Go to listing page

Cyware Daily Threat Intelligence, March 10, 2021

Cyware Daily Threat Intelligence, March 10, 2021

Share Blog Post

March 2021 Patch Tuesday is here with a new set of security updates for several critical to important-severity vulnerabilities. Microsoft tops the list by delivering fixes for 89 vulnerabilities, 14 of which are critical. Joining the list is SAP and Adobe, which addressed various critical security flaws impacting their products. Nevertheless, Netgear does not plan to issue patches for 15 vulnerabilities found in its Business Switches as they have reached End-of-Life.

A new variant of z0Miner botnet that exploits RCE flaws in Jenkins and Elasticsearch servers is being used in the wild to mine Monero cryptocurrency. Once launched, the botnet first downloads a malicious shell script to hunt and kill previously deployed cryptominers.

Top Breaches Reported in the Last 24 Hours

Over 700 government agencies hit
An attack from Ryuk ransomware has affected more than 700 government agencies across Spain. While the agencies are working on restoring the affected systems, the officials claim that personal data, payroll, and unemployment benefits were not affected by the attack.

French hospital hit
A ransomware attack paralyzed the systems at Oloron-Sainte-Marie hospital in Southwest France. The incident took place on March 8, following which the gang is demanding a ransom of $50,000 in Bitcoin.

Video footage from security cameras at banks, jails, schools, carmaker Tesla, and other sites has been collectively hacked by a small group of hackers. The videos were later posted on Twitter with the #OperationPanoticon hashtag.

Top Malware Reported in the Last 24 Hours

z0Miner new variant
z0Miner botnet has been upgraded to take control of Jenkins and Elasticsearch servers to mine Monero. The new botnet variant is now exploiting remote code execution vulnerabilities in Elasticsearch and Jenkins servers to infect devices. When executed, the malware first downloads a malicious shell script to hunt and kill previously deployed cryptominers.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable plugin
A critical vulnerability identified in The Plus Addons for Elementor WordPress plugin is being exploited in the wild to gain administrative privileges to a website. The issue resides in one of the added widgets that provides the ability to insert user login and registration forms to Elementor pages.

Microsoft patches 89 flaws
Microsoft has addressed 89 CVEs as a part of the March Patch Tuesday updates. The updates include fixes for 14 critical flaws and 75 important-severity flaws. Four actively exploited are also part of this month’s updates.

SAP’s Patch Tuesday
SAP’s March 2021 Security Patch Day updates include nine security notes for critical vulnerabilities affecting the company’s NetWeaver Application Server (AS) and Manufacturing Integration and Intelligence (MII) products. The most severe of these is a code injection vulnerability in SAP MII. Tracked as CVE-2021-21480, the vulnerability scores 9.9 on the CVSS scale.

Vulnerable Netgear switches
A total of 15 vulnerabilities identified in Netgear Business Switches can expose organizations to remote code execution attacks. The most important of these is CVE-2020-26919, an unauthenticated RCE flaw with a CVSS score of 9.8. Netgear has no plans to address the flaws as the affected products have reached EOL.

Adobe issues patches
Adobe has delivered security updates for Connect, Creative Cloud Desktop Application, and Framemaker. One of these updates is for a critical vulnerability in Framemaker. The flaw is tracked as CVE-2021-21056 and can lead to the execution of arbitrary code if exploited.

Top Scams Reported in the Last 24 Hours

Mother’s Day scam
The U.K NCSC is warning online shoppers of scams ahead of Mother’s Day. The agency has asked users to be careful of emails and social media messages that may contain links designed to deploy malware or harvest credentials and personal information. There’s also an increased risk of sites luring users to enter their card details with massive discounts on non-existent flowers, chocolates, and other popular items.

Coinbase platform phished
Malicious actors are targeting the Coinbase platform in a new phishing campaign that attempts to steal users’ account credentials. The ultimate purpose is to steal funds from cryptocurrency wallets.


ryuk ransomware
elementor wordpress plugin
microsoft ie
oloron sainte marie hospital
netgear business switches

Posted on: March 10, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite