This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- Digitally Signed Bandook Trojan Reemerges in Global Spy Campaign
November 30, 2020
A wave of targeted cyberattack campaigns bent on espionage is cresting around the globe, using a strain of a 13-year old backdoor trojan named Bandook. According to Check Point Research, Bandook was last spotted being used in 2015 and 2017/2018, in the “Operation Manul” and “Dark Caracal” campaigns, respectively. The malware then all but disappeared from ...
- FINRA Alerts Firms to Phishing Email Using Invest-FINRA.org Domain Name
November 30, 2020
FINRA warns member firms of an ongoing phishing campaign that involves fraudulent emails that include the domain “@invest-finra.org”. FINRA recommends that anyone who clicked on any link or image in the email immediately notify the appropriate individuals in their firm of the incident. The domain of “invest-finra.org” is not connected to FINRA and firms should delete ...
- A hacker is selling access to the email accounts of hundreds of C-level executives
November 30, 2020
A threat actor is currently selling passwords for the email accounts of hundreds of C-level executives at companies across the world. The data is being sold on a closed-access underground forum for Russian-speaking hackers named Exploit.in, ZDNet has learned this week. The threat actor is selling email and password combinations for Office 365 and Microsoft accounts, which ...
- This new cyberattack can dupe DNA scientists into creating dangerous viruses and toxins
November 30, 2020
A new form of cyberattack has been developed which highlights the potential future ramifications of digital assaults against the biological research sector. On Monday, academics from the Ben-Gurion University of the Negev described how “unwitting” biologists and scientists could become victims of cyberattacks designed to take biological warfare to another level. At a time where scientists worldwide ...
- Four years after the Dyn DDoS attack, critical DNS dependencies have only gone up
November 30, 2020
In 2016, Dyn, a provider of managed DNS servers, was the victim of a massive DDoS attack that crippled the company’s operations and took down domain-name-resolving operations for more than 175,000 websites. While some sites managed to stay up by activating a redundancy and switching DNS resolving to secondary servers, many websites were not prepared and ...
- IIoT chip maker Advantech hit by ransomware, $12.5 million ransom
November 28, 2020
The Conti ransomware gang hit the systems of industrial automation and Industrial IoT (IIoT) chip maker Advantech and is now demanding a $14 million ransom to decrypt affected systems and to stop leaking stolen company data. Advantech is a global leading manufacturer of IT products and solutions, including embedded PCs, network devices, IoT, servers, and healthcare ...