This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- Los Angeles school district says it was target of ransomware attack
September 6, 2022
The Los Angeles Unified School District, the second-largest collection of public schools in the United States, said it was targeted by a ransomware attack over the Labor Day weekend that caused “significant disruption” but did not lead to cancellation of classes. “Los Angeles Unified detected unusual activity in its Information Technology systems over the weekend, which ...
- SharkBot malware sneaks back on Google Play to steal your logins
September 4, 2022
A new and upgraded version of the SharkBot malware has returned to Google’s Play Store, targeting banking logins of Android users through apps that have tens of thousands of installations. The malware was present in two Android apps that did not feature any malicious code when submitted to Google’s automatic review. However, SharkBot is added in an ...
- KeyBank: Hackers of third-party provider stole customer data
September 3, 2022
Hackers stole personal data including Social Security numbers, addresses and account numbers of home mortgage holders at KeyBank, the bank reports, in the breach of a third-party vendor that serves multiple corporate clients. The hackers obtained the information on July 5 after breaking into computers at the insurance services provider Overby-Seawell Company, according to a letter ...
- IRS data leak exposes personal info of 120,000 taxpayers
September 3, 2022
The Internal Revenue Service has accidentally leaked confidential information for approximately 120,000 taxpayers who filed a form 990-T as part of their tax returns. IRS Form 990T is used to report ‘unrelated business income’ paid to a tax-exempt entity, such as nonprofits (charities) or IRA and SEP retirement accounts. This income is commonly derived from sales unrelated ...
- Buzzing in the Background: BumbleBee, a New Modular Backdoor Evolved From BookWorm
September 2, 2022
In March 2021, Trend Micro researchers investigated a backdoor with a unique modular architecture and called it BumbleBee due to a string embedded in the malware. Its type of modular framework has made Trend Micro static analysis more challenging because it required us to first rebuild its structure or use dynamic analysis to understand its ...
- Google Chrome emergency update fixes new zero-day used in attacks
September 2, 2022
Google has released Chrome 105.0.5195.102 for Windows, Mac, and Linux users to address a single high-severity security flaw, the sixth Chrome zero-day exploited in attacks patched this year. “Google is aware of reports that an exploit for CVE-2022-3075 exists in the wild,” the company said in a security advisory published on Friday. This new version is rolling ...