This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- Ukraine links members of Gamaredon hacker group to Russian FSB
November 4, 2021
SSU and the Ukrainian secret service say they have identified five members of the Gamaredon hacking group, a Russian state-sponsored operation known for targeting Ukraine since 2014. This Gamaredon hacking group, tracked as Armageddon by the SSU, is allegedly operated under the FSB (Russian Federal Security Service) and is believed to be responsible for over 5,000 ...
- Remote code execution flaw patched in Linux Kernel TIPC module
November 4, 2021
A code execution vulnerability has been patched in the TIPC module of the Linux Kernel. The Transparent Inter Process Communication (TIPC) module has been designed to facilitate intra-cluster communication across Ethernet or UDP connections and is capable of service addressing, tracking, managing communication between nodes, and more. This protocol is implemented in a kernel module package with ...
- Lockean multi-RaaS affiliate linked to attacks against French businesses
November 4, 2021
Details about the tools and tactics used by a ransomware affiliate group, now tracked as Lockean, have emerged today in a report from France’s Computer Emergency Response Team (CERT). Over the past year and a half, the threat actor has compromised the networks of at least eight French companies, stealing data and deploying malware from multiple ...
- Mobile phishing attacks targeting energy sector surge by 161%
November 3, 2021
Mobile phishing attacks targeting employees in the energy industry have risen by 161% compared to last year’s (H2 2020) data, and the trend is showing no signs of slowing down. Although the perils of outdated and vulnerable devices plague all sectors, a new report by cybersecurity firm Lookout indicates that energy is the most targeted, followed ...
- BlackMatter ransomware gang says it’s disbanding – again – after Ukraine arrests
November 3, 2021
A member of the BlackMatter (aka Darkside) ransomware gang has publicly claimed the extortionists are shutting down, causing much excitement within the infosec world. A Russian-language message reportedly posted on a forum used by ransomware criminals is said to have announced BlackMatter’s second disappearance of 2021, the gang previously pulling a disappearing act under their former ...
- ‘Tortilla’ Wraps Exchange Servers in ProxyShell Attacks
November 3, 2021
A new-ish threat actor sometimes known as “Tortilla” is launching a fresh round of ProxyShell attacks on Microsoft Exchange servers, this time with the aim of inflicting vulnerable servers with variants of the Babuk ransomware. Cisco Talos researchers said in a Wednesday report that they spotted the malicious campaign a few weeks ago, on Oct. 12. Tortilla, ...