This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- Android-wiping BRATA malware is evolving into a persistent threat
June 19, 2022
The threat actor behind BRATA banking trojan has evolved their tactics and improved the malware with information-stealing capabilities. Italian mobile security company Cleafy has been tracking BRATA activity and noticed in the most recent campaigns changes that lead to longer persistence on the device. “The modus operandi now fits into an Advanced Persistent Threat (APT) activity pattern,” ...
- QNAP ‘thoroughly investigating’ new DeadBolt ransomware attacks
June 17, 2022
Network-attached storage (NAS) vendor QNAP once again warned customers on Friday to secure their devices against a new campaign of attacks pushing DeadBolt ransomware. The company is urging users to update their NAS devices to the latest firmware version and ensure they’re not exposed to remote access over the Internet. “QNAP recently detected a new DeadBolt ransomware ...
- Sophos Firewall zero-day bug exploited weeks before fix
June 16, 2022
Chinese hackers used a zero-day exploit for a critical-severity vulnerability in Sophos Firewall to compromise a company and breach cloud-hosted web servers operated by the victim. The security issue has been fixed in the meantime but various threat actors continued to exploit it to bypass authentication and run arbitrary code remotely on multiple organizations. On March 25, ...
- Heineken says there’s no free beer, warns of phishing scam
June 16, 2022
There’s no such thing as free beer for Father’s Day — at least not from Heineken. The brewing giant confirmed that a contest circulating on WhatsApp, which promises a chance to win one of 5,000 coolers full of green-bottled lager, is a frothy fraud. “This is a scam and is not sanctioned by Heineken,” the beermaker ...
- New Android malware bypasses multi-factor authentication to steal your passwords
June 16, 2022
A newly discovered form of Android malware steals passwords, bank details and cryptocurrency wallets from users – and it does so by bypassing multi-factor authentication protections. The malware has been detailed by cybersecurity researchers at F5 Labs, who’ve dubbed it MaliBot. It’s the latest in a string of powerful malware targeting Android users. In addition to remotely ...
- A hacker group said it has broken into the Israeli electricity network
June 16, 2022
A hacker group identifying itself as the “Moses Staff” said it has broken into the Israeli electricity network, vowing to plunge the regime into darkness. The group said on Wednesday it had targeted the Israel Electric Corporation, the largest supplier of electrical power in the occupied territories, as well as Dorad Energy Ltd., which serves customers ...