This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- Air India cyber-attack: Data of millions of customers compromised
May 22, 2021
India’s national airline Air India has said a cyber-attack on its data servers affected about 4.5 million customers around the world. The breach was first reported to the company in February. Details including passport and ticket information as well as credit-card data were compromised. But Air India said security details for credit cards – CVV or CVC ...
- Here’s how we got persistent shell access on a Boeing 747 – Pen Test Partners
May 21, 2021
Researchers from infosec biz Pen Test Partners established a persistent shell on an in-flight entertainment (IFE) system from a Boeing 747 airliner after exploiting a vulnerability dating back to 1999. It’s an attack that’s more of a curiosity than anything else: it’s too difficult to pull off during an actual flight, and it’s rare these days ...
- Florida water treatment plant was involved in second security incident before poisoning attempt: report
May 21, 2021
A new study from Dragos has found that a water treatment plant in Oldsmar, Florida — where hackers attempted to poison the town’s water earlier this year — was also involved in another potential breach at the same time. A browser being used on the plant’s network was traced back to a “watering hole” attack that ...
- Phorpiex malware botnet just won’t go away
May 21, 2021
The Phorpiex malware botnet has lurked around the internet for years and is used to deliver ransomware, spam email and more, but now Microsoft’s security team are taking a closer look at it. The botnet has been known for using old-fashioned worms that spread via removable USB drives and instant messaging apps, began diversifying its infrastructure ...
- US insurance giant CNA Financial paid $40 million ransom to regain control of systems: report
May 21, 2021
One of the largest insurance companies in the United States, CNA Financial, reportedly agreed to a $40 million payment to restore access to its systems following a ransomware attack. According to Bloomberg, the $40 million payment — which is $10 million more than the highest attempted demand of $30 million in 2020, already double the highest ...
- FBI: Conti Ransomware Attacks Impact Healthcare and First Responder Networks
May 20, 2021
The FBI identified at least 16 Conti ransomware attacks targeting US healthcare and first responder networks, including law enforcement agencies, emergency medical services, 9-1-1 dispatch centers, and municipalities within the last year. These healthcare and first responder networks are among the more than 400 organizations worldwide victimized by Conti, over 290 of which are located in the U.S. ...