This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- CISA Releases Six Industrial Control Systems Advisories
September 21, 2023
CISA released six Industrial Control Systems (ICS) advisories on September 21, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-264-01 Real Time Automation 460 Series ICSA-23-264-02 Siemens Spectrum Power 7 ICSA-23-264-03 Delta Electronics DIAScreen Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related: ISC Releases Security Advisories for BIND 9
- Estonia: Cyber attack brought Elron ticketing system down Wednesday
September 21, 2023
Ticket sales for national rail carrier Elron’s trains were disrupted Wednesday afternoon, after a cyber attack. Elron spokesperson Kristo Mäe said at the time that: “Until the situation is resolved and it remains, for technical reasons, impossible to purchase a ticket while on the train, passengers can travel for free,” adding that passengers with cash on ...
- DoppelPaymer ransomware group suspects identified
September 20, 2023
The German police in cooperation with the US Secret Service have executed search warrants against suspected members of the DoppelPaymer ransomware group in Germany and Ukraine. In March of 2023 the German Regional Police and the Ukrainian National Police, with support from Europol, the Dutch Police, and the United States Federal Bureau of Investigations (FBI), apprehended ...
- China’s Ministry of State Security reveals US’ infiltration of Huawei traced back to 2009
September 20, 2023
The US’ infiltration of Huawei headquarters’ servers can be traced back to 2009, China’s Ministry of State Security (MSS) said in an article released on Wednesday. The Chinese ministry disclosed despicable methods of cyber espionage adopted by US intelligence agencies, which include establishing cyberattack arsenals, coercing technology companies to cooperate, and distorting the truth to ...
- FBI and CISA Release Advisory on Snatch Ransomware
September 20, 2023
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint CSA to disseminate known ransomware IOCs and TTPs associated with the Snatch ransomware variant identified through FBI investigations as recently as June 1, 2023. Since mid-2021, Snatch threat actors have consistently evolved their tactics to take advantage of ...
- Australia: Pizza Hut says customer data breached in cyber hack
September 20, 2023
The personal details of pizza lovers across Australia have been compromised in a cyber attack on Pizza Hut. The popular fast-food chain, with 251 restaurants across the country, revealed it had been hacked in an email to customers on Wednesday. “In early September, we became aware of a cyber security incident where an unauthorised third party ...