Cybersecurity Digest for 24 July 2024 Today we discuss the following items: Crowdstrike Stealer: Threat Actor Uses Fake Recovery Manual to Deliver Unidentified Stealer (crowdstrike.com) ESET’s EvilVideo Discovery Cursed tapes: Exploiting the EvilVideo vulnerability on Telegram for Android (welivesecurity.com) TrendMicro’s Playransomware Targeting ESXi: New Play Ransomware Linux Variant Targets ESXi Shows Ties With Prolific Puma | Trend Micro (US) Magneto Credit Card Theft Malware: Attackers Abuse Swap File to Steal Credit Cards (sucuri.net) Vulnerable Ad Injecting Driver: HotPage: Story of a signed, vulnerable, ad-injecting driver (welivesecurity.com) BreachForums DataLeak Exposes Members: BreachForums v1 hacking forum data leak exposes members’ info (bleepingcomputer.com) KnowBe4 North Korean Insider: How a North Korean Fake IT Worker Tried to Infiltrate Us (knowbe4.com) Vishing Attacks: Whose Voice Is It Anyway? AI-Powered Voice Spoofing for Next-Gen Vishing Attacks | Google Cloud Blog Huntress AsyncRAT Blog: Fake Browser Updates Lead to BOINC Volunteer Computing Software | Huntress CISA KEV Additions: NVD - CVE-2024-39891 (nist.gov) NVD - CVE-2012-4792 (nist.gov) Music in order that it appears licensed via Artlist.io : Lizard by Captain Qubz Feel The Air by Ikoliks