1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Microsoft warns critical GoAnywhere security bug is being exploit

    From TechnologyDaily@1337:1/100 to All on Tue Oct 7 13:30:08 2025
    Microsoft warns critical GoAnywhere security bug is being exploited by ransomware gang, so be on your guard

    Date:
    Tue, 07 Oct 2025 12:18:00 +0000

    Description:
    GoAnywhere bug was discovered and patched weeks ago, but crooks are still using it to drop encryptors.

    FULL STORY ======================================================================CVE-2025 -10035 in GoAnywhere MFT is being exploited by ransomware group Storm-1175 Vulnerability enables unauthenticated remote code execution; Medusa
    ransomware was deployed in at least one case Patch released September 18;
    over 500 instances remain exposed, urging immediate upgrades or mitigation

    Microsoft is warning that a ransomware group is exploiting a maximum-severity vulnerability recently found in GoAnywhere Managed File Transfer (MFT).

    Fortra recently said it discovered and patched a deserialization
    vulnerability in the License Servlet of GoAnywhere MFT , a tool that helps businesses send and receive files securely.

    The flaw, tracked as CVE-2025-10035, and granted the maximum severity score (10/10 - critical) allows threat actors with a validly forged license
    response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection. Storm-1175

    Soon after, security researchers WatchTowr Labs reported finding credible evidence that the bug was being used as a zero-day, as early as September 10. However, at the time, there was no talk of attribution - we didnt know who used the bug, for what purpose, and against which businesses.

    Now, Microsoft released a new report, pointing the finger at a threat actor
    it tracks as Storm-1175.

    Microsoft Defender researchers identified exploitation activity in multiple organizations aligned to tactics, techniques, and procedures (TTPs)
    attributed to Storm-1175, Microsoft said in the report. Related activity was observed on September 11, 2025.

    Microsoft also said the group used the vulnerability to infect its targets with the Medusa ransomware strain.

    Ultimately, in one compromised environment, the successful deployment of Medusa ransomware was observed, it concluded.

    The patch for the vulnerability was released on September 18, but its safe to assume that not all of them have already been fixed. The Shadowserver Foundation says there are currently more than 500 GoAnywhere MFT instances exposed online, but its unclear how many of those are patched.

    The best way to protect against the attacks is to upgrade to a patched version, either the latest release (7.8.4), or the Sustain Release 7.6.3.

    Those who cannot patch at this time can remove GoAnywhere from the public internet through the Admin Console, and those who suspect they may have been targeted should inspect log files for errors containing the string 'SignedObject.getObject,'.

    Via BleepingComputer You might also like Red Hat confirms major data breach after hackers claim mega haul Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/microsoft-warns-critical-goanywhere-sec urity-bug-is-being-exploited-by-ransomware-gang


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)