This Week in Security: The Github Supply Chain Attack, Ransomware Decryption, and Paragon

The first topic covered in this week’s strenghten security chain article is the supply chain attack hidden in a popular Github Action, which can leak secrets.
Researchers at StepSecurity have been covering this, and have a simple search string to use to uncover the compromise.
It’s unclear whether the compromised action was embedded in any other popular actions.
The recommendation is to search recent Github Action logs for any mention of changed-files, and start rotating secrets if present.
The folks at Fenrisk were also thinking about supply chain attacks recently, specifically in how Linux distributions are packaged.
They did find a quartet of issues in Fedora’s Pagure web application, the most severe of which is an argument injection in the logging function, allowing for arbitrary file write.
This article also covers Breaking Ransomware Encryption, Yohanes Nugroho’s process of decrypting encrypted files from the Akira ransomware Linux ESXi variant using a bunch of GPUs, and Github and Ruby-SAML — The Rest of the Story, Github’s discovery of the multiple parser problem in Ruby-SAML, leading to authentication bypass.

Fast Feed