This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- SORA and UNSTABLE: 2 Mirai Variants Target Video Surveillance Storage Systems
February 5, 2020
Trend Micro researchers encountered two variants of the notorious internet of things (IoT) malware, Mirai, employing a new propagation method. The two variants, namely SORA (detected as IoT.Linux.MIRAI.DLEU) and UNSTABLE (detected as IoT.Linux.MIRAI.DLEV), gain entry through Rasilient PixelStor5000 video surveillance storage systems by exploiting CVE-2020-6756. Mirai is a type of malware that actively searches for IoT devices with vulnerabilities, infects them, and turns ...
- Gamaredon APT Improves Toolset to Target Ukraine Government, Military
February 5, 2020
The Gamaredon advanced persistent threat (APT) group has been supercharging its operations lately, improving its toolset and ramping up attacks on Ukrainian national security targets. Vitali Kremez, head of SentinelLabs, said in research released on Wednesday that he has been tracking an uptick in Gamaredon cyberattacks on Ukrainian military and security institutions that started in December. ...
- Ransomware Attack Hinders Toll Group Operations
February 4, 2020
Australian transportation and logistics giant Toll Group said a ransomware attack is to blame for several key services being debilitated and delivery operations being delayed over the past week. Toll Group, a subsidiary of Japan Post Holdings, is a freight and delivery service company operating across more than 1,200 locations in 50 countries. The company is ...
- Twitter API Abused to Uncover User Identities
February 4, 2020
Twitter said that malicious actors, with potential ties to state-sponsored groups, were abusing a legitimate function on its platform to unmask the identity of users. The social media giant said that on Dec. 24, 2019, it discovered a large network of fake accounts abusing a legitimate API (application programming interface) function on its platform that, when ...
- U.S. Battleground County Website Security Survey
February 3, 2020
Today McAfee released the results of a survey of county websites and county election administration websites in the 13 states projected as battleground states in the 2020 U.S. presidential elections. We found that significant majorities of these websites lacked the official government .GOV website validation and HTTPS website security measures to prevent malicious actors from launching copycat web domains ...
- Only three of the Top 100 international airports pass basic security checks
February 3, 2020
Only three of the world’s Top 100 international airports pass basic security checks, according to a report published last week by cyber-security firm ImmuniWeb. The three are the Amsterdam Schiphol Airport in the Netherlands, the Helsinki Vantaa Airport in Finland, and the Dublin International Airport in Ireland. According to ImmuniWeb, these three “may serve a laudable example not just to the ...