This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- UK: Water group made loss in wake of cyber attack
February 19, 2024
The Walsall-headquartered integrated serviced group, which operates South Staffordshire Water and Cambridge Water, posted a pre-tax loss of £23.1 million for the year to the end of March from a £7.6m profit a year earlier. The losses was put down to the impact of rising costs including on energy and chemicals, higher than expected water production ...
- Why are ransomware gangs making so much money?
February 17, 2024
For many organizations and startups, 2023 was a rough year financially, with companies struggling to raise money and others making cuts to survive. Ransomware and extortion gangs, on the other hand, had a record-breaking year in earnings, if recent reports are anything to go by. It’s hardly surprising when you look at the state of the ...
- Alpha Ransomware Emerges From NetWalker Ashes
February 16, 2024
Alpha, a new ransomware that first appeared in February 2023 and stepped up its operations in recent weeks, has strong similarities to the long-defunct NetWalker ransomware, which disappeared in January 2021 following an international law enforcement operation. The NetWalker Connection Analysis of Alpha reveals significant similarities with the old NetWalker ransomware. Both threats use a similar ...
- Microsoft Exchange vulnerability actively exploited
February 16, 2024
As it turns out, there was another actively exploited vulnerability included in Microsoft’s patch Tuesday updates for February. When Microsoft said in its update guide for CVE-2024-21410 that the vulnerability was likely to be exploited by attackers, they weren’t kidding. Soon after they changed the status to “Exploitation Detected”. The Exchange vulnerability is listed in the ...
- China: Foreign cyber spies attack information systems of key departments, enterprises, stealing sensitive data
February 16, 2024
China’s Ministry of State Security warned on Friday that in recent years, national security agencies have discovered that foreign cyber spies have continuously attacked the information systems of key departments and enterprises within China, resulting in the theft of important sensitive data and posing a threat to China’s data security and cybersecurity. The ministry released an ...
- Android/SpyNote Moves to Crypto Currencies
February 15, 2024
Like much Android malware today, this malware abuses the Accessibility API. This API is used to automatically perform UI actions. For example, the malicious sample uses the Accessibility API to record device unlocking gestures. Newer, this SpyNote sample uses the Accessibility API to target famous crypto wallets. Read more… Source: Fortinet