MIS 5212-Advanced Penetration Testing

MIS 5212 - Section 001 - Wade Mackey

Fox School of Business

Richard Mu

Android Malware Secretly Recording Phone Calls and Steals Private Data

by 2 Comments

It was recently discovered that new Android Trojan variants, dubbed as “Naver Defender,” were being distributed as a fake anti-virus application. Uncovered by security researchers at Cisco Talos, them malware named as KevDroid is a ” remote administration tool (RAT) designed to steal sensitive information from compromised Android devices, as well as capable of recording phone calls.”

It was initially discovered by a South Korean cyber security firm two weeks ago. It was reported by the South Korean media to be linked to a North Korea state-sponsored hacking group.

The malware was found to be using an open source library from GitHub as well as exploiting Android flaw CVE-2015-3636 to gain root access of a compromised device.

https://nvd.nist.gov/vuln/detail/CVE-2015-3636

https://thehackernews.com/2018/04/android-spying-trojan.html

Drupal Patches Critical Bug

by Leave a Comment

Developers of Drupal recently patched two critical vulnerabilities this week in its content management system platform. The first critical vulnerability is a comment reply form bug in Drupal version 8 that granted unauthorized users access to restricted content. It allowed them to view and add comments as well as content in within restricted areas. The another vulnerability that was in Drupal 7 and 9 were a Javascript function that lead to a cross-site-scripting vulnerability.

Drupal Patches Critical Bug That Leaves Platform Open to XSS Attack

Sacramento Bee Hit with Ransomware

by 1 Comment

The Sacramento Bee, a newspaper that is published in Sacramento, was recently hit with a ransomeware in two of its databases that were on a third -party server. It was first discovered by an employee followed by a tip from a reporter. Among one of the affected databases, it contained California voter registration data that was received from the California Secretary of State for reporting purposes. The Bee is reaching out to those whose information were compromised.

https://www.darkreading.com/attacks-breaches/sacramento-bee-databases-hit-with-ransomware-attack/d/d-id/1331023