https://community.isc2.org/t5/Threats/GitHub-Attack-Vector-Cracks-Open-Google-Microsoft-AWS-Projects/m-p/73249#M1355 <P>Hi All</P><P>&nbsp;</P><P>Cloud services and thus millions of end users who access them could have been affected by the poisoning of artifacts in the development workflow of open source projects.</P><P>&nbsp;</P><P class=""><SPAN class="">Researchers have uncovered an attack vector that affected </SPAN><SPAN class=""><A class="" href="https://www.darkreading.com/application-security/github-repos-targeted-in-cyber-extortion-attacks" target="_self">GitHub open source projects</A></SPAN><SPAN class=""> owned by Google, Microsoft, Amazon Web Services, and others, executed by abusing artifacts generated as part of software-development workflows.</SPAN></P><P class=""><SPAN class="">Researchers at Palo Alto Networks' Unit 42 discovered the attack, which was effective against "high-profile open source projects owned by the biggest companies in the world," according to </SPAN><SPAN class=""><A class="" href="https://unit42.paloaltonetworks.com/github-repo-artifacts-leak-tokens/" target="_blank" rel="noopener">a blog post</A></SPAN><SPAN class=""> published by lead researcher Yaron Avital yesterday. Compromise of those projects, then, "could have led to a potential impact on millions of their consumers."</SPAN></P><P class="">&nbsp;</P><P class=""><SPAN class=""><A href="https://www.darkreading.com/cloud-security/github-attack-vector-google-microsoft-aws-projects" target="_blank" rel="noopener">https://www.darkreading.com/cloud-security/github-attack-vector-google-microsoft-aws-projects</A></SPAN></P><P class="">&nbsp;</P><P class=""><SPAN class="">Regards</SPAN></P><P class="">&nbsp;</P><P class=""><SPAN class="">Caute_Cautim</SPAN></P><P class="">&nbsp;</P><P class="">&nbsp;</P> Mon, 19 Aug 2024 21:09:29 GMT Caute_cautim 2024-08-19T21:09:29Z https://community.isc2.org/t5/Threats/GitHub-Attack-Vector-Cracks-Open-Google-Microsoft-AWS-Projects/m-p/73249#M1355 <P>Hi All</P><P>&nbsp;</P><P>Cloud services and thus millions of end users who access them could have been affected by the poisoning of artifacts in the development workflow of open source projects.</P><P>&nbsp;</P><P class=""><SPAN class="">Researchers have uncovered an attack vector that affected </SPAN><SPAN class=""><A class="" href="https://www.darkreading.com/application-security/github-repos-targeted-in-cyber-extortion-attacks" target="_self">GitHub open source projects</A></SPAN><SPAN class=""> owned by Google, Microsoft, Amazon Web Services, and others, executed by abusing artifacts generated as part of software-development workflows.</SPAN></P><P class=""><SPAN class="">Researchers at Palo Alto Networks' Unit 42 discovered the attack, which was effective against "high-profile open source projects owned by the biggest companies in the world," according to </SPAN><SPAN class=""><A class="" href="https://unit42.paloaltonetworks.com/github-repo-artifacts-leak-tokens/" target="_blank" rel="noopener">a blog post</A></SPAN><SPAN class=""> published by lead researcher Yaron Avital yesterday. Compromise of those projects, then, "could have led to a potential impact on millions of their consumers."</SPAN></P><P class="">&nbsp;</P><P class=""><SPAN class=""><A href="https://www.darkreading.com/cloud-security/github-attack-vector-google-microsoft-aws-projects" target="_blank" rel="noopener">https://www.darkreading.com/cloud-security/github-attack-vector-google-microsoft-aws-projects</A></SPAN></P><P class="">&nbsp;</P><P class=""><SPAN class="">Regards</SPAN></P><P class="">&nbsp;</P><P class=""><SPAN class="">Caute_Cautim</SPAN></P><P class="">&nbsp;</P><P class="">&nbsp;</P> Mon, 19 Aug 2024 21:09:29 GMT https://community.isc2.org/t5/Threats/GitHub-Attack-Vector-Cracks-Open-Google-Microsoft-AWS-Projects/m-p/73249#M1355 Caute_cautim 2024-08-19T21:09:29Z