New Golang Worm Targets MySQL, Jenkins, Oracle WebLogic and other Public Services

Golang Worm

Golang Worm Overview This report is about a new Golang worm analyzed by Intezer. The Golang worm malware affects both Windows and Linux servers.  It has targeted a variety of public services including MySQL, TomCat, Jenkins, and Oracle WebLogic. At this time no specific threat actor has been named. The goal of Golang worm appears […]

Zyxel Firewall Backdoor Vulnerability CVE-2020-29583

Golang Worm

Zyxel Firewall Vulnerability CVE-2020-29583 This report is about a high severity vulnerability affecting Zyxel firewalls and AP controllers.  A hardcoded credential vulnerability was identified in the “zyfwp” user account in some Zyxel firewalls and AP controllers.  The account was designed to deliver automatic firmware updates to connected access points through FTP.  There are patches available […]

Multiple Dell ThinOS Vulnerabilities

Golang Worm

Dell Wyse ThinOS Vulnerabilities Overview This report is about two high value vulnerabilities affecting Dell Wyse ThinOS. The Dell thin client vulnerabilities allow remote attackers with the possibility to gain initial access to the network and can provide some lateral movement opportunities. There are patches available for these vulnerabilities on the vendor’s website. Tactics, Techniques […]

SunBurst Backdoor and Malware Campaign

Golang Worm

SunBurst Backdoor Overview This report is about the recently disclosed SunBurst backdoor and the related malware campaign. The malware campaign has been attributed to APT29, a GRU (Main Intelligence Directorate) Russian military cyber unit. The malware is distributed through an advanced supply chain attack designed to compromise both government and non-government entities via SolarWinds Orion, a widely […]

SolarWinds Orion Compromise Guidance

Golang Worm

SolarWinds Orion Compromise This threat report is about the SolarWinds Orion platform compromise and contains information pertinent to security operations teams that have the specific version of SolarWinds Orion deployed in their environment.  SolarWinds Orion is a widely-deployed IT management and monitoring platform used by IT organizations across many industries. The supply chain nature of […]

CVE-2020-27130 Cisco Security Manager Vulnerability

Golang Worm

CISCO Backdoor Malware Overview This report is about a critical Cisco Security Manager path traversal vulnerability that is being tracked as CVE-2020-27130. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to gain access to sensitive data and download files from the targeted device. Cisco has released software updates that remediate this vulnerability […]

Latest Phishing Campaigns Target Google, Adobe and WebEx

Golang Worm

Overview: Latest Phishing Campaigns Impersonating Common Applications This report is an overview of recent phishing campaigns targeting Google, Adobe and WebEx. Phishing is one of the most common initial attack vectors for malware, including ransomware like Ryuk. Tactics, Techniques, and Procedures Research by Armorblox reveals a pattern wherein bad actors utilize services like Google Forms, […]

PyXie Distributing Ransomware Tools Targeting Healthcare, Education, Government and Technology Companies

Golang Worm

PyXie Overview This report is about PyXie Group’s advanced ransomware campaign. The bad actor has developed three different notable tools each providing a means to an end by the financially motivated group. The focus of the PyXie group is distributing ransomware across various sectors including healthcare, education, government, and technology. Tactics, Techniques, and Procedures PyXie’s […]

Multiple Oracle WebLogic Server Vulnerabilities Remotely Exploitable without Authentication

Golang Worm

Overview: Oracle WebLogic Server Vulnerabilities This report outlines vulnerabilities in Oracle WebLogic Server disclosed in the Critical Patch Update Advisory released on October 20, 2020. WebLogic Server is a platform for building Java applications either for internal or cloud deployment. Many of the vulnerabilities listed were given a CVSS score of 9.8 out of 10, […]

RYUK is Back and Actively Targeting U.S.-based Healthcare Organizations

Golang Worm

This week, the United States FBI, HHS, DHS, and CISA each released critical information regarding Ryuk, an imminent ransomware threat actor actively targeting U.S.-based healthcare organizations. Ryuk The operators of Ryuk are a sophisticated and fast-moving Ransomware-as-a-Service crime syndicate using the ransomware variant known as ‘Ryuk ‘. This crime syndicate has reported collected more than […]