This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- New Yanluowang ransomware used in targeted attacks
October 14, 2021
The Symantec Threat Hunter Team, a part of Broadcom Software, has uncovered what appears to be a new ransomware threat called Yanluowang that is being used in targeted attacks. In a recent attempted ransomware attack against a large organization, Symantec obtained a number of malicious files that, upon further investigation, revealed the threat to be a ...
- Attackers Are Taking Advantage of the Open-Source Service Interactsh for Malicious Purposes
October 14, 2021
Recently, Unit 42 has observed active exploits related to an open-source service called Interactsh. This tool can generate specific domain names to help its users test whether an exploit is successful. It can be used by researchers – but also by attackers – to validate vulnerabilities via real-time monitoring on the trace path for the ...
- Secure Manufacturing on Cloud, Edge and 5G
October 13, 2021
Global manufacturers need to digitize their manufacturing processes and transform their business into a digital enterprise. Digital manufacturing is an advancement that many businesses have been using, with 60% of factories already using the cloud (87% including businesses who will soon implement it) and 26% with Private 5G already implemented (67% including enterprises who will ...
- Israeli hospital targeted by ransomware attack
October 13, 2021
The Hillel Yaffe Medical Center in Hadera has been targeted by a ransomware attack that affected the computer systems of the hospital, the medical center announced on Wednesday. The attack occurred without any prior warning. Since the attack, the hospital has using alternate systems in the meantime while treating patients. The hospital is operating as normal, ...
- MysterySnail attacks IT companies, defence contractors and diplomatic entities with Windows zero-day
October 12, 2021
In late August and early September 2021, Kaspersky technologies detected attacks with the use of an elevation of privilege exploit on multiple Microsoft Windows servers. The exploit had numerous debug strings from an older, publicly known exploit for vulnerability CVE-2016-3309, but closer analysis revealed that it was a zero-day. We discovered that it was using ...
- Apple Releases Urgent iOS Updates to Patch New Zero-Day Bug
October 12, 2021
Apple on Monday rushed out a security update for iOS 15.0.2 and iPadOS 15.0.2 to fix a remote code-execution (RCE) zero-day vulnerability that’s being actively exploited. Within hours, a security researcher had picked the bug apart and published both proof-of-concept code and an explanation of the vulnerability, meaning that now’s a really good time to update ...