Researchers at watchTowr Labs spent $20 to purchase an expired .mobi top-level domain (TLD) from an inactive WHOIS server. After a few days, they were hit with around 2.5 million WHOIS queries from over 135,000 distinctive systems. The team’s actions demonstrated that many organisations have not updated their systems to recognise the current .mobi WHOIS server. If a malicious actor had the outdated domain, this could lead to issues such as issuing fraudulent SSL/TLS certificates or obtaining remote code execution.
CISA Details New RESURGE Malware Used In Ivanti Attacks
The U.S. Cybersecurity and Information Security Agency (CISA) has detected a new malware variant termed RESURGE, which can modify files and manipulate integrity checks. The
