This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- University of Iowa Hospitals website possibly hit by cyberattack
February 1, 2023
A Russian hacking group has claimed to have taken down the University of Iowa Hospitals and Clinics website, along with the websites of dozens of other hospitals nationwide. UIHC has acknowledged its website is down Tuesday afternoon and its IT staff is investigating the cause but could not confirm whether it was the result of a ...
- New Sh1mmer ChromeBook exploit unenrolls managed devices
January 31, 2023
A new exploit called ‘Sh1mmer’ allows users to unenroll an enterprise-managed Chromebook, enabling them to install any apps they wish and bypass device restrictions. When Chromebooks are enrolled with a school or an enterprise, they are managed by policies established by the organization’s administrators. This allows admins to force-install browser extensions, apps, and to restrict how ...
- CISA Releases One Industrial Control Systems Advisory
January 31, 2023
CISA released one Industrial Control Systems (ICS) advisory on January 31, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations. Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency
- Prilex modification now targeting contactless credit card transactions
January 31, 2023
Prilex is a singular threat actor that has evolved from ATM-focused malware into unique modular PoS malware – actually, the most advanced PoS threat Kaspersky have seen so far, as described in a previous article. Forget about those old memory scrapers seen in PoS attacks. Prilex goes beyond these, and it has evolved very differently. This ...
- Exploit released for critical VMware vRealize RCE vulnerability
January 31, 2023
Horizon3 security researchers have released proof-of-concept (PoC) code for a VMware vRealize Log Insight vulnerability chain that allows attackers to gain remote code execution on unpatched appliances. VMware patched four security vulnerabilities in its vRealize log analysis tool last week, two being critical and allowing remote attackers to execute code on compromised devices. Read more… Source: Bleeping Computer
- University of Michigan Health says cyber attack impacted public websites, not patient info
January 30, 2023
Michigan Health officials say its public websites experienced issues due to a cyber attack but claims the issue did not impact patient information. In a statement on Monday, officials say the attack affected a “third-party vendor we use to host some of our sites.” Read more… Source: CBS Detroit News