This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- Leaseweb trying to restore service following cyberattack
August 28, 2023
Cloud provider Leaseweb was forced to take some of its critical systems down to mitigate the effects of an ongoing cyberattack. One of the world’s largest cloud and hosting providers, Leasweb contacted its customers to alert them it spotted “unusual” activity in some parts of its infrastructure. To minimize the potential damages and oust the unauthorized ...
- Personal Data Leaked After Cyber Attack on Maryland Schools
August 28, 2023
Prince George’s County, Md., Public Schools officials said some of the personal data stolen in a recent cyber attack has leaked online. The Washington, D.C., area school system is one of the 20 largest school districts in the U.S., with 201 schools and centers. The school system discovered an attack on its network on Aug. 14, ...
- Poland investigates cyber-attack on rail network
August 26, 2023
Polish intelligence services are investigating a hacking attack on the country’s railways, Polish media say. Hackers broke into railway frequencies to disrupt traffic in the north-west of the country overnight, the Polish Press Agency (PAP) reported on Saturday. The signals were interspersed with recording of Russia’s national anthem and a speech by President Vladimir Putin, the ...
- UK: Metropolitan Police on red alert after details of officers and staff hacked in massive security breach
August 26, 2023
The Metropolitan Police were on red alert tonight after details of officers and staff were hacked in a massive security breach. All 47,000 personnel were warned of the risk their photos, names and ranks had been stolen when cyber crooks penetrated the IT systems of a contractor printing warrant cards and staff passes. Information taken also ...
- Lockbit leak, research opportunities on tools leaked from TAs
August 25, 2023
Lockbit is one of the most prevalent ransomware strains. It comes with an affiliate ransomware-as-a-service (RaaS) program offering up to 80% of the ransom demand to participants, and includes a bug bounty program for those who detect and report vulnerabilities that allow files to be decrypted without paying the ransom. According to the Lockbit owners, the ...
- Belgium’s Econocom confirms cyber attack, no sensitive data disclosed
August 24, 2023
Belgian IT services firm Econocom on Thursday confirmed it is investigating a cyber attack it believes originated from a service provider working with some of its clients in France. Read more… Source: USNews