Travis CI | Breaking Cybersecurity News | The Hacker News

An unpatched security issue in the Travis CI API has left tens of thousands of developers' user tokens exposed to potential attacks, effectively allowing threat actors to breach cloud infrastructures, make unauthorized code changes, and initiate supply chain attacks. "More than 770 million logs of free tier users are available, from which you can easily extract tokens, secrets, and other credentials associated with popular cloud service providers such as GitHub, AWS, and Docker Hub," researchers from cloud security firm Aqua  said  in a Monday report. Travis CI is a  continuous integration  service used to build and test software projects hosted on cloud repository platforms such as GitHub and Bitbucket. The issue, previously reported in 2015 and  2019 , is rooted in the fact that the  API  permits access to historical logs in cleartext format, enabling a malicious party to even "fetch the logs that were previously unavailable via the API." The logs go all

Cloud-based code hosting platform GitHub described the recent  attack campaign  involving the abuse of OAuth access tokens issued to Heroku and Travis CI as "highly targeted" in nature. "This pattern of behavior suggests the attacker was only listing organizations in order to identify accounts to selectively target for listing and downloading private repositories," GitHub's Mike Hanley  said  in an updated post. The  security incident , which it discovered on April 12, related to an unidentified attacker leveraging stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis CI, to download data from dozens of organizations, including NPM. The Microsoft-owned company said last week that it's in the process of sending a final set of notifications to GitHub customers who had either the Heroku or Travis CI OAuth app integrations authorized in their accounts. According to a detailed step-by-step analysis carried out by GitHub, th

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.

GitHub on Monday noted that it had notified all victims of an attack campaign, which involved an unauthorized party downloading private repository contents by taking advantage of third-party OAuth user tokens maintained by Heroku and Travis CI. "Customers should also continue to monitor Heroku and Travis CI for updates on their own investigations into the affected OAuth applications," the company  said  in an updated post. The  incident  originally came to light on April 12 when GitHub uncovered signs that a malicious actor had leveraged the stolen OAuth user tokens issued to Heroku and Travis CI to download data from dozens of organizations, including NPM. The Microsoft-owned platform also said that it will alert customers promptly should the ongoing investigation identify additional victims. Furthermore, it cautioned that the adversary may also be digging into the repositories for secrets that could be used in other attacks. Heroku, which has pulled support for GitHub

Continuous integration vendor Travis CI has patched a serious security flaw that exposed API keys, access tokens, and credentials, potentially putting organizations that use public source code repositories at risk of further attacks. The issue — tracked as  CVE-2021-41077  — concerns unauthorized access and plunder of secret environment data associated with a public open-source project during the software build process. The problem is said to have lasted during an eight-day window between September 3 and September 10. Felix Lange of Ethereum has been credited with discovering the leakage on September 7, with the company's Péter Szilágyi  pointing out  that "anyone could exfiltrate these and gain lateral movement into 1000s of [organizations]." Travis CI is a hosted CI/CD (short for continuous integration and continuous deployment) solution used to build and test software projects hosted on source code repository systems like GitHub and Bitbucket. "The desired b