Cyware Daily Threat Intelligence November 17, 2017

Lamberts toolkit
The malicious toolkit is said to be active since 2008. However, they have been used in many sophisticated attacks on high profile victims. The Lamberts have support for both Windows and OSX that include harmful tools like network-driven backdoors, several generations of modular backdoors, harvesting tools, and wipers.

J. Sterling ransomware
A work-in-progress ransomware named J. Sterling ransomware has been discovered to be targeting high school students of the J. Sterling Morton school district in Cicero, Illinois. The malware comes in the garb of a student survey. Flawed Apache CouchDB
The database had been plagued with vulnerabilities that could be exploited by hackers to execute remote codes. Vulnerabilities for CouchDB were found in npm registry which is a package manager for JavaScript. Users should upgrade to CouchDB 1.7.1 or 2.1.1.

Cisco Voice operating system vulnerability
Recently, the vulnerability in Cisco’s key products having Cisco Voice Operating System led the networking giant to warn its customers about the flaw. A vulnerability found in the platform allows remote, unauthenticated attacker to gain access. There is no workaround available for this vulnerability yet. Users are advised to update the software to stay safe.

BlueBorne attack
The Bluetooth feature of a device is being exploited by hackers to penetrate and take complete control over targeted devices. BlueBorne affects ordinary computers, mobile phones, and the expanding realm of IoT devices. Although Google and Amazon have released patches, still a vast bulk of devices are unaddressed. Forbes’ attendee info leaked
Forbes is conducting an event to celebrate the Forbes’ Under 30 list recognizing young, smart people with exceptional talent in their field. However, the website that hosted the attendee information unknowingly leaked their personal information too until it was later fixed by Forbes. This was due to a poorly conceived onboarding process which allowed the information to be visible.

Cash Converters hacked
Cash Converters — high street moneylender and pawnbroker — has launched an investigation after discovering a data breach impacting UK customer records. The stolen information was reportedly taken from a recently decommissioned website. The culprits are currently holding the data to ransom.

Nigerian sentenced for tax fraud
A Nigerian man named Michael Oluwasegun Kazeem has been sentenced to seven years in federal prison. He is convicted of gaining over $11 million via an identity-theft scheme from the Internal Revenue Service (IRS).