Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Go

TellYouThePass Ransomware Analysis Reveals a Modern Reinterpretation Using Golang

The TellYouThePass ransomware family was recently reported as a post-exploitation malicious payload used in conjunction with a remote code execution vulnerability in Apache Log4j library, dubbed Log4Shell. TellYouThePass was first reported in early 2019 as a financially motivated ransomware designed to encrypt files and demand payment for restoring them. Targeting both Windows and Linux systems, TellYouThePass ransomware re-emerged in mid-December 2021 along with other ransomware like Khonsari.

AT&T Alien Labs finds new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits

AT&T Alien Labs™ has found new malware written in the open source programming language Golang. Deployed with more than 30 exploits, it has the potential of targeting millions of routers and IoT devices.

Snyk Code adds Go security scanning (beta)

Snyk Code was launched at the beginning of 2021, and since then it has come a long way in a short time. As a developer-first security tool, it offers an intuitive UI and CLI, embeds in popular IDEs, provides actionable fix recommendations, and scans with industry-leading, real-time speeds and high accuracy. On top of that, it’s all backed by ML-driven algorithms that learn from the global developer community, growing its robust knowledge base exponentially.

Building Secure Go Projects with Free Vulnerability Scanning in VSC Code

Go 1.13 introduced important security features to Go Modules including a checksumdb that verifies that your dependencies haven’t been tampered with. While the integrity of the data can be verified this way - Go Modules can still have security vulnerabilities. Join this webinar to watch a technical walkthrough on how to keep your Go Modules secure.

Detecting, Reporting and Mitigating Vulnerabilities for Go Modules

Go Module vulnerabilities frustrate the lives of many Go developers and can turn a simple project into a battle of endurance between the dev and their patience. With the process of CI/CD shifting left more and more, it’s becoming even more pertinent for developers to be able to track and report vulnerabilities as early as possible. JFrog GoCenter can help track and mitigate vulnerabilities and make the lives of Go developers easier.

Free Go Module Vulnerability Scanning in Visual Studio Code

If you’re a Golang developer using Visual Studio Code, keeping at-risk Go Modules out of your apps just got easier, and for free. Today we’re announcing a new version of the JFrog extension for VS Code, available for free download. This integration brings live vulnerability information about every public Go Module you’re using directly into your source editor from the rich metadata of JFrog GoCenter.

Security in Go Modules and Vulnerabilities in GoCenter at GoSF Meetup in San Francisco

Deep Datta from the JFrog Community Team shares his learnings about Go 1.13 introducing important security features to Go Modules including a checksumdb. He explains how this works and provides information on other tools in GoCenter that keep modules secure include vulnerability scanning and Jfrog Xray.

How we tracked down (what seemed like) a memory leak in one of our Go microservices

The backend developer team at Detectify has been working with Go for some years now, and it’s the language chosen by us to power our microservices. We think Go is a fantastic language and it has proven to perform very well for our operations. It comes with a great tool-set, such as the tool we’ll touch on later on called pprof. However, even though Go performs very well, we noticed one of our microservices had a behavior very similar to that of a memory leak.