Mastodawn

North Korean hackers are taking stealth to a new level: embedding malware into blockchain smart contracts and tricking devs with fake job interviews. Are we ready for a world where your next code review could be a trap?

https://thedefendopsdiaries.com/north-korean-hackers-leverage-etherhiding-malware-distribution-via-blockchain-smart-contracts/

#etherhiding
#northkoreanhackers
#blockchainsecurity
#malwaredistribution
#smartcontracts
#cyberthreats
#socialengineering
#infosec

🛡 [email protected]/:~#

Apr 23, 2024

GitLab Vulnerability to GitHub-Style CDN Flaw Allowing Malware Hosting

Date: April 22, 2024
CVE: Not specifically assigned
Vulnerability Type: Authentication bypass
CWE: [[CWE-22]], [[CWE-427]]
Sources: Bleeping Computer Article, Duo Security Article

Issue Summary

GitLab has been identified as vulnerable to a similar flaw that was found in GitHub, where the platform's "comments" feature can be abused to host malware. This vulnerability allows threat actors to upload malicious files to GitLab's CDN under the guise of legitimate projects, making them appear as if they are part of reputable repositories.

Technical Key findings

The flaw stems from the ability to generate links to uploaded files in the comment section before saving or posting the comment. These files, although potentially never visible in a public comment, receive a CDN URL that remains accessible even if the comment is deleted.

The format followed by such files uploaded to GitLab CDN is:
_https://gitlab.com/{project_group_namr}/{repo_name}/uploads/{file_id}/{file_name}_
For videos and images, the files will be stored under the /assets/ path instead.

Vulnerable products

The vulnerability affects all versions of GitLab that include the "comments" feature with file upload capabilities.

Impact assessment

This vulnerability can be exploited to distribute malware by disguising malicious files as legitimate project files, potentially leading to widespread security breaches if these files are executed by unsuspecting users.

Patches or workaround

As of the latest updates, specific patches for this CDN flaw have not been detailed. Users are advised to remain vigilant about files downloaded from repository-related URLs and verify their authenticity.

Tags

#GitLab #CDNFlaw #MalwareDistribution #AuthenticationBypass #SecurityVulnerability

GitLab affected by GitHub-style CDN flaw allowing malware hosting

BleepingComputer recently reported how a GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with Microsoft repositories, making the files appear trustworthy. It turns out, GitLab is also affected by this issue and could be abused in a similar fashion.

BleepingComputer

ITSEC News Dec 3, 2019

Supply Chain Account Takeover: How Criminals Exploit Third-Party Access - It’s important for businesses of all sizes to not only view their suppliers’ attack surface as the... more: https://threatpost.com/supply-chain-account-takeover-how-criminals-exploit-third-party-access/150700/ #supplychainaccounttakeover #third-partyrelationships #malwaredistribution #vulnerabilities #cloudsecurity #websecurity #datatheft #malware #breach #iot

Supply Chain Account Takeover: How Criminals Exploit Third-Party Access

It’s important for businesses of all sizes to not only view their suppliers’ attack surface as their own but also extend some of their security protections.

Threatpost - English - Global - threatpost.com