Codecov discloses 2.5-month-long supply chain attack
Codecov, a software company that provides code testing and code statistics solutions, disclosed on Thursday a major security breach after a threat actor managed to breach its platform and add a credentials harvester to one of its tools. The impacted product is named Bash Uploader and allows Codecov customers to submit code coverage reports to the company’s platform for analysis. Codecov said the breach occurred “because of an error in Codecov’s Docker image creation process that allowed the actor to extract the credential required to modify our Bash Uploader script.” The breach is already drawing comparisons to SolarWinds due to the potential for follow-on effects at companies who use Codecov as a supplier.
(The Record and Reuters)
BazarLoader malware aims at Slack and BaseCamp users
Phishing campaigns are being aimed at employees of large organizations and claim to contain important information relating to payroll, contracts, invoices, customer service inquiries, subscription management or even dismissal. The messages include links pointing to Slack or BaseCamp cloud storage, which raise less suspicion. Most of the links point to an executable with an Adobe PDF icon, with filenames such as presentation-document.exe, preview-document-[number].exe, or annualreport.exe. In some cases threat actors have also contacted the victims via phone. Researchers believe the campaigns, which inject a BazarLoader malware are associated with TrickBot operators.
Windows 10 update causing DNS and shared folder issues
Some Windows 10 users have experienced issues with DNS resolution after installing the latest Windows 10 cumulative updates released during the April Patch Tuesday. The Windows 10 KB5001330 and KB5001337 cumulative updates were intended to fix various security vulnerabilities, but corporate users have reported issues with DNS resolution that prevent access to shared folders on servers when trying to access them by the server’s name. To access shared folders again, admins had to uninstall the cumulative update, which is not a good solution as it removes security fixes.
Security bug allows attackers to brick Kubernetes clusters
The bug (CVE-2021-20291) affects the Go library called “containers/storage.” According to Aviv Sasson, the security researcher at Palo Alto’s Unit 42 team who found the flaw, it can be triggered by placing a malicious image inside a registry; the DoS condition is created when that image is pulled from the registry by an unsuspecting user. “Through this vulnerability, malicious actors could jeopardize any containerized infrastructure that relies on these vulnerable container engines, including Kubernetes and OpenShift,” Sasson said in a posting last Wednesday.
Thanks to our episode sponsor, Palo Alto Networks
Major BGP leak disrupts thousands of networks globally
A large Border Gateway Protocol (BGP) routing leak that occurred on April 16 disrupted the connectivity for thousands of major networks and websites around the world. Although it happened in Vodafone’s autonomous network based in India, it impacted several U.S. companies, including Google. Although lasting for just 10 minutes, BGP leaks are serious occurrences as they can lead to users being moved to an internet route with suboptimal performance or piracy activities such as eavesdropping and traffic analysis.
Twitter suffers erratic worldwide weekend outage
If you found it difficult to log into or post to Twitter this past weekend, you’re not alone. Users around the world on Friday and Saturday morning received error messages saying “something went wrong.” Twitter’s team said it was investigating a “possible system irregularity.” The problems continued into Saturday morning, and affected users in more than 40 countries, including the US, and parts of Europe and Asia. As of Sunday there had been no official account from Twitter as to the cause of the outage.
FireEye: More than 1,900 distinct hacking groups are active today
A new report from cybersecurity firm FireEye says that these groups are responsible for developing more than 500 new malware families during the past year. 19% of malware tools were publicly available, while 81% were tools either privately developed or restricted to tightly controlled circles. Three of 2020’s top five most encountered malware strains were not actually malware per se but legitimate offensive security tools developed by the cybersecurity community, specifically Beacon, Empire, and Metasploit, which have been adopted in recent years by threat actors and are now seeing widespread usage and abuse.
Two document transit milestones: a PDF passing and an FTP birthday
This past weekend marked the passing of Charles Geschke, co-founder of Adobe and inventor of the PDF electronic document. After leaving the Xerox Palo Alto Research Center in 1982, he and John Warnock founded Adobe and were responsible for products such as PostScript, Acrobat, and PhotoShop among others. They were both recipients of the National Medal of Technology in 2008, awarded by President Barack Obama. Mr Geshke’s passing, on April 16, occurs, to the day, on the 50th anniversary of the development of FTP, file transfer protocol – April 16, 1971 – the brainchild of Indian computer scientist Abhay K. Bhushan which in addition to still being in use today (despite having been dropped by Google Chrome and FireFox last January), laid the foundations for the vital protocols of the internet: TCP/IP, HTTP, and SMTP.