This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- New South Wales’ Transport agency extorted by ransomware gang after Accellion attack
March 1, 2021
The transport system for the Australian state of New South Wales has suffered a data breach after the Clop ransomware exploited a vulnerability to steal files. Transport for NSW is New South Wales’ transport system in charge of the buses, ferries, regional air operators, and cargo transportation. Last week, Transport for NSW disclosed that their agency suffered ...
- Mobile malware evolution 2020
March 1, 2021
In their campaigns to infect mobile devices, cybercriminals always resort to social engineering tools, the most common of these passing a malicious application off as another, popular and desirable one. All they need to do is correctly identify the application, or at least, the type of applications, that are currently in demand. Therefore, attackers constantly ...
- Povlsomware PoC Ransomware Features Cobalt Strike Compatibility
March 1, 2021
Povlsomware (Ransom.MSIL.POVLSOM.THBAOBA) is a proof-of-concept (POC) ransomware first released in November 2020 which, according to their Github page, is used to “securely” test the ransomware protection capabilities of security vendor products. Povlsomware has not garnered much attention at the moment, being talked about in only a few sites — however, it has some interesting characteristics, ...
- World’s leading dairy group Lactalis hit by cyberattack
March 1, 2021
Lactalis, the world’s leading dairy group, has disclosed a cyberattack after unknown threat actors have breached some of the company’s systems. Lactalis (short for Lactalis Group) has 85,000 employees in 51 countries, and it exports dairy products to over 100 countries around the world. The dairy group controls multiple leading international brands, including Président, Galbani, Lactel, Santal, ...
- Cybersecurity firm Genua fixes a critical flaw in its GenuGate High Resistance Firewall
March 1, 2021
Germany-based cybersecurity company Genua has fast-tracked a fix for a critical flaw in one of its firewall products. If exploited, the vulnerability could allow local attackers to bypass authentication measures and log in to internal company networks with the highest level of privileges. Genua says it offers more than 20 security solutions for encrypting data communication ...
- Hackers use black hat SEO to push ransomware, trojans via Google
March 1, 2021
The delivery system for the Gootkit information stealer has evolved into a complex and stealthy framework, which earned it the name Gootloader, and is now pushing a wider variety of malware via hacked WordPress sites and malicious SEO techniques for Google results. Apart from increasing the number of payloads, Gootloader has been seen distributing them across ...