This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- NCSC-NZ Releases Advisory on Cyber Threats Related to Russia-Ukraine Tensions
February 18, 2022
The New Zealand National Cyber Security Centre (NCSC-NZ) has released a General Security Advisory (GSA) on preparing for cyber threats relating to tensions between Russia and Ukraine. The advisory recommends organizations review their security posture and monitor for cyber incidents and provides additional resources to help protect against potential threats. CISA encourages all users to review ...
- Cybercrime: Dark web carding forum users are getting worried after a string of shutdowns
February 18, 2022
Cybercriminals are getting spooked by the sudden disappearance of a number of prominent dark web marketplaces, leading some to wonder if time is up on their illegal, underground activities. Cybersecurity researchers at Digital Shadows have analysed activity on carding forums – dark web marketplaces where criminals buy and sell stolen credit card information and other personal ...
- Ukraine Cyberattack 2022: Geopolitical Cybersecurity
February 18, 2022
Europe is on a knife-edge. With over 130,000 Russian troops amassed on the Ukrainian border, the region is witnessing the biggest build-up of firepower since the cold war. Inevitably, there is also cyber-dimension to this conflict. Mounting attacks on Ukrainian websites and I.T. infrastructure are making policymakers in Washington and elsewhere nervous should tensions rise ...
- Microsoft Teams Targeted With Takeover Trojans
February 17, 2022
Threat actors are targeting Microsoft Teams users by planting malicious documents in chat threads that execute Trojans that ultimately can take over end-user machines, researchers have found. In January, researchers at Avanan, a Check Point Company, began tracking the campaign, which drops malicious executable files in Teams conversations that, when clicked on, eventually take over the ...
- Hackers can crash Cisco Secure Email gateways using malicious emails
February 17, 2022
Cisco has addressed a high severity vulnerability that could allow remote attackers to crash Cisco Secure Email appliances using maliciously crafted email messages. The security flaw (tracked as CVE-2022-20653) was found in DNS-based Authentication of Named Entities (DANE), a Cisco AsyncOS Software component used by Cisco Secure Email to check emails for spam, phishing, malware, and ...
- Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology
February 16, 2022
From at least January 2020, through February 2022, the Federal Bureau of Investigation (FBI), National Security Agency (NSA), and Cybersecurity and Infrastructure Security Agency (CISA) have observed regular targeting of U.S. cleared defense contractors (CDCs) by Russian state-sponsored cyber actors. The actors have targeted both large and small CDCs and subcontractors with varying levels of ...