HomeTech PlusTECH & OTHER NEWSRapid7 source code, alert data accessed in Codecov supply chain attack

Rapid7 source code, alert data accessed in Codecov supply chain attack

Rapid7 has disclosed the compromise of customer data and partial source code due to the Codecov supply chain attack. 

On Thursday, the cybersecurity firm said it was one of the victims of the incident, in which an attacker obtained access to the Codecov Bash uploader script. 

The cyberattack against Codecov took place on or around January 31, 2021, and was made public on April 15. The organization, which provides code coverage and testing tools, said that a threat actor tampered with the Bash uploader script, thereby compromising the Codecov-actions uploader for GitHub, Codecov CircleCl Orb, and the Codecov Bitrise Step. 

This enabled attackers to export data contained in user continuous integration (CI) environments. 

Hundreds of clients were potentially impacted, and now, Rapid7 has confirmed that the company was one of them. 

Rapid7 says the Bash uploader was used in a limited fashion as it was only set up on a single CI server used to test and build tooling internally for the Managed Detection and Response (MDR) service. 

As such, the attacker was kept away from product code, but they were able to access a “small subset of source code repositories” for MDR, internal credentials — all of which have now been rotated — and alert-related data for some MDR customers. 

Rapid7 has reached out to customers impacted by the data breach. 

The company pulled in cyberforensics assistance and following an investigation, has concluded that no other corporate systems or production environments were compromised. 

Codecov has since removed the unauthorized actor from its systems and is setting up monitoring and auditing tools to try and prevent another supply chain attack from occurring in the future.

Impacted customers were notified via email addresses on record and through the Codecov app. Codecov recommends that users of the Bash uploaders between January 31, 2021, and April 1, 2021, who did not perform a checksum validation should re-roll their credentials out of caution. 

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0


By ZDNet Source Link

Technology For You
Technology For Youhttps://www.technologyforyou.org
Technology For You - One of the Leading Online TECHNOLOGY NEWS Media providing the Latest & Real-time news on Technology, Cyber Security, Smartphones/Gadgets, Apps, Startups, Careers, Tech Skills, Web Updates, Tech Industry News, Product Reviews and TechKnowledge...etc. Technology For You has always brought technology to the doorstep of the Industry through its exclusive content, updates, and expertise from industry leaders through its Online Tech News Website. Technology For You Provides Advertisers with a strong Digital Platform to reach lakhs of people in India as well as abroad.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

spot_img

CYBER SECURITY NEWS

TECH NEWS

TOP NEWS