Compromised Microsoft Exchange Server Used to Host Cryptominer

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2021-24028
PUBLISHED: 2021-04-14

An invalid free in Thrift’s table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00.

CVE-2021-29370
PUBLISHED: 2021-04-13

A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1.2.0 due to the inadequate filter of the intent scheme. This resulted in Cross-site scripting on the cheetah browser in any website.

CVE-2021-3460
PUBLISHED: 2021-04-13

The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker.

CVE-2021-3462
PUBLISHED: 2021-04-13

A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver’s device object.

CVE-2021-3463
PUBLISHED: 2021-04-13

A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error.

Read More HERE

Leave a Reply