Novel CI/CD attack could prompt widespread supply chain compromise

9 January 2024

Significant supply chain compromise could be conducted against major IT and cryptocurrency organizations through a novel continuous integration/continuous delivery attack technique exploiting thousands of public GitHub repositories with malicious code injection issues, SecurityWeek reports. Threat actors could deploy such an attack against repositories with self-hosted runners by leveraging a fork pull request to become a contributor, enabling runner workflow execution without approval and additional code execution, a report by Praetorian security researcher Adnan Khan showed.

Source: SC Magazine

Date:

9 January 2024

Categorie(s):

NEWS

Tag(s):

CI/CD, IT, News, Novel, Vulnerability Management

France willing to buy key Atos assets to keep them French29 April 2024
Voter Registration System Taken Offline in Coffee County Cyber-Incident29 April 2024
Hackers Tool 29 Days from Initial Hack to Sabotage Ransomware Attack29 April 2024
Experts weigh in on Omni Hotel ransomware incident29 April 2024
Commvault debuts on-demand cloud cleanrooms for cyber recovery operations29 April 2024