This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- Wizard Spider hackers hire cold callers to scare ransomware victims into paying up
May 18, 2022
Researchers have exposed the inner workings of Wizard Spider, a hacking group that pours its illicit proceeds back into the criminal enterprise. On Wednesday, PRODAFT published the results of an investigation into Wizard Spider, believed to either be or be associated with the Grim Spider and Lunar Spider hacking groups. According to the cybersecurity firm, Wizard Spider, ...
- The BlackByte ransomware group is striking users all over the globe
May 18, 2022
The BlackByte ransomware group uses its software for its own goals and as a ransomware-as-a-service offering to other criminals. The ransomware group and its affiliates have infected victims all over the world, from North America to Colombia, the Netherlands, China, Mexico and Vietnam. Cisco Talos has been monitoring BlackByte for several months and Talos can confirm ...
- Emotet Summary: November 2021 Through January 2022
May 17, 2022
Emotet is one of the most prolific email-distributed malware families in our current threat landscape. Although a coordinated law enforcement effort shut down this malware in January 2021, Emotet resumed operations in November 2021. Since then, Emotet has returned to its status as a prominent threat. This blog provides a background on Emotet, and it reviews ...
- FBI: North Korea’s tech workers are posing as freelance developers, helping hackers
May 17, 2022
Skilled software and mobile app developers from North Korea are posing as US-based remote workers to land contract work as developers in US and European tech and crypto firms. The warning comes in a new joint advisory from The US Department of State, the US Department of the Treasury, and the Federal Bureau of Investigation (FBI) ...
- Vulnerability Spotlight: Multiple memory corruption vulnerabilities in NVIDIA GPU driver
May 17, 2022
Cisco Talos recently discovered four vulnerabilities in the NVIDIA D3D10 driver for graphics cards that could allow an attacker to corrupt memory and write arbitrary memory on the card. NVIDIA graphics drivers are software for NVIDIA Graphics GPU cards that are installed on PCs. The D3D10 driver communicates between the operating system and the GPU. It’s ...
- China reveals its top five sources of online fraud
May 17, 2022
China’s Ministry of Public Security has revealed the five most prevalent types of fraud perpetrated online or by phone. The e-commerce scam known as “brushing” topped the list and accounted for around a third of all internet fraud activity in China. Brushing sees victims lured into making payment for goods that may not be delivered, or ...