This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- TrickBot malware operation shuts down, devs move to stealthier malware
February 25, 2022
The TrickBot malware operation has shut down after its core developers move to the Conti ransomware gang to focus development on the stealthy BazarBackdoor and Anchor malware families. TrickBot is a notorious Windows malware infection that has dominated the threat landscape since 2016. The malware is commonly installed via malicious phishing emails or other malware, and will ...
- Ransomware groups and hacktivist collective are getting involved in the military conflict between Ukraine and Russia
February 25, 2022
Multiple ransomware groups and members of the hacktivist collective Anonymous announced this week that they are getting involved in the military conflict between Ukraine and Russia. On Thursday, members of Anonymous announced on Twitter that they would be launching attacks against the Russian government. The hacktivists defaced some local government websites in Russia and temporarily took ...
- Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks
February 24, 2022
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Cyber Command Cyber National Mission Force (CNMF), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) have observed a group of Iranian government-sponsored advanced persistent threat (APT) actors, known as MuddyWater, conducting cyber espionage and other malicious cyber operations targeting ...
- Financial cyberthreats in 2021
February 23, 2022
The year 2021 was eventful in terms of digital threats for organizations and individuals, and financial institutions were no exception. Throughout the past year, we have seen cybercriminals continue to actively target our users with tools and techniques that emerged due to the pandemic. Imperfections in the transition to remote/hybrid work continue to pose a ...
- New phishing campaign targets Monzo online-banking customers
February 20, 2022
Users of Monzo, one of the UK’s most popular digital-only banking platforms, are being targeted by phishing messages supported by a growing network of malicious websites. Monzo is a 100% online banking platform with over four million customers and among the first to challenge the traditional financial managing system. The mobile-only platform offers a feature-rich app, debit ...
- CISA Insights: Foreign Influence Operations Targeting Critical Infrastructure
February 18, 2022
CISA has released CISA Insights: Preparing for and Mitigating Foreign Influence Operations Targeting Critical Infrastructure, which provides proactive steps organizations can take to assess and mitigate risks from information manipulation. Malicious actors may use tactics—such as misinformation, disinformation, and malinformation—to shape public opinion, undermine trust, and amplify division, which can lead to impacts to critical ...