This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- Apple fixes new zero-day used in attacks against iPhones, iPads
October 24, 2022
In security updates released on Monday, Apple has fixed the ninth zero-day vulnerability used in attacks against iPhones since the start of the year. Apple revealed in an advisory today that it’s aware of reports saying the security flaw “may have been actively exploited.” The bug (CVE-2022-42827) is an out-of-bounds write issue reported to Apple by an ...
- DHL named most-spoofed brand in phishing
October 24, 2022
DHL is the most spoofed brand when it comes to phishing emails, according to Check Point. Crooks most frequently used the brand name in their attempts to steal personal and payment information from marks between July and September 2022, with the shipping giant accounting for 22 percent of all worldwide phishing attempts intercepted by the cybersecurity ...
- Exploited Windows zero-day lets JavaScript files bypass security warnings
October 22, 2022
An update was added to the end of the article explaining that any Authenticode-signed file, including executables, can be modified to bypass warnings. A new Windows zero-day allows threat actors to use malicious stand-alone JavaScript files to bypass Mark-of-the-Web security warnings. Threat actors are already seen using the zero-day bug in ransomware attacks. Windows includes a security ...
- Exbyte: BlackByte Ransomware Attackers Deploy New Exfiltration Tool
October 21, 2022
Symantec’s Threat Hunter Team has discovered that at least one affiliate of the BlackByte ransomware (Ransom.Blackbyte) operation has begun using a custom data exfiltration tool during their attacks. The malware (Infostealer.Exbyte) is designed to expedite the theft of data from the victim’s network and upload it to an external server. BlackByte is a ransomware-as-a-service operation that ...
- #StopRansomware: Daixin Team
October 21, 2022
This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see ...
- Wholesale giant METRO hit by IT outage after cyberattack
October 21, 2022
International wholesale giant METRO is experiencing infrastructure outages and store payment issues following a recent cyberattack. The company’s IT team is currently investigating the incident with the help of external experts to discover the cause of this ongoing outage. IT outages have been affecting stores in Austria, Germany, and France since at least October 17, according to ...