This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- Worldwide Phishing Attacks Ramped Up At the Peak of Working From Home
August 25, 2021
With more and more companies choosing to allow for flexible (hybrid/remote) work environments post-pandemic, we investigated the unique cyberthreats employees working from home face. Palo Alto analysis focused primarily on trends in Palo Alto firewall traffic and phishing pages detected by our URL Filtering service from September 2019 to April 2021. We found that in early ...
- Triada Trojan in WhatsApp mod
August 24, 2021
WhatsApp users sometimes feel the official app is lacking a useful feature of one sort or another, be it animated themes, self-destructing messages which automatically delete themselves, the option of hiding certain conversations from the main list, automatic translation of messages, or the option of viewing messages that have been deleted by the sender. This ...
- APT41 Resurfaces as Earth Baku With New Cyberespionage Campaign
August 24, 2021
Trend Micro researchers have uncovered a cyberespionage campaign being perpetrated by Earth Baku, an advanced persistent threat (APT) group with a known history of carrying out cyberattacks under the alias APT41. This is not the group’s first foray into cyberespionage, and its long list of past cybercrimes also includes ransomware and cryptocurrency mining attacks. Earth Baku ...
- Ransomware Groups to Watch: Emerging Threats
August 24, 2021
As part of Unit 42’s commitment to stop ransomware attacks, we conduct ransomware hunting operations to ensure our customers are protected against new and evolving ransomware variants. We monitor the activity of existing groups, search for dark web leak sites and fresh onion sites, identify up-and-coming players and study tactics, techniques and procedures. During our operations, ...
- FBI: OnePercent Group Ransomware targeted US orgs since Nov 2020
August 23, 2021
The Federal Bureau of Investigation (FBI) has shared info about a threat actor known as OnePercent Group that has been actively targeting US organizations since at least November 2020 as a ransomware affiliate. The US federal law enforcement agency shared indicators of compromise, tactics, techniques, and procedures (TTP), and mitigation measures in a flash alert published ...
- Nokia subsidiary discloses data breach after Conti ransomware attack
August 23, 2021
SAC Wireless, a US-based Nokia subsidiary, has disclosed a data breach following a ransomware attack where Conti operators were able to successfully breach its network, steal data, and encrypt systems. The wholly-owned and independently-operating Nokia company, headquartered in Chicago, IL, works with telecom carriers, major tower owners, and original equipment manufacturers (OEMs) across the US. Read more… Source: ...