This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- IT threat evolution Q1 2021
May 31, 2021
In December, SolarWinds, a well-known IT managed services provider, fell victim to a sophisticated supply-chain attack. The company’s Orion IT, a solution for monitoring and managing customers’ IT infrastructure, was compromised by threat actors. This resulted in the deployment of a custom backdoor, named Sunburst, on the networks of more than 18,000 SolarWinds customers, including ...
- U.S. Critical Infrastructure: Addressing Cyber Threats and the Importance of Prevention
May 31, 2021
The critical infrastructure of the United States includes all those systems and assets that are essential to the proper functioning, economy, health, and safety of American society. The roads and railways that we travel on; the Internet and the mobile networks that connect us; the water that we drink; the healthcare, financial services and security ...
- Swedish Health Agency shuts down SmiNet after hacking attempts
May 31, 2021
The Swedish Public Health Agency (Folkhälsomyndigheten) has shut down SmiNet, the country’s infectious diseases database, on Thursday after it was targeted in several hacking attempts. SmiNet, which is also used to store electronic reports with statistics on COVID-19 infections, was shut down on Thursday to investigate the attacks and was brought back online on Friday evening. Read ...
- JBS USA cyber attack affecting North American and Australian systems
May 31, 2021
United States-based food processing company JBS USA has confirmed falling victim to a cyber attack, with the aftermath affecting its North American and Australian systems. “On Sunday, May 30, JBS USA determined that it was the target of an organised cybersecurity attack, affecting some of the servers supporting its North American and Australian IT systems,” it ...
- New Epsilon Red ransomware hunts unpatched Microsoft Exchange servers
May 29, 2021
A new ransomware threat calling itself Red Epsilon has been seen leveraging Microsoft Exchange server vulnerabilities to encrypt machines across the network. Epsilon Red ransomware attacks rely on more than a dozen scripts before reaching the encryption stage and also use a commercial remote desktop utility. Read more… Source: Bleeping Computer
- DarkSide on Linux: Virtual Machines Targeted
May 28, 2021
As we discussed in our previous blog, the DarkSide ransomware is targeting organizations in manufacturing, finance, and critical infrastructures in regions such as the United States, France, Belgium, and Canada. The DarkSide ransomware targets both Windows and Linux platforms. We also noticed that the Linux variant, in particular, targets ESXI servers. In this blog, we focus ...