This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- REvil ransomware group resurfaces after brief hiatus
September 7, 2021
The operators behind the REvil ransomware group have resurfaced after allegedly closing shop following the widespread attack on Kaseya that caused thousands of victims on July 4. Security researchers said all of the dark web sites for the prolific ransomware group — including the payment site, the group’s public site, the ‘helpdesk’ chat and their negotiation ...
- TrickBot gang developer arrested when trying to leave Korea
September 6, 2021
An alleged Russian developer for the notorious TrickBot malware gang was arrested in South Korea after attempting to leave the country. The TrickBot cybercrime group is responsible for a variety of sophisticated malware targeting Windows and Linux devices to gain access to victim’s networks, steal data, and deploy other malware, such as ransomware. Seoul’s KBS (via The ...
- East Asian online organised crime group preying on British job seekers
September 6, 2021
An organised group of criminals based in East Asia have defrauded job seekers in the UK and worldwide after getting a scam app on to both the Google and Apple app stores. Working with victims who have tried to track down their scammers, Sky News has learnt they were operating from Cambodia, the Philippines and China, ...
- Norwegian student tracks Bluetooth headset wearers by wardriving around Oslo on a bicycle
September 4, 2021
A Norwegian student who went wardriving around Oslo on a pushbike has discovered that several popular models of Bluetooth headphones don’t implement MAC address randomisation – meaning they can be used to track their wearers. Norwegian state broadcaster NRK revealed Bjorn Hegnes’ findings after helping him analyse Bluetooth emissions from a dozen different models of audio ...
- Analyzing SSL/TLS Certificates Used by Malware
September 3, 2021
Malware has increasingly been making use of encryption to help hide their network traffic in recent years. This makes sense especially when one realizes that ordinary network traffic is increasingly encrypted as well. Google’s own Transparency Report notes that HTTPS traffic now makes up the vast majority of network traffic passed via the Google Chrome ...
- The Evolution of Connected Cars as Defined by Threat Modeling UN R155-Listed Attack Vectors
September 3, 2021
The United Nations Regulation No. 155 sets provisions for cybersecurity and cyber security management systems in vehicles. A notable section of the document is Annex 5, which lists 69 attack vectors affecting vehicle cybersecurity. In order to help organizations comply with this regulation, we conducted a threat modelling exercise on the defined attack vectors as ...