This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- Cyber Attacks and the Risk of Real War: A NATO Perspective
June 5, 2024
The possibility of a cyber-attack on any NATO member country escalating into a real war is a pressing concern. This question is particularly relevant as the US-led North Atlantic Treaty Organization (NATO) has started establishing ‘cyber labs’ in countries bordering Russia, signalling an increased focus on cyber defence. At the recent Shangri-La Dialogue (31 May-2 June) ...
- Big name TikTok accounts hijacked after opening DM
June 5, 2024
High profile TikTok accounts, including CNN, Sony, and—er—Paris Hilton have been targeted in a recent attack. CNN was the first account takeover that made the news, with Semafor reporting that the account was down for several days after the incident. According to Forbes, the attack happens without the account owner needing to click on or open ...
- AI jailbreaks: What they are and how they can be mitigated
June 4, 2024
Generative AI systems are made up of multiple components that interact to provide a rich user experience between the human and the AI model(s). As part of a responsible AI approach, AI models are protected by layers of defense mechanisms to prevent the production of harmful content or being used to carry out instructions that go ...
- Debt collection agency FBCS leaks information of 3 million US citizens
June 4, 2024
The US debt collection agency Financial Business and Consumer Solutions (FBCS) has filed a data breach notification, listing the the total number of people affected as 3,226,631. FBCS is a nationally licensed, third-party collection agency that collects commercial and consumer debts, with most of its activity involving the recovery of consumer debts on behalf of creditors. ...
- Scammers Defraud Individuals via Work-From-Home Scams
June 4, 2024
The FBI warns of scammers offering victims fake work-from-home jobs, typically involving a relatively simple task, such as rating restaurants or “optimizing” a service by repeatedly clicking a button. The scammers pose as a legitimate business, such as a staffing or recruiting agency,and may contact victims via an unsolicited call or message. Scammers design the fake ...
- The Dreaded Network Pivot: An Attack Intelligence Story
June 4, 2024
Rapid7 recently released our 2024 Attack Intelligence Report, a 14-month deep dive into the vulnerability and attacker landscape. The spiritual successor to their annual Vulnerability Intelligence Report, the AIR includes data from the Rapid7 research team combined with their detection and response and threat intelligence teams. It is designed to provide the clearest view yet into ...