The K7Sentry.sys kernel mode driver (aka K7AV Sentry Device Driver) before 12.8.0.119, as used in multiple K7 Computing products, allows local users to cause a denial of service (NULL pointer dereference) as demonstrated by a filename containing “crashme$$”.
Monthly Archives: December 2014
CVE-2014-8956
Stack-based buffer overflow in the K7Sentry.sys kernel mode driver (aka K7AV Sentry Device Driver) before 12.8.0.119, as used in multiple K7 Computing products, allows local users to execute arbitrary code with kernel privileges via unspecified vectors.
CVE-2014-9374
Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame.
Kaspersky: Mobile & Bitcoin Attacks Increase, Online Threats Down – Bank Systems & Technology
Hackers Hit Banks as Everyone Spies on Everyone, Kaspersky Says – Bloomberg
Nation-backed Malware Targets Diplomats’ iPhones, Androids, and PCs – Ars Technica
Linux Systems Caught In Targeted Attack Crosshairs – CRN
Why it’s So Hard to Calculate the Cost of the Sony Pictures Hack – The Washington Post
Sony Malware May be Linked to Other Damaging Attacks: Researchers – Reuters
POODLE vulnerability found to also bite TLS encryption
When it was first uncovered back in October, researchers believed that only sites using SSL 3.0 were vulnerable to the POODLE, but now it appears certain implementations of TLS could be compromised using a similar exploit, according to ZDNet.
The post POODLE vulnerability found to also bite TLS encryption appeared first on We Live Security.