This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- Singapore OSV player Vallianz hit by cyber attack
December 30, 2024
Singapore OSV owner and operator Vallianz has been hit by a cyberattack that has allowed an unknown party unauthorised access to the company’s servers. Upon discovering the ransomware incident, the firm – and its parent company Rawabi Holding Company Limited – took immediate action to identify, contain, and address the incident with the help of external ...
- Cyber attack on Italy’s Foreign Ministry, airports claimed by pro-Russian hacker group
December 28, 2024
Hackers targeted around ten official websites in Italy on Saturday, including the websites of the Foreign Ministry and Milan’s two airports, putting them out of action temporarily, the country’s cyber security agency said. The pro-Russian hacker group Noname057(16) claimed the cyber attack on Telegram, saying Italy’s “Russophobes get a well deserved cyber response”. Read more… Source: MSN News Sign ...
- Record-breaking ransoms and breaches: A timeline of ransomware in 2024
December 27, 2024
It was another record-breaking year for ransomware. When file-locking malware wasn’t causing widespread disruption, like downing online services and lasting outages, ransomware was the cause of unprecedented data theft attacks affecting hundreds of millions of people, in some cases for life. While governments have struck some rare wins against ransomware hackers over the past 12 months, ...
- Data breach at IDHS compromises 1M customers
December 26, 2024
On April 25, the Illinois Department of Human Services (IDHS) experienced a privacy breach. An outside entity, through a phishing campaign, gained access to multiple employee accounts, and files associated with the accounts. The files included the Social Security numbers (SSNs) of 4,701 customers and three employees. Separately, public assistance account information (name, public assistance account ...
- Cyberattack on JAL delays some flights, disrupts operations
December 26, 2024
Japan Airlines announced on Dec. 26 that its computer network was hit by a cyberattack, which delayed some flights while the company worked to restore the system and resume normal operations. According to JAL, the cyberattack caused a heavy access load to the network equipment connecting internal and external offices from 7:24 a.m. that morning. The ...
- Analyzing Malicious Intent in Python Code – A Case Study
December 23, 2024
Fortinet’s AI-driven OSS malware detection system recently identified two malicious packages: Zebo-0.1.0 on November 16, 2024, and Cometlogger-0.1 on November 24, 2024. Malicious software often masquerades as legitimate code, hiding its harmful features behind complex logic and obfuscation. In this analysis, Fortinet researchers examine the Python scripts behind these two packages, outline their malicious behaviors, and provide ...