This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- New Flagpro malware linked to Chinese state-backed hackers
December 28, 2021
BlackTech cyber-espionage APT (advanced persistent threat) group has been spotted targeting Japanese companies using novel malware that researchers call ‘Flagpro’. The threat actor uses Flagpro in the initial stage of an attack for network reconnaissance, to evaluate the target’s environment, and to download second-stage malware and execute it. The infection chain begins with a phishing email crafted ...
- West Virginia State workers to be paid on time despite ransomware attack
December 27, 2021
West Virginia state workers will be paid on schedule this week, despite a ransomware attack that recently crippled a software provider that helps manage time and leave for more than 35,000 state employees. The State Auditor’s Office reassured employees Monday that checks will be deposited on schedule Friday. For additional assurance, officials urged state workers to check ...
- QNAP NAS devices hit in surge of ech0raix ransomware attacks
December 27, 2021
Users of QNAP network-attached storage (NAS) devices are reporting attacks on their systems with the eCh0raix ransomware, also known as QNAPCrypt. The threat actor behind this particular malware intensified their activity about a week before Christmas, taking control of the devices with administrator privileges. Attack count jumps before Christmas BleepingComputer forum users managing QNAP and Synology NAS systems ...
- Rook ransomware is yet another spawn of the leaked Babuk code
December 24, 2021
A new ransomware operation named Rook has appeared recently on the cyber-crime space, declaring a desperate need to make “a lot of money” by breaching corporate networks and encrypting devices. Although the introductory statements on their data leak portal were marginally funny, the first victim announcements on the site have made it clear that Rook is ...
- Examining Log4j Vulnerabilities in Connected Cars and Charging Stations
December 23, 2021
Since its disclosure on Dec. 9, a vast number of articles have been written on the remote code execution (RCE) vulnerability in the library Apache Log4j — a reflection of its impact. The library is used by innumerable programs to easily release log statements without modifying the code. This means that it has an expansive ...
- Stealthy BLISTER malware slips in unnoticed on Windows systems
December 23, 2021
Security researchers have uncovered a malicious campaign that relies on a valid code-signing certificate to disguise malicious code as legitimate executables. One of the payloads that the researchers called Blister, acts as a loader for other malware and appears to be a novel threat that enjoys a low detection rate. The threat actor behind Blister has been ...