This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- KillNet and affiliate hacktivist groups targeting healthcare with DDoS attacks
March 17, 2023
In the last year, geopolitical tension has led to an uptick of reported cybercrime events fueled by hacktivist groups. The US Cybersecurity and Infrastructure Security Agency (CISA) published an advisory to warn organizations about these attacks and teamed with the FBI on a distributed denial-of-service (DDoS) response strategy guide. KillNet, a group that the US ...
- Bee-Ware of Trigona, An Emerging Ransomware Strain
March 16, 2023
Trigona ransomware is a relatively new strain that security researchers first discovered in late October 2022. By analyzing Trigona ransomware binaries and ransom notes obtained from VirusTotal, as well as information from Unit 42 incident response, we determined that Trigona was very active during December 2022, with at least 15 potential victims being compromised. Affected ...
- Threat Actors Exploited Progress Telerik Vulnerability in U.S. Government IIS Server
March 15, 2023
Today, the CISA, Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory (CSA), Threat Actors Exploit Progress Telerik Vulnerability in U.S. Government IIS Server. This joint CSA provides IT infrastructure defenders with tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), and methods to detect and protect ...
- Magniber ransomware actors used a variant of Microsoft SmartScreen bypass
March 14, 2023
Google’s Threat Analysis Group (TAG) recently discovered usage of an unpatched security bypass in Microsoft’s SmartScreen security feature, which financially motivated actors are using to deliver the Magniber ransomware without any security warnings. The attackers are delivering MSI files signed with an invalid but specially crafted Authenticode signature. The malformed signature causes SmartScreen to return ...
- Wymondham College hit by sophisticated cyber attack
March 14, 2023
Wymondham College said disruption was likely to continue until the Easter holidays due to its IT system being targeted. In a message sent to students, seen by the EDP, the college apologised for disruption but said it believed there had been no data breach. Read more… Source: Wymondham Evening News
- Cyprus: Land registry website problems due to ‘cyber attack’
March 12, 2023
After a “thorough evaluation of all data”, the land registry department on Sunday said the technical problem that saw it go offline since Wednesday was due to a “cyber attack” The department said that due to the nature of the problem and the size of the systems, they will be gradually restored, starting with the restoration ...