Telegram EvilVideo, PlayRansomWare targets ESXi, and a North Korean Infiltration Attempt

Cybersecurity Digest for 24 July 2024

Today we discuss the following items:

Crowdstrike Stealer:
Threat Actor Uses Fake Recovery Manual to Deliver Unidentified Stealer (crowdstrike.com)

ESET’s EvilVideo Discovery
Cursed tapes: Exploiting the EvilVideo vulnerability on Telegram for Android (welivesecurity.com)

TrendMicro’s Playransomware Targeting ESXi:
New Play Ransomware Linux Variant Targets ESXi Shows Ties With Prolific Puma | Trend Micro (US)

Magneto Credit Card Theft Malware:
Attackers Abuse Swap File to Steal Credit Cards (sucuri.net)

Vulnerable Ad Injecting Driver:
HotPage: Story of a signed, vulnerable, ad-injecting driver (welivesecurity.com)

BreachForums DataLeak Exposes Members:
BreachForums v1 hacking forum data leak exposes members’ info (bleepingcomputer.com)

KnowBe4 North Korean Insider:
How a North Korean Fake IT Worker Tried to Infiltrate Us (knowbe4.com)

Vishing Attacks:
Whose Voice Is It Anyway? AI-Powered Voice Spoofing for Next-Gen Vishing Attacks | Google Cloud Blog

Huntress AsyncRAT Blog:
Fake Browser Updates Lead to BOINC Volunteer Computing Software | Huntress


CISA KEV Additions:
NVD - CVE-2024-39891 (nist.gov)
NVD - CVE-2012-4792 (nist.gov)


Music in order that it appears licensed via Artlist.io : 
Lizard by Captain Qubz
Feel The Air by Ikoliks