This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- Apple warns of three WebKit vulns under active exploitation, dozens more CVEs across its range
May 19, 2023
Apple has issued a bushel of security updates and warned that three of the flaws it’s fixed are under active attack. The three are CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373, all of which impact the WebKit browser engine that Apple champions and employs in its Safari browser – and demands be used by other browsers on iOS. Read more… Source: ...
- CloudWizard APT: the bad magic story goes on
May 19, 2023
In March 2023, Kaspersky researchers uncovered a previously unknown APT campaign in the region of the Russo-Ukrainian conflict that involved the use of PowerMagic and CommonMagic implants. However, at the time it was not clear which threat actor was behind the attack. Since the release of Kaspersky report about CommonMagic, Kaspersky researchers have been looking for ...
- Man jailed for running multimillion-pound criminal website iSpoof
May 19, 2023
The man responsible for running a multimillion-pound fraud website, used by scammers to trick people into handing over their bank details, has been jailed. Tejay Fletcher, 35, pleaded guilty to running iSpoof, a website that allowed criminals and fraudsters to appear as if they were calling from banks, tax offices and other official bodies in an ...
- CISA Releases Five Industrial Control Systems Advisories
May 18, 2023
CISA released five Industrial Control Systems (ICS) advisories on May 16, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-138-01 Carlo Gavazzi Powersoft ICSA-23-138-02 Mitsubishi Electric MELSEC WS ICSA-23-138-03 Hitachi Energy MicroSCADA Pro/X SYS600 Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related story: CISA Releases Three Industrial Control Systems Advisories
- The distinctive rattle of APT SideWinder
May 17, 2023
In February 2023, Group-IB’s Threat Intelligence team released a technical report about previously unknown phishing attacks conducted by the APT group SideWinder: Old Snake, New Skin: Analysis of SideWinder APT activity between June and November 2021. As always, Group-IB customers and partners were the first to get access to the report through the interface of ...
- Is your car safe from a cyber attack?
May 17, 2023
In January 2022, 19-year-old David Colombo from Dinkelsbühl, Germany, announced via Twitter that he had been able to hack at least 25 Tesla vehicles in 13 countries and partially take them over. “So, I now have full remote control of over 25 Teslas in 13 countries and there seems to be no way to find ...