This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- QR codes in email phishing
September 27, 2023
QR codes are everywhere: you can see them on posters and leaflets, ATM screens, price tags and merchandise, historical buildings and monuments. People use them to share information, promote various online resources, pay for their goodies, and pass verification. And yet you don’t see lots of QR codes in email: users often read messages on ...
- 10 new vulnerabilities disclosed by Talos, including use-after-free issue in Google Chrome
September 27, 2023
Cisco Talos disclosed 10 vulnerabilities over the past two weeks affecting a range of software, including the popular Google Chrome web browser. Attackers could exploit these vulnerabilities to carry out a variety of attacks, in some cases gaining the ability to execute remote code on the targeted machine. Read more… Source: Cisco Talos
- Czechia: University of Defence victim of cyber-attack
September 27, 2023
Czechia’s University of Defence was the victim of a cyber-attack, with hackers evidently stealing data from the institution’s rector, iRozhlas.cz reported on Wednesday. The news website said the Municipal State Prosecutor’s Office in Brno was looking into the matter. A spokesperson for the National Cyber and Information Security Agency said it would not comment on the ...
- NSA, FBI, CISA, and Japanese Partners Release Advisory on PRC-Linked Cyber Actors
September 27, 2023
Today, the U.S. National Security Agency (NSA), Federal Bureau of Investigation (FBI), and Cybersecurity and Infrastructure Security Agency (CISA), along with the Japan National Police Agency (NPA) and the Japan National Center of Incident Readiness and Strategy for Cybersecurity (NISC) released joint Cybersecurity Advisory (CSA) People’s Republic of China-Linked Cyber Actors Hide in Router Firmware. The ...
- A Ransomware Group Is Claiming They’ve Breached Sony’s Systems And Stolen Data
September 27, 2023
Although the claims of a data breach are still unverified, Sony has publicly acknowledged the situation and issued a statement to IGN which simply reads, “We are currently investigating the situation, and we have no further comment at this time.” It looks like Sony may have been victim of a breach resulting in the collection of ...
- Analysis of Generative AI Trends and ChatGPT Usage
September 26, 2023
The release of ChatGPT underscores the potential of artificial intelligence to revolutionize the daily operations of organizations. This paradigm shift is compelling businesses to reevaluate their conventional approaches and embrace the transformative capabilities offered by AI. Among the noteworthy facets of AI’s evolution, Large Language Models (LLMs) have emerged as a dominant force, reshaping user interactions ...