This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- CISA Adds Two Known Exploited Vulnerabilities to Catalog
April 10, 2023
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-28206 Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related story: CISA Adds Five Known Exploited Vulnerabilities to Catalog Related story: CISA Releases Seven Industrial Control Systems Advisories
- Criminals Pose as Chinese Authorities to Target US-based Chinese Community
April 10, 2023
The FBI warns of criminal actors posing as Chinese law enforcement officials or prosecutors in financial fraud schemes targeting the US-based Chinese community. Criminals tell victims they are suspects in financial crimes and threaten them with arrest or violence if they do not pay the criminals. Criminals exploit widely publicized efforts by the People’s Republic ...
- Money Message ransomware gang claims MSI breach, demands $4 million
April 7, 2023
Taiwanese PC parts maker MSI (Micro-Star International) has been listed on the extortion portal of a new ransomware gang known as “Money Message,” which claims to have stolen source code from the company’s network. MSI is a global hardware giant that makes motherboards, graphics cards, desktops, laptops, servers, industrial systems, PC peripherals, and infotainment products, with ...
- Medusa ransomware claims attack on Open University of Cyprus
April 6, 2023
The Medusa ransomware gang has claimed a cyberattack on the Open University of Cyprus (OUC), which caused severe disruptions of the organization’s operations. OUC is an online university based in Nicosia, Cyprus, that provides remote learning. It offers 30 higher-level education programs to 4,200 students and participates in various scientific research activities. Read more… Source: Bleeping Computer
- Typhon info-stealing malware devs upgrade evasion capabilities
April 5, 2023
The developers of the Typhon info-stealer announced on a dark web forum that they have updated the malware to a major version they advertise as ‘Typhon Reborn V2’ They boast significant improvements designed to thwart analysis via anti-virtualization mechanisms. The original Typhon was discovered by malware analysts in August 2022. Cyble Research Labs analyzed it at the ...
- UK criminal records office suffers two-month “cyber security incident”
April 5, 2023
The UK’s national office for managing criminal record information (ACRO) has confirmed it’s currently trying to recover from a two-month “cyber security incident”. Few details were revealed by the organisation and other authorities, other than that the attack took place between 17 January and 21 March 2023. Read more… Source: IT Pro