“Major companies reeling from supply-chain breach exposing sensitive data”

23,000 organizations impacted by open-source supply-chain attack as attackers compromise software with credential-stealing code. Open-source security expert warns of potential risks.

“

A recent cyber attack has shaken the online world as over 23,000 organizations, including large enterprises, fell victim to compromised open-source software. The breach occurred when unauthorized individuals gained access to a maintainer account, injecting credential-stealing code into a widely used package known as tj-actions/changed-files. This package is a crucial component of tj-actions, a collection of files essential for numerous organizations utilizing Github Actions to streamline software development.

The malicious actors targeted the source code of tj-actions/changed-files, altering the tags used to identify specific code versions. These tags redirected to a file that clandestinely extracted server memory, hunting for sensitive credentials, and logging them for exploitation. Consequently, many repositories utilizing tj-actions inadvertently exposed their confidential information for any prying eyes to see.

“The concerning aspect of these actions lies in their ability to manipulate the repository’s source code and access sensitive variables linked to a workflow,” commented HD Moore, the founder and CEO of runZero and an esteemed open-source security expert. “A cautious approach involves inspecting all source code, followed by securing a specific commit hash instead of relying on tags within the workflow, though this poses its own challenges.”

🔗 Source