This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- CISA Adds Two Known Exploited Vulnerabilities to Catalog
December 29, 2022
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added ...
- Google Home speakers allowed hackers to snoop on conversations
December 29, 2022
A bug in Google Home smart speaker allowed installing a backdoor account that could be used to control it remotely and to turn it into a snooping device by accessing the microphone feed. While experimenting with his own Google Home mini speaker, the researcher discovered that new accounts added using the Google Home app could send ...
- Royal ransomware claims attack on Intrado telecom provider
December 28, 2022
The Royal Ransomware gang claimed responsibility for a cyber attack against telecommunications company Intrado on Tuesday. While Intrado is yet to share any information regarding this incident, sources have told BleepingComputer early this month that the attack started on December 1 and the initial ransom demand was $60 million. The Royal Ransomware group, made up of experienced ...
- Navigating the Vast Ocean of Sandbox Evasions
December 27, 2022
When malware authors go to great lengths to avoid behaving maliciously if they detect they’re running in a sandbox, sometimes the best answer for security defenders is to write their own sandbox that can’t easily be detected. There are a lot of sandboxing approaches out there with pros and cons to each. Unit 42 researchers ...
- BlueNoroff introduces new methods bypassing MoTW
December 27, 2022
BlueNoroff group is a financially motivated threat actor eager to profit from its cyberattack capabilities. Kaspersky researchers have published technical details of how this notorious group steals cryptocurrency before. Kaspersky continue to track the group’s activities and this October they observed the adoption of new malware strains in its arsenal. The group usually takes advantage ...
- Hackers stole data from multiple electric utilities in recent ransomware attack
December 27, 2022
Hackers stole data belonging to multiple electric utilities in an October ransomware attack on a US government contractor that handles critical infrastructure projects across the country, according to a memo describing the hack obtained by CNN. Federal officials have closely monitored the incident for any potential broader impact on the US power sector while private investigators ...