This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- The dangers of unused bank accounts and how to close them
January 26, 2024
If you’re like most people, you’ve likely got at least a few unused bank accounts floating around. However, there may be financial and security dangers associated with keeping these unused bank accounts active. Security risks of unused bank accounts Fraud exposure: Unused bank accounts can become targets for fraud. Closing these accounts minimizes the risk. Avoidance of fees: ...
- Albabat ransomware
January 26, 2024
Albabat, also known as White Bat, is a financially motivated ransomware variant written in Rust that identifies and encrypts files important to the user and demands a ransom to release them. It first appeared in November 2023 with the variant Version 0.1.0. Version 0.3.0 was released in late December, followed by version 0.3.3 in mid-January 2024. ...
- UK councils remain downed by cyberattack
January 26, 2024
Three local councils in the United Kingdom continue to experience disruption to their online services, a week after confirming a cyberattack had knocked some systems offline. The councils for Canterbury, Dover, and Thanet — all of which are based in the U.K. county of Kent and have a combined population of almost 500,000 residents — said ...
- Satellites and the specter of IoT attacks
January 26, 2024
In the vast expanse of space, satellites orbit silently, serving as the connected backbone of our modern world. A fast-proliferating network of satellites forms the critical infrastructure that supports global communication, navigation, weather forecasting, defensive operations and more. Today’s global space economy is huge, forecasted to total more than $600 billion annually in 2024. Internet of ...
- Malicious ads for restricted messaging applications target Chinese users
January 25, 2024
An ongoing campaign of malicious ads has been targeting Chinese-speaking users with lures for popular messaging applications such as Telegram or LINE with the intent of dropping malware. Interestingly, software like Telegram is heavily restricted and was previously banned in China. Many Google services, including Google search, are also either restricted or heavily censored in mainland ...
- Billion-dollar financial giant EquiLend hit by cyberattack
January 25, 2024
EquiLend, a global financial technology, data and analytics firm, suffered a cyberattack – possibly ransomware – that forced parts of its digital infrastructure offline. In a press release, EquiLend said that on January 22, 2024, its technicians identified a “technical issue that placed portions of our system offline.” Following an investigation, the company identified a cybersecurity ...