This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- Uncovering and Defending Systems Against Attacks With Layers of Remote Control
January 10, 2022
As organizations brace themselves for the year ahead, now is an opportune time to take stock of how they can strengthen their security posture and shore up their defenses. While organizations may have the power of leading-edge cybersecurity solutions on their side, malicious actors continue to work diligently to refine their methods and take advantage ...
- Vulnerability Spotlight: Buffer overflow vulnerability in AnyCubic Chitubox plugin
January 10, 2022
Cisco Talos recently discovered an exploitable heap-based buffer overflow vulnerability in the Chitubox AnyCubic plugin. Chitubox is 3-D printing software for users to download and process models and send them to a 3-D printer. The specific AnyCubic plugin allows the software to convert the output of the Chitubox slicer (general format files) into the format expected ...
- FBI: Cyber criminals are mailing out USB drives that install ransomware
January 10, 2022
A cybercrime group has been mailing out USB thumb drives in the hope that recipients will plug them into their PCs and install ransomware on their networks, according to the FBI. The USB drives contain so-called ‘BadUSB’ attacks. They were sent in the mail through the United States Postal Service and United Parcel Service. One type ...
- Abcbot botnet is linked to Xanthe cryptojacking group
January 10, 2022
Researchers have forged a “clear” link between the Abcbot botnet and a well-established cryptojacking cybercriminal group. First discovered In July 2021 by Netlab 360, the Abcbot botnet began as a simple scanner that used basic credential stuffing attacks and known vulnerability exploits to compromise vulnerable Linux systems. However, the developers quickly updated their creation to include self-update ...
- Night Sky is the latest ransomware targeting corporate networks
January 6, 2022
It’s a new year, and with it comes a new ransomware to keep an eye on called ‘Night Sky’ that targets corporate networks and steals data in double-extortion attacks. According to MalwareHunterteam, who first spotted the new ransomware, the Night Sky operation started on December 27th and has since published the data of two victims. One of ...
- Hackers are sending malicious links through Google Doc comment emails
January 6, 2022
Research from cybersecurity company Avanan has shown that hackers are increasingly using Google Docs’ productivity features to slip malicious content past spam filters and security tools. Avanan’s Jeremy Fuchs said that in December, the company saw cyberattackers using the comment feature in Google Docs and Google Slides to leverage attacks against Outlook users. “In this attack, hackers ...