This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- MITRE releases emulation plan for FIN6 hacking group, more to follow
September 15, 2020
MITRE and cyber-security industry partners have launched a new project that promises to offer free emulation plans that mimic today’s biggest hacking groups in order to help train security teams to defend their networks. Named the Adversary Emulation Library, the project is the work of the MITRE Engenuity’s Center for Threat-Informed Defense. The project, hosted on GitHub, ...
- Windows Exploit Released For Microsoft ‘Zerologon’ Flaw
September 15, 2020
Proof-of-concept (PoC) exploit code has been released for a Windows flaw, which could allow attackers to infiltrate enterprises by gaining administrative privileges, giving them access to companies’ Active Directory domain controllers (DCs). The vulnerability, dubbed “Zerologon,” is a privilege-escalation glitch (CVE-2020-1472) with a CVSS score of 10 out of 10, making it critical in severity. The ...
- QR Codes Serve Up a Menu of Security Concerns
September 15, 2020
Quick Response (QR) codes are booming in popularity and hackers are flocking to exploit the trend. Worse, according to a new study, people are mostly ignorant to how QR codes can be easily abused to launch digital attacks. The reason QR code use is skyrocketing is tied to more brick-and-mortar businesses are forgoing paper brochures, menus ...
- A Blind Spot in ICS Security: The Protocol Gateway [Part 2] Vulnerability Allowing Stealth Attacks on Industrial Control Systems
September 14, 2020
A protocol gateway is a small network device, also called a protocol converter” or “IoT gateway.” It is similar to an “interpreter” in the digital word, and acts as a communications intermediary between different protocols. As the integration of networks accelerates with IoT, protocol conversion grows increasingly important. However, the security of protocol gateways has not ...
- Feds Warn Nation-State Hackers are Actively Exploiting Unpatched Microsoft Exchange, F5, VPN Bugs
September 14, 2020
The U.S. government is warning that Chinese threat actors have successfully compromised several government and private sector entities in recent months, by exploiting vulnerabilities in F5 BIG-IP devices, Citrix and Pulse Secure VPNs and Microsoft Exchange servers. Patches are currently available for all these flaws – and in some cases, have been available for over a ...
- Fairfax County schools hit by Maze ransomware, student data leaked
September 12, 2020
Fairfax County Public Schools (FCPS), the 10th largest school division in the US, was recently hit by ransomware according to an official statement published on Friday evening. The school district is also the largest in the Baltimore-Washington Metropolitan Area and it has a budget of $3.1 billion approved for 2021. FCPS has over 188,000 current students and ...