This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- ICS Attackers Set To Inflict More Damage With Evolving Tactics
October 31, 2019
Future attacks on industrial control system (ICS) networks may inflict even more damage in the long run, according to new research. Analysts expect them to evolve from attacks that have immediate, direct impact to those with multiple stages and attack vectors that are more stealthy. While it remains extraordinarily difficult to mount successful attacks on critical ...
- WhatsApp Spyware Attack: Uncovering NSO Group Activity
October 30, 2019
On the heels of Facebook filing a lawsuit against Israeli company NSO Group — alleging that it was behind the massive WhatsApp hack earlier this year — privacy experts say that the move is “popping the unaccountable bubble” that commercial spyware companies have carved out for themselves. After disclosing the lawsuit,WhatsApp said that cyber security experts at the Citizen Lab, ...
- Xhelper: Persistent Android dropper app infects 45K devices in past 6 months
October 29, 2019
Symantec has observed a surge in detections for a malicious Android application that can hide itself from users, download additional malicious apps, and display advertisements. The app, called Xhelper, is persistent. It is able reinstall itself after users uninstall it and is designed to stay hidden by not appearing on the system’s launcher. The app ...
- Nasty PHP7 remote code execution bug exploited in the wild
October 26, 2019
A recently patched security flaw in modern versions of the PHP programming language is being exploited in the wild to take over servers, ZDNet has learned from threat intelligence firm Bad Packets. The vulnerability is a remote code execution (RCE) in PHP 7, the newer branch of PHP, the most common programming language used to build ...
- The Banking and Finance Industry Under Cybercriminal Siege: An Overview
October 22, 2019
Financial institutions have now taken on an even more active role in the growing information technology (IT) and operational technology (OT) convergence. The need for 24/7-connected smart devices has driven the industry to adapt, especially with the wider adoption of the internet of things (IoT) among businesses and users. Unfortunately, this round-the-clock connection with their respective ...
- Malicious Apps on Alexa or Google Home Can Spy or Steal Passwords
October 22, 2019
Google and Amazon smart speakers can be leveraged to record user conversation or to phish for passwords through malicious voice apps, security researchers warn. Unless the two companies take measures to improve the review process and the restrictions for apps integrating with their smart devices, malicious developers could exploit the weakness to capture audio from users. Called ...