GitHub Actions Vulnerable to Typosquatting, Exposing Developers to Hidden Malicious Code

September 6, 2024 at 11:45AM Threat actors use typosquatting to deceive users into accessing malicious sites or downloading compromised software. They exploit typing errors in open-source repositories like PyPI, npm, and GitHub Actions to introduce supply chain attacks. Cloud security firm Orca’s findings reveal the vulnerability of even trusted platforms like GitHub Actions. Users are … Read more

GitHub Actions Artifacts Leak Tokens and Expose Cloud Services and Repositories

August 16, 2024 at 05:51PM GitHub Actions artifacts generated during CI/CD workflows may inadvertently expose tokens for third-party cloud services and GitHub, posing a risk to repositories and services. Palo Alto Networks warns of misconfigurations and security defects allowing threat actors to compromise repositories and steal secrets. Avital suggests proactive security measures to mitigate these … Read more

GitHub Vulnerability ‘ArtiPACKED’ Exposes Repositories to Potential Takeover

August 15, 2024 at 03:21AM A new attack vector named ArtiPACKED exploits GitHub Actions artifacts, potentially compromising repositories and cloud environments. Palo Alto Networks Unit 42 researchers revealed how misconfigurations and security flaws could lead to the leakage of tokens, opening opportunities for malicious actors to compromise services and push rogue code to production. Vulnerable … Read more

GitHub Attack Vector Cracks Open Google, Microsoft, AWS Projects

August 14, 2024 at 01:31PM Researchers discovered an attack exploiting GitHub Actions artifacts, affecting open source projects of major companies like Google, Microsoft, and Amazon. This could have compromised millions of consumers, leaking tokens and allowing malicious actors to push code to production. The findings underscore the need for a holistic security approach and reevaluation … Read more

AWS, Google, and Azure CLI Tools Could Leak Credentials in Build Logs

April 16, 2024 at 10:36AM New cybersecurity research reveals that CLI tools from AWS and Google Cloud can expose sensitive credentials in build logs, posing risks to organizations. Microsoft has addressed the issue, while Amazon and Google consider it expected behavior, advising organizations to avoid storing secrets in environment variables and use dedicated secrets store … Read more

Malicious Visual Studio projects on GitHub push Keyzetsu malware

April 10, 2024 at 10:21AM Threat actors are exploiting GitHub automation features to distribute a variant of the “Keyzetsu” clipboard-hijacking malware via fake repositories named after popular topics. They use GitHub Actions to boost rankings and create fake accounts to add false popularity. The malware, hidden in Visual Studio projects, aims to steal cryptocurrency payments … Read more

TensorFlow CI/CD Flaw Exposed Supply Chain to Poisoning Attacks

January 18, 2024 at 08:03AM Misconfigurations in TensorFlow’s CI/CD system enabled potential supply chain attacks. GitHub-hosted runners are not vulnerable, but self-hosted runners executed without approval, permitting unauthorized code execution. Ephemeral runner security measures were bypassed, allowing for breaches of GitHub repository and PyPI registry integrity. Project maintainers addressed the issues post-disclosure, mitigating the risks. … Read more

GitHub Rotates Credentials in Response to Vulnerability

January 17, 2024 at 08:30AM GitHub rotated credentials and addressed a vulnerability impacting GitHub.com and GitHub Enterprise Server after receiving a vulnerability report. The security defect allowed access to credentials within a production container but had minimal impact. GitHub resolved the flaw and released patches for GitHub Enterprise Server, also rotating the private GitHub GPG … Read more

GitHub Rotates Keys After High-Severity Vulnerability Exposes Credentials

January 17, 2024 at 03:15AM GitHub has responded to a security vulnerability by rotating some keys, including the GitHub commit signing key, GitHub Actions, GitHub Codespaces, and Dependabot customer encryption keys. The vulnerability, CVE-2024-0200, has not been exploited in the wild, but GitHub has addressed it with patches. Another bug, CVE-2024-0507, has also been resolved … Read more

Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD Attack 

January 8, 2024 at 08:36AM Security researchers warn that tens of thousands of public GitHub repositories are vulnerable to malicious code injection via self-hosted GitHub Actions runners, posing high-impact supply chain attack risks. These attacks can be launched using self-hosted runners, allowing malicious code execution and persistence. Exploitation of this vulnerability has led to significant … Read more