This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- CISA and Partners Release Joint Cybersecurity Advisory on Newly Identified Truebot Malware Variants
July 6, 2023
Today, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigations (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS) released a joint Cybersecurity Advisory (CSA), Increased Truebot Activity Infects U.S. and Canada Based Networks, to help organizations detect and protect against newly identified Truebot malware ...
- Japan’s biggest port hit by suspected cyberattack, operations halted
July 5, 2023
The Port of Nagoya, Japan’s largest port by total cargo throughput and responsible for handling some of Toyota Motor Corp.’s car exports, has suffered a crippling system glitch, with the port operator saying Wednesday it suspects a cyberattack. As of noon, the port in central Japan remained unable to load and unload containers from trailers. Police ...
- ChatGPT Shared Links and Information Protection: Risks and Measures Organizations Must Understand
July 5, 2023
Since its initial release in late 2022, the AI-powered text generation tool known as ChatGPT has been experiencing rapid adoption rates from both organizations and individual users. However, its latest feature, known as Shared Links, comes with the potential risk of unintentional disclosure of confidential information. In this article, Trend Micro researchers will examine these risks ...
- Thousands of Fortinet firewalls are unpatched against this serious security bug, so patch now
July 4, 2023
Hundreds of thousands of FortiGate firewalls are yet to be patched against a flaw being actively used in the wild, experts have revealed. Cybersecurity researchers from Bishop Fox recently used the Shodan.io search engine for internet-connected devices to look for servers with HTTPS responses that suggested the software was outdated. The results brought back almost 490,000 ...
- TSMC discloses data breach from LockBit-claimed attack against third party
July 4, 2023
Major Taiwanese multinational chip manufacturing firm Taiwan Semiconductor Manufacturing Company has confirmed experiencing a data breach as a result of a cyberattack against Kinmax, which is one of its IT hardware suppliers, before the end of June, reports The Record, a news site by cybersecurity firm Recorded Future. Such a disclosure comes after the LockBit ransomware ...
- Microsoft Denies Major 30 Million Customer-Breach
July 4, 2023
Microsoft has hit back at claims from a shadowy hacktivist outfit that it managed to breach the company and obtain account access for tens of millions of customers. Anonymous Sudan, which has been linked in the past to pro-Kremlin groups like Killnet, posted the details of its alleged raid on Telegram. Read more… Source: Infosecurity Magazine