Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing

        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing

        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing

        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing

        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training

        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing

        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review

        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention

        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise

        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle

        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

I'VE BEEN BREACHED

Popular Codecov Code Coverage Tool Hacked To Steal Dev Credentials

Popular Codecov Code Coverage Tool Hacked To Steal Dev Credentials

Codecov online platform for hosted code testing reports and statistics announced on Thursday that a threat actor had modified its Bash Uploader script, exposing sensitive information in customers’ continuous integration (CI) environment.

The company learned of the compromise on April 1st but the investigation determined that the first signs of this software supply-chain attack occurred in late January.

Bash Uploader changes started in January

Codecov provides tools that help developers measure how much of the source code executes during testing, a process known as code coverage, which indicates the potential for undetected bugs being present in the code.

It has a customer base of more than 29,000 enterprises, the list counting Atlassian, Washington Post, GoDaddy, Royal Bank of Canada, and Procter & Gamble.

As the name suggests, Bash Uploader is the tool that Codecov customers use to send code coverage reports to the platform. It detects CI-specific settings, collects reports, and uploads the information.

Attackers focused on this data collection instrument starting January 31. They changed the script to deliver the details from customers’ environment to a server outside Codecov’s infrastructure, which is visible on line 525.

The weakness leveraged to gain access was an error in the process of creating Codecov’s Docker image, which allowed extracting credentials protecting the modification of the Bash Uploader script.

Given the information that Bash Uploader collected, Codecov says that the threat actor could have used the malicious version to export the following sensitive data:

  • Any credentials, tokens, or keys that our customers were passing through their CI runner that would be accessible when the Bash Uploader script was executed
  • Any services, datastores, and application code that could be accessed with these credentials, tokens, or keys
  • The git remote information (URL of the origin repository) of repositories using the Bash Uploaders to upload coverage to Codecov in CI

Also Read: The Difference Between GDPR And PDPA Under 10 Key Issues

Because of this potential risk, affected users are strongly recommended to re-roll all credentials, tokens, or keys present in the environment variables in the CI processes that relied on Bash Uploader.

Customers using a local version of the script should check if the attacker’s code added at line 525 exists. If the code below is present, they should replace bash files with Codecov’s latest version of the script.

In the original variant, the script uploads data from the “ENV” variable to Codecov’s platform. After the attacker modified it, Bash Uploader was also sending the details to the address above, an IP from Digital Ocean that was not managed by Codecov.

Codecov learned of the compromise from a customer who noticed that the hash value for the Bash Uploader script on GitHub did not match the one for the downloaded file.

“Based upon the forensic investigation results to date, it appears that there was periodic, unauthorized access to a Google Cloud Storage (GCS) key beginning January 31, 2021, which allowed a malicious third-party to alter a version of our bash uploader script to potentially export information subject to continuous integration (CI) to a third-party server. Codecov secured and remediated the script April 1, 2021”

– Codecov

Immediately after learning of the compromise, the company took steps to mitigate the incident, which included the following:

  • rotating all relevant internal credentials, including the key used to facilitate the modification of the Bash Uploader
  • auditing where and how the key was accessible
  • setting up monitoring and auditing tools to ensure that this kind of unintended change cannot occur to the Bash Uploader again
  • working with the hosting provider of the third-party server to ensure the malicious webserver was properly decommissioned

Codecov says that the incident occurred despite the security policies, procedures, practices, and controls it had set up, and the continuous monitoring of the network and systems for unusual activity.

Also Read: PDPA Compliance Singapore: 10 Ares To Work On

Update [April 19, 2021]: Atlassian contacted BleepingComputer with the following statement:

“We are aware of the claims and we are investigating them. At this moment, we have not found any evidence that we have been impacted nor have identified signs of a compromise”

– Atlassian

h/t Jonathan Leitschuh

0 Comments

Let us help you out.

Grab your free consultation NOW!

Privacy Ninja

Data Protection​

Cybersecurity

Support

Company

Locations

Singapore

7 Temasek Boulevard
#12-07, Suntec Tower One
Singapore 038987

Thailand

The Royal Place 1
2, 2/399 Mahatlek Luang 1 Alley, Lumphini, Pathum Wan, Bangkok 10330, Thailand



email-icon
Facebook Twitter Linkedin Youtube

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
TALK TO US
×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

× Chat with us