This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- ‘Lazy’ broadband engineers blamed for exposing hospitals and banks to cyber attacks
January 2, 2024
Hospitals and banks are more exposed to cyber attacks because “lazy” broadband engineers are failing to fill in crucial forms, it has been alleged. Industry sources warned of a “Wild West” among contractors who are not handing over information about when and where they are working on BT’s network. Read more… Source: MSN News
- Cyber-hackers target UK nuclear waste company RWM
December 31, 2023
Hackers have targeted the company behind a £50bn project to build a vast underground nuclear waste store in Britain, its developer has said. Radioactive Waste Management, the company behind the Geological Disposal Facility (GDF) project, has said that hackers unsuccessfully attempted to breach the business using LinkedIn. RWM is the government-owned entity behind a trio of ...
- Mint Mobile reveals another major data breach
December 29, 2023
American mobile virtual network operator (MVNO) Mint Mobile has confirmed suffering a data breach affecting an unknown number of its customers. The company revealed the news in an email sent to its customers, in which it explained “We are writing to inform you about a security incident we recently identified in which an unauthorized actor obtained ...
- 2023’s badly handled data breaches
December 29, 2023
Last year, researchers compiled a list of 2022’s most poorly handled data breaches, looking back at the bad behavior of corporate giants when faced with hacks and breaches. That included everything from downplaying the real-world impact of spills of personal information to failing to answer basic questions. Turns out this year, many organizations continue to make ...
- EasyPark data breach may affect millions of customers
December 29, 2023
EasyPark has confirmed it was hit in a cyberattack that saw customer data breached and revealed online. The company, which runs apps to help people find parking spots, said in an alert to customers that it discovered the breach on December 10 2023. Read more… Source: Yahoo News
- India: Forensic investigation reveals repeated use of Pegasus spyware to target high-profile journalists
December 28, 2023
Amnesty International, in partnership with The Washington Post, has unearthed shocking new details about the continued use of NSO Group’s highly invasive spyware Pegasus to target prominent journalists in India, including one who had previously been a victim of an attack using the same spyware. The Security Lab recovered evidence of a zero-click exploit which was ...