This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- An Investigation Into SS7 Exploitation Services On The Dark Web
November 17, 2021
In this latest investigative article SOS intelligence researchers will be taking a look at alleged SS7 exploitation services on the Dark Web and diving into their credibility using SOS Intelligence analytics toolkit. SS7 Significance & Background Signalling System 7 is a telecommunications protocol adopted internationally that defines how the network elements in a public switched telephone network ...
- Russian ransomware gangs start collaborating with Chinese hackers
November 17, 2021
There’s some unusual activity brewing on Russian-speaking cybercrime forums, where hackers appear to be reaching out to Chinese counterparts for collaboration. These attempts to enlist Chinese threat actors are mainly seen on the RAMP hacking forum, which is encouraging Mandarin-speaking actors to participate in conversations, share tips, and collaborate on attacks. According to a new report by ...
- Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021
November 16, 2021
Over the past year, the Microsoft Threat Intelligence Center (MSTIC) has observed a gradual evolution of the tools, techniques, and procedures employed by malicious network operators based in Iran. At CyberWarCon 2021, MSTIC analysts presented their analysis of these trends in Iranian nation state actor activity during a session titled “The Iranian evolution: Observed changes ...
- Ransomware gangs are now rich enough to buy zero-day flaws
November 16, 2021
Cyber criminals are becoming more advanced as they continue to find new ways to deliver attacks, and some are now willing to buy zero-day vulnerabilities, something more traditionally associated with nation-states. Knowledge about vulnerabilities and exploits can command a high price on underground forums, because being able to take advantage of them can be very profitable ...
- FBI Email Hoaxer ID’ed by the Guy He Allegedly Loves to Torment
November 16, 2021
Vinny Troia, the cybersecurity researcher mentioned in a fake alert gushed out to thousands of people from the FBI’s own email system on Friday night, has fingered the guy who allegedly pulled off the exploit. Troia – white hat threat hunter, cybercrime investigator and founder of security firms Night Lion Security and its rebranded version, Shadowbyte ...
- Emotet, once the world’s most dangerous malware, is back
November 16, 2021
Emotet, once described as “the world’s most dangerous malware” before being taken down by a major international police operation, is apparently back – and being installed on Windows systems infected with TrickBot malware. Emotet malware provided its controllers with a backdoor into compromised machines, which could be leased out to other groups, including ransomware gangs, to ...