(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Enlarge / Trump denies there's any truth intelligence community claims of Russian interference in the election, claiming it could have been anyone. (credit: Chip Somodevilla | Getty Images)

President-elect Donald Trump continues to discount or attempt to discredit reports that the intelligence community has linked the hacking of the DNC, the Hillary Clinton presidential campaign, and related information operations with a Russian effort to prevent Clinton from winning the election—thus assuring Trump's victory. In his latest of a stream of tweets, Trump posted:

The hacking was brought up well before the election. And it was monitored as it was happening—by the intelligence and law enforcement communities and by private information security firms.

"CrowdStrike's Falcon endpoint technology did catch the adversaries in the act," said Dmitri Alperovitch, chief technology officer of Crowdstrike. "When the DNC brought us in to conduct an investigation in May 2016, we deployed this technology on every system within DNC's corporate network and were able to watch everything that the adversaries were doing while we were working on a full remediation plan to remove them from the network."

Read 21 remaining paragraphs | Comments

PHP 'ext/standard/var.c' Incomplete Fix Use After Free Remote Code Execution Vulnerability
Apple iOS/WatchOS/tvOS CVE-2016-7626 Memory Corruption Vulnerability
Apple iOS APPLE-SA-2016-12-12-1 Multiple Security Vulnerabilities
Apple iOS and watchOS CVE-2016-7651 Security Bypass Vulnerability
APPLE-SA-2016-12-12-1 iOS 10.2
PHP 'ext/wddx/wddx.c' NULL pointer Dereference Remote Denial of Service Vulnerability
IBM Jazz Reporting Service CVE-2016-5898 Information Disclosure Vulnerability
PHP 'ext/wddx/wddx.c' Denial of Service Vulnerability
APPLE-SA-2016-12-12-3 tvOS 10.1
APPLE-SA-2016-12-12-2 watchOS 3.1.1

Enlarge (credit: Sinchen.Lin)

A variety of Netgear router models are vulnerable to a simple hack that allows attackers to take almost complete control of the devices, security experts warned over the weekend.

The critical bug allows remote attackers to inject highly privileged commands whenever anyone connected to the local Netgear network clicks on a malicious Web link, a researcher who uses the online handle Acew0rm reported on Friday. The link, which can be disguised to appear innocuous, then injects a command that routers run as root. The devices' failure to properly filter out input included in Web requests allows attackers to run powerful shell commands. Netgear R7000, R6400, and R8000 models have been confirmed to be vulnerable, and other models, including the R7000P, R7500, R7800, R8500 R9000, have been reported by end users as being affected.

"Exploiting this vulnerability is trivial," officials with CERT, the federally funded vulnerability coordination service, warned in an advisory published Friday. "Users who have the option of doing so should strongly consider discontinuing use of affected devices until a fix is made available."

Read 3 remaining paragraphs | Comments

Multiple Sony IPELA Engine IP Cameras Unspecified Remote Code Execution Vulnerability
FFmpeg CVE-2016-7555 Information Disclosure Vulnerability
FFmpeg 'libavformat/avidec.c' Denial of Service Vulnerability
FFmpeg CVE-2016-7562 Denial of Service Vulnerability
Huawei P9 and P9 Lite CVE-2016-8776 Security Bypass Vulnerability
FFmpeg CVE-2016-7785 Denial of Service Vulnerability
Sleipnir for Mac CVE-2016-7831 Remote Security Bypass Vulnerability
Huawei Storage Products CVE-2016-8801 Remote Privilege Escalation Vulnerability
FFmpeg CVE-2016-7502 Out of Bounds Read Denial of Service Vulnerability
McAfee VirusScan Enterprise Multiple Security Vulnerabilities
Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
SIMATIC WinCC and SIMATIC PCS 7 CVE-2016-9160 ActiveX Control Security Bypass Vulnerability
QEMU 'qemu-char.c' Denial of Service Vulnerability
Multiple Netgear Routers VU#582384 Remote Command Injection Vulnerability
[SECURITY] CVE-2016-8745 Apache Tomcat Information Disclosure
[SECURITY] [DSA 3730-1] icedove security update
Internet Storm Center Infocon Status