This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- FBI Says State Actors Hacked US Govt Network With Pulse VPN Flaw
January 17, 2020
FBI said in a flash security alert that nation-state actors have breached the networks of a US municipal government and a US financial entity by exploiting a critical vulnerability affecting Pulse Secure VPN servers. The US Cybersecurity and Infrastructure Security Agency (CISA) previously alerted organizations on January 10 to patch their Pulse Secure VPN servers against ongoing attacks trying to exploit the ...
- New JhoneRAT Malware Targets Middle East
January 17, 2020
Researchers are warning of a new remote access trojan (RAT), dubbed JhoneRAT, which is being distributed as part of an active campaign, ongoing since November 2019, that targets victims in the Middle East. Once downloaded, the RAT gathers information on the victims’ computers and is also able to download additional payloads. Evidence shows that the attackers behind JhoneRAT ...
- Microsoft Releases Advisory on Zero-Day Vulnerability CVE-2020-0674, Workaround Provided
January 17, 2020
On January 17, Microsoft published an advisory (ADV200001) warning users about CVE-2020-0674, a remote code execution (RCE) vulnerability involving Microsoft’s Internet Explorer (IE) web browser. A patch has not yet been released as of the time of writing — however, Microsoft has acknowledged that it is aware of limited targeted attacks exploiting the flaw. All ...
- Mobile Banking Trojan FakeToken Resurfaces, Sends Offensive Messages Overseas from Victims’ Accounts
January 16, 2020
Researchers recently discovered an updated version of mobile banking trojan FakeToken after detecting around 5,000 smartphones sending offensive text messages overseas. They noted the unusual development this malware has taken, compared to its previously reported update that disguised itself as a ride-hailing app capable of stealing personally identifiable information (PII) as well as its expanded ransomware capabilities. However, ...
- Cyber-security breaches at 67 percent of healthcare organisations last year
January 16, 2020
A survey has found that a large portion of healthcare organisations in the UK experienced cyber-security incidents last year, which were mostly due to employees sharing data. According to new research, in the last 12 months, 67 percent of healthcare organisations in the UK suffered a cyber-security incident. The data was compiled by Clearswift, which surveyed senior business decision makers ...
- Satan Ransomware Reborn to Torment Businesses
January 16, 2020
A ransomware with the un-snappy moniker of “5ss5c” has emerged on the scene and appears to be in active development. According to independent researcher Bart Blaze, the malware is the successor to the Satan ransomware, and its authors are still experimenting with focused targeting (China, for now) and features. Blaze said in a blog posted Tuesday that 5ss5c and ...