_d-1
2. Australian police are warning about ‘sadistic sextortion’. Here’s how it works, and the red flags for parents: https://www.theguardian.com/technology/article/2024/sep/07/australia-federal-police-sadistic-child-sextortion-warning
3. Sextortion scam now use your "cheating" spouse’s name as a lure: https://www.bleepingcomputer.com/news/security/sextortion-scam-now-use-your-cheating-spouses-name-as-a-lure/

• Nigerian brothers Samuel (22) and Samson Ogoshi (20) sentenced to 17 years (210 months) in prison.
• Victim: Jordan DeMay, 17, who died in March 2022.
• Jordan DeMay sent nude photographs after being befriended on social media.
• The brothers demanded $1,000, and Jordan paid $300 before threatening to kill himself.
• Less than 6 hours after the threat, Jordan died.
• FBI tracked communications to the brothers in Nigeria, revealing attempts to extort over 100 individuals.
• Australian police report children as young as 12 being coerced into producing extreme content via 'sadistic sextortion'.
• Increase of reports of image-based abuse in Australia: 117% in 2022-2023, with sextortion being the most frequently reported form.
• RMIT's Prof. Nicola Henry noted that intimate partners are often the perpetrators of sextortion.
• Just under 16% of surveyed adults reported experiencing threats to share intimate images, higher than most surveyed countries except the USA.
• Victim Rohan Cosgriff, age 17, died in 2022 after being pressured into sending intimate photos.
• Recent sextortion emails target spouses, claiming infidelity and demanding payments between $500 to $5,000.
• First appearance of the new sextortion variant noted about three weeks prior to the article's publication.
• Profits from sextortion scams were over $50,000 in the first week of their appearance in 2018.
• Recipients of new sextortion emails reported names used that aren’t commonly associated with them, including maiden names and pet names.