This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- Chinese Breakthrough in Quantum Computing a Warning for Security Teams
December 7, 2020
China’s top quantum-computer researchers have reported that they have achieved quantum supremacy, i.e., the ability to perform tasks a traditional supercomputer cannot. And while it’s a thrilling development, the inevitable rise of quantum computing means security teams are one step closer to facing a threat more formidable than anything before. Researchers from the University of Science ...
- RansomExx Ransomware Gang Dumps Stolen Embraer Data: Report
December 7, 2020
Hackers have dumped sensitive company data that was stolen during a ransomware attack last month on aircraft manufacturer Embraer. The compromised data appeared on a new dark web site created to publish leaked information, according to a published report. The move appears to be a revenge for the Brazilian-based company’s refusal to pay a ransom in ...
- NSA warns of Russian state-sponsored hackers exploiting VMWare vulnerability
December 7, 2020
The US National Security Agency has published a security alert today urging companies to update VMWare products for a vulnerability that is currently exploited by “Russian state-sponsored malicious cyber actors.” The vulnerability tracked as CVE-2020-4006, impacts VMWare endpoint and identity management products, often deployed in enterprise and government networks. The affected products, listed below, allow system administrators ...
- Rana Android Malware Updates Allow WhatsApp, Telegram IM Snooping
December 7, 2020
Researchers have discovered new samples of a previously discovered Android malware, which is believed to be linked to the APT39 Iranian cyberespionage threat group. The new variant comes with new surveillance capabilities – including the ability to snoop on victims’ Skype, Instagram and WhatsApp instant messages. According to U.S. feds, the developers of this malware are ...
- Hacker opens 2,732 PickPoint package lockers across Moscow
December 7, 2020
A mysterious hacker used a cyber-attack to force-open the doors of 2,732 package delivery lockers across Moscow. The attack, which took place on Friday afternoon, December 4, targeted the network of PickPoint, a local delivery service that maintains a network of more than 8,000 package lockers across Moscow and Saint Petersburg. Russians can order products online and ...
- Italian police arrest 2 in defense data theft case
December 6, 2020
Police in Italy have arrested two people in connection with the hacking of Italian aerospace and electronics company Leonardo, the Interior Ministry announced on Saturday. The Leonardo group also has a cybersecurity division that counts NATO among its customers and is involved in making electronic weapons and missiles. The hackers allegedly managed to steal sensitive data ...