This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- Colorado energy company loses 25 years of data after cyberattack while still rebuilding network
December 2, 2021
Colorado’s Delta-Montrose Electric Association (DMEA) is still struggling to recover from a devastating cyberattack last month that took down 90% of its internal systems and caused 25 years of historical data to be lost. In an update sent to customers this week, the company said it expects to be able to begin accepting payments through its ...
- Hackers are turning to RTF template injections technique to install malware on PCs
December 2, 2021
Nation state-backed hacking groups are exploiting a simple but effective new technique to power phishing campaigns for spreading malware and stealing information that’s of interest to their governments. Cybersecurity researchers at Proofpoint say advanced persistent threat (APT) groups working on behalf of Russian, Chinese and Indian interests are using rich text format (RTF) template injections. While the ...
- APT Expands Attack on ManageEngine With Active Campaign Against ServiceDesk Plus
December 2, 2021
Over the course of three months, a persistent and determined APT actor has launched multiple campaigns which have now resulted in compromises to at least 4 additional organizations, for a total of 13. Beginning on Sept. 16, 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released an alert warning that advanced persistent threat (APT) ...
- Vulnerability Spotlight: Use-after-free condition in Google Chrome could lead to code execution
December 2, 2021
Cisco Talos recently discovered an exploitable use-after-free vulnerability in Google Chrome. Google Chrome is a cross-platform web browser — and Chromium is the open-source version of the browser that other software developers use to build their browsers, as well. This specific vulnerability exists in Blink, the main DOM parsing and rendering engine at the core of ...
- Play Your Cards Right: Detecting Wildcard DNS Abuse
December 1, 2021
The domain name system (DNS) maps names to addresses so that computers can communicate. The directions within the DNS exist largely in records where a specific name (such as paloaltonetworks.com) is mapped to pieces of data, such as IP addresses (for example, 34.107.151202). As the name suggests, wildcard DNS records are an exception to this ...
- Widespread ‘Smishing’ Campaign Defrauds Iranian Android Users
December 1, 2021
Attackers are impersonating the Iranian government in a widespread SMS phishing campaign that is defrauding thousands of Android users by installing malware on their devices that can steal their credit card data and siphon money from financial accounts. Researchers from Check Point Research estimate that the campaign, which sends so called “smishing” messages that entice victims ...