This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- Boeing confirms ransomware attack as stolen data released by cybercrime gang Lockbit
November 11, 2023
Stolen data from American aircraft manufacturer Boeing has been released online by the cybercrime gang, Lockbit, according to the group’s website. Boeing confirmed a cybersecurity incident involving elements of its parts and distribution business. “We are aware that, in connection with this incident, a criminal ransomware actor has released information it alleges to have taken from ...
- Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518
November 10, 2023
On October 31, 2023, Atlassian published an advisory on CVE-2023-22518, an Improper authorization vulnerability involving the Confluence Data Center and Server. Initially reported to cause data loss, it was eventually revealed that exploiting this vulnerability allows unauthorized users to reset and create a Confluence instance administrator account, allowing them to perform all admin privileges available to ...
- YouTube shows ads for ad blocker, financial scams
November 10, 2023
After performing local experiments for a few months, YouTube recently expanded its effort to block ad blockers. The move was immediately unpopular with some users, and raised some questions in Europe about whether it was breaking privacy laws. In addition, there are some still some fundamental issues that have some people concerned. In this blog post, ...
- Ducktail fashion week
November 10, 2023
Ducktail is a malware family that has been active since the second half of 2021 and aims to steal Facebook business accounts. Kaspersky Daily Iran, WithSecure, and GridinSoft have all covered Ducktail attacks: the infostealer spread under the guise of documents relating to well-known companies’ and brands’ projects and products. The group behind the Ducktail attacks presumably ...
- CVE-2023-5950 Rapid7 Velociraptor Reflected XSS
November 10, 2023
This advisory covers a specific issue identified in Velociraptor and disclosed by a security code review. CVSS · HIGH · 8.6/10 · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L Scoring scenario: GENERAL AattackVector: NETWORK AttackComplexity: LOW PrivilegesRequired: NONE Read more… Source: Rapid7
- U.S. arm of China mega-lender ICBC hit by ransomware attack
November 10, 2023
The U.S. arm of China’s largest bank said Thursday that it was hit by a ransomware attack, forcing clients to reroute trades and disrupting the U.S. Treasury market. Ransomware attacks typically access vulnerable computer systems and encrypt or steal data, before sending a ransom note demanding payment in exchange for decrypting the data or not releasing ...