Enlarge / The bear is back. It never went away.

US intelligence agencies have been forthright in their insistence that the Russian government was behind not only the hacking of the Democratic National Committee (DNC) and other political organizations in the US, but a concerted effort to undermine confidence in the results of the US presidential election, including attacks on state election officials' systems. But the US is not the only country that the Russian government has apparently targeted for these sorts of operations—and the methods used in the DNC hack are being applied increasingly in attempts to influence German politics, Germany's chief of domestic intelligence warned yesterday.

In a press release issued on December 8, Germany's Bundesamt für Verfassungsshutz (BfV)—the country's domestic intelligence agency—warned of an ever-mounting wave of disinformation and hacking campaigns by Russia focused on increasing the strength of "extremist groups and parties" in Germany and destabilizing the German government. In addition to propaganda and disinformation campaigns launched through social media, the BfV noted an increased number of "spear phishing attacks against German political parties and parliamentary groups" using the same sort of malware used against the Democratic National Committee in the US.

The statement from the BfV came on the same day that Alex Younger, the chief of the United Kingdom's Secret Intelligence Service (MI6) made more veiled references to disinformation and hacking campaigns. In remarks Younger delivered at Vauxhall Cross, MI6 headquarters, he warned of the mounting risks posed by "hybrid warfare."

Read 6 remaining paragraphs | Comments

Cisco Unified Communications Manager IM and Presence Service Information Disclosure Vulnerability
Cisco Firepower Management Center and FireSIGHT System Software Security Bypass Vulnerability
Multiple Cisco Products CVE-2016-9207 Security Bypass Vulnerability
Cisco AsyncOS Software CVE-2016-9202 Cross Site Scripting Vulnerability
Asterisk Open Source AST-2016-008 Denial of Service Vulnerability
Cisco Emergency Responder CVE-2016-9208 Directory Traversal Vulnerability
Asterisk Open Source and Certified Asterisk 'chan_sip' Driver Authentication Bypass Vulnerability
Cisco Unified Communications Manager CVE-2016-9206 Cross Site Scripting Vulnerability
Cisco AsyncOS Software CVE-2016-1411 Man in the Middle Security Bypass Vulnerability
Cisco IOS and IOS XE Software CVE-2016-9199 Directory Traversal Vulnerability
Cisco Emergency Responder CVE-2016-6468 Cross Site Request Forgery Vulnerability
MSIE 9 MSHTML CElement::Has­Flag memory corruption
Multiple Moxa MiiNePort Products Information Disclosure and Security Bypass Vulnerabilities
Sauter NovaWeb Web HMI CVE-2016-5782 Authentication Bypass Vulnerability
A850 Telemetry Gateway Base Station CVE-2016-2274 Cross Site Scripting Vulnerability
INTERSCHALT VDR G4e CVE-2016-9339 Directory Traversal Vulnerability
PHP FormMail Generator VU#494015 Multiple Security Vulnerabilities
AST-2016-009: <br>
Symantec VIP Access Desktop Arbitrary DLL Execution
Symantec VIP Access Desktop DLL Loading CVE-2016-6593 Local Code Execution Vulnerability
AST-2016-008: Crash on SDP offer or answer from endpoint using Opus
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Cisco IOS and IOS XE Software CVE-2016-6474 Authentication Bypass Vulnerability
Cisco AsyncOS CVE-2016-6469 Remote Denial of Service Vulnerability

Enlarge (credit: Klaus with K)

A former IT specialist at Expedia has admitted he used his privileged position to access executives' e-mails in an insider stock-trading scheme that netted almost $330,000 in illegal profits, prosecutors said.

During the two-year span that Jonathan Ly, 28, of San Francisco, worked at the online travel service, he accessed e-mail accounts belonging to the company's chief financial officer, head of investor relations, and other high-ranking employees, prosecutors with the US attorney's office in Seattle alleged in a criminal complaint filed late last week. The correspondence included upcoming earnings reports, a draft of an upcoming press release announcing Justice Department approval of Expedia's acquisition of competitor Orbitz, and other stock-moving developments that weren't yet public. Ly used the information to buy Expedia stock at a low price and then sell it after the disclosures went public at a much higher price.

"Beginning in 2013, and continuing through October 2015, Ly secretly and fraudulently accessed the contents of Expedia executives' computer files and corporate e-mail accounts in order to obtain material, non-public, and proprietary information belonging to Expedia without the knowledge and permission of the executives or Expedia," the complaint alleged. "Ly fraudulently obtained the information in order to execute a series of well-timed and lucrative securities trades in Expedia options. As a result of his scheme, Ly obtained through his securities trades net profits in excess of $331,000."

Read 4 remaining paragraphs | Comments

QEMU '/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c' Denial of Service Vulnerability
Cisco AnyConnect Secure Mobility Client CVE-2016-9192 Local Privilege Escalation Vulnerability
Cisco ASR 5000 Series Aggregation Services Routers CVE-2016-6467 Denial of Service Vulnerability
Cisco Web Security Appliance CVE-2016-9212 Remote Security Bypass Vulnerability
Internet Storm Center Infocon Status