Table of Contents

  1. Privacy
    1. Moscow Cops Sell Access to City CCTV
    2. Send your fingerprints to FBI for free
    3. The FBI also recommends people to secure IoT devices
    4. In China, you need an account to get toilet paper in the station
  2. Crime
    1. Clever Microsoft Phishing Scam Creates a Local Login Form
    2. Newly discovered Mac malware uses “fileless” technique to remain stealthy.
    3. Ransomware at Colorado IT Provider Affects 100+ Dental Offices
    4. 20 Low-End VPS Providers Suddenly Shutting Down In a 'Deadpooling' Scam
    5. BMW Infiltrated by Hackers Hunting for Automotive Trade Secrets
  3. Windows
    1. Someone found a way to bypass Windows 7 Extended Security Update checks
  4. Politics
    1. Reddit Bans 61 Accounts, Citing 'Coordinated' Russian Campaign
    2. China tells government offices to remove all foreign computer equipment
  5. Exploit development
    1. Full chain exploit for CVE-2019-11708 & CVE-2019-9810
    2. UAC Bypass by Mocking Trusted Directories

Privacy

Moscow Cops Sell Access to City CCTV

Facial Recognition Data with about $470/5 days access, Russian government officials sell their credentials from the 3000 city surveillance cameras, with facial recognition capability.

Send your fingerprints to FBI for free

You can submit your own fingerprints in the post offices to be sent directly to FBI for identity check.

FBI also recommends people to secure IoT devices

The FBI has warned about smart TVs, and now they warn about all kinds of IoT devices, how to secure them, and to put them in a separate network than ones containing sensitive data.

In China, you need an account to get toilet paper in the station

You need to have a phone, scan the QR code, create an account, just to be able to take a shit in China train station….

Crime

Clever Microsoft Phishing Scam Creates a Local Login Form

This new phishing campaign uses an interesting technique to hide, namely it is generated locally using obfuscated JavaScript code after thousands of new lines after the
<!-- Internal Server Error --> message. Technical analysis

Newly discovered Mac malware uses “fileless” technique to remain stealthy.

North Korean hackers (Lazarus group) have started using fileless malware to infect Apple computers, with focus on cryptocurrency. It runs as root, and loads MACH-O directly in memory. Technical analysis.

Ransomware at Colorado IT Provider Affects 100+ Dental Offices

Dental offices in Colorado have been affected by a ransomware attack which exploits a severe vulnerability in Oracle WebLogic.

20 Low-End VPS Providers Suddenly Shutting Down In a 'Deadpooling' Scam

At least 20 different cheap VPN providers managed by the same entity has shut down unexpectedly after the Black Friday and Cyber Monday deals.

BMW Infiltrated by Hackers Hunting for Automotive Trade Secrets

BMW's security team has discovered a compromised machine in their network, in which they decided to monitor it rather than it shutting down. They claim no sensitive data was stolen. Hyuandai networks were also under the attack of the same campaign.

Windows

Someone found a way to bypass Windows 7 Extended Security Updates checks

Even though the Windows 7 support ends, many users still don't want to update to Windows 10, and they have found out a way to get the extended security updates available for enterprises, thus delaying the upgrade process even longer. Looks like Windows 7 is the new XP.

Politics

Reddit Bans 61 Accounts, Citing 'Coordinated' Russian Campaign

In a UK Vote Reddit has discovered and blocked a coordinated campaign originating from Russia trying to manipulate UK elections.

China tells government offices to remove all foreign computer equipment

China has ordered to remove all of the foreign hardware from all government offices and public institutions withing three years.

Exploit development

Full chain exploit for CVE-2019-11708 & CVE-2019-9810

This is a full browser compromise exploit chain (CVE-2019-11708 & CVE-2019-9810) targeting Firefox on Windows 64-bit. It uses CVE-2019-9810 for getting code execution in both the content process and the parent process as well as CVE-2019-11708 to trick the parent process into browsing to an arbitrary URL.

UAC Bypass by Mocking Trusted Directories

UAC can be bypassed by abusing Windows filesystem properties when directly calling the kernel API, it's possible to create a C:\Windows \System32\\ folder (notice the space after Windows), and place malicious executable files or scripts, that will be considered trusted by the Windows kernel.