This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- North Carolina: Around £2.1 million has been stolen from the housing agency as the US Secret Service is investigating
March 3, 2024
It is a little-known clothing firm based out of an anonymous residential street in Scotland’s biggest city, with overflowing bags and boxes of rubbish piled up outside its front door. But a Glasgow company is at the centre of a multi-million pound fraud investigation by the US Secret Service into millions of public money that was ...
- 20 million Cutout.Pro AI service users hit by massive data breach
March 2, 2024
AI-powered photo and video editing platform Cutout.Pro has become the latest victim to what has turned out to be a pretty sizeable data breach. Personal information relating to as many as 20 million users, including email addresses, hashed and salted passwords, IP addresses, and names has been exposed, prompting significant privacy and security concerns. Read more… Source: MSN ...
- LockBit cyberattack: Fulton County refuses to pay ransom as deadline passes
March 1, 2024
Fulton County leaders say they have not paid any ransom to the criminal group claiming responsibility for the cyberattack that affected several of the county’s agencies. The group LockBit had set a deadline of 8:49 a.m. on Thursday for Fulton County to pay the ransom or risk having stolen data leaked onto the dark web. This ...
- US prescription market hamstrung for 9 days (so far) by ransomware attack
March 1, 2024
Nine days after a Russian-speaking ransomware syndicate took down the biggest US health care payment processor, pharmacies, health care providers, and patients were still scrambling to fill prescriptions for medicines, many of which are lifesaving. On Thursday, UnitedHealth Group accused a notorious ransomware gang known both as AlphV and Black Cat of hacking its subsidiary, Optum. ...
- Here Come the AI Worms
March 1, 2024
In a demonstration of the risks of connected, autonomous AI ecosystems, a group of researchers have created one of what they claim are the first generative AI worms—which can spread from one system to another, potentially stealing data or deploying malware in the process. “It basically means that now you have the ability to conduct or ...
- Malicious meeting invite fix targets Mac users
March 1, 2024
Cybercriminals are targeting Mac users interested in cryptocurrency opportunities with fake calendar invites. During the attacks the criminals will send a link supposedly to add a meeting to the target’s calendar. In reality the link runs a script to install Mac malware on the target’s machine. Cybersecurity expert Brian Krebs investigated and flagged the issue. Scammers, impersonating ...