Go to listing page

Cyware Daily Threat Intelligence, March 25, 2021

Cyware Daily Threat Intelligence, March 25, 2021

Share Blog Post

Vulnerable and unpatched plugins pose a serious security problem, creating a gold mine for cybercriminals. In the past 24 hours, security experts have found threats affecting the Ultimate GDPR & CCPA Compliance Toolkit and Thrive Themes plugins for WordPress. While the former is being targeted by a Golang-based botnet that could let attackers redirect traffic to a malicious website, the latter is being actively exploited in the wild to upload arbitrary files on vulnerable WordPress sites.

Researchers also got hold of over 100 indicators for the infrastructure behind a new variant of Agent Tesla that is capable of stealing information via HTTP, SMTP, and FTP. The first attack campaign involving this variant was observed in November 2020.

Top Malware Reported in the Last 24 Hours

New Golang bot
A botnet written in Golang has been found scanning the Ultimate GDPR & CCPA Compliance Toolkit plugin for a critical vulnerability that lets attackers redirect traffic to a malicious website. The flaw affects plugin version 2.4 and lower. The developers fixed the issue on January 28, 2021.

Agent Tesla evolves
A new version of Agent Tesla includes capabilities to steal information via HTTP, SMTP, or FTP. Researchers have observed more than 100 indicators related to the infrastructure that is used to deliver the malware variant.  

Top Vulnerabilities Reported in the Last 24 Hours

Unpatched Thrive Themes plugin targeted
Attackers are actively exploiting the unpatched Thrive Themes plugin that is vulnerable to two remote code vulnerabilities. The most critical of the two flaws score 10 out of 10 on the CVSS scale. It is estimated that more than 100,000 WordPress sites using the plugin are vulnerable to the attack.
Flawed 5G network
A serious security flaw has been detected in the architecture of 5G network slicing and virtualized network functions. The vulnerability has the potential to allow data access and denial of service attacks between different mobile operators using the 5G network.

Cisco addresses a flaw
Cisco has addressed a critical arbitrary program execution vulnerability impacting several versions of Cisco Jabber client software. The flaw tracked as CVE-2021-1411, is caused by improper input validation of the contents of incoming messages.  

Top Scams Reported in the Last 24 Hours

National Insurance scam
The U.K’s National Fraud & Cyber Crime Reporting Center is warning citizens about a National Insurance scam that targets their PII. The scam works by victims receiving automated phone calls mentioning that their National Insurance number has been exposed. Once connected, the scammers urge them to provide their personal details to receive a new number. 

Fake renewal notification scam
A scam that spoofs popular brand names, including Malwarebytes, is scaring users with fake renewal notifications. Active for several months, the scam is propagated via emails that include fake invoices.


agent teslamalware
thrive themes plugin
national insurance scam
ultimate gdpr ccpa compliance toolkit plugin
golang bot

Posted on: March 25, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.