Trivy Supply Chain Attack Targets CI/CD Secrets

After hacking Trivy, a popular cloud security scanning tool, a threat actor is systematically going after cloud credentials, SSH keys, authentication tokens, and other sensitive secrets that are kept in automated enterprise software build and deployment pipelines. Trivy is a free and open source scanner that companies use to find security holes in code repositories, container images, and infrastructure settings. Many companies have put Trivy deep into their automated CI/CD software development pipelines, which makes it a very attractive target for hackers.

Aqua Security, the main company that keeps the scanner up to date, sells a separate commercial version of Trivy. The company says that this version does not seem to have been affected by the supply chain attack.

Attack on the Supply Chain in Multiple Stages The breach started in February, when the hacker took advantage of a mistake in Trivy's GitHub Action component to steal a token that gave them special access. "Instead of going after one organization, the attackers used tools that are widely trusted to reach a lot of downstream users." Related: GlassWorm Malware Changes to Hide in Dependencies The attack is especially worrisome because it targets a security tool that many businesses use and trust to find weaknesses and keep them safe from attacks. This is the second time in a short amount of time that a security tool or vendor has been involved in an incident. Earlier this month, Outpost24 reported that someone tried to steal the login information of a C-level executive at the company using a complicated seven-step phishing chain.

Even though that attack didn't work, the incident with Trivy and now the one with Trivy show that attackers are becoming more interested in going after vendors and products that most companies trust and give attackers almost full access to their environments. During the exposure windows, Aqua and Trivy told companies that used any affected version of Trivy, trivy-action, or setup-trivy to treat all secrets that those pipelines could access as compromised and change them right away.

Trivy Supply Chain Attack Targets CI/CD Secrets

Trending News

Coruna, DarkSword, and Democratizing Nation-State Exploit Kits

Coruna, DarkSword, and Democratizing Nation-State Exploit Kits

Apple Sends Lock Screen Alerts to Old iPhones About Active Web-Based Exploits

Apple Sends Lock Screen Alerts to Old iPhones About Active Web-Based Exploits

Wartime Usage of Compromised IP Cameras Highlight Their Danger

Wartime Usage of Compromised IP Cameras Highlight Their Danger

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

Hackers use phishing ZIP files to send PXA Stealer to steal money from banks and other financial institutions.

Hackers use phishing ZIP files to send PXA Stealer to steal money from banks and other financial institutions.

China improves the backdoor it uses to spy on telecom companies around the world.

China improves the backdoor it uses to spy on telecom companies around the world.

Telnyx PyPI Package With 742,000 downloads Compromised in TeamPCP Supply Chain Attack

Telnyx PyPI Package With 742,000 downloads Compromised in TeamPCP Supply Chain Attack

Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks

Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks

Attacks on infrastructure that have physical effects are down 25%.

Attacks on infrastructure that have physical effects are down 25%.

How mistakes can help businesses improve their security programs

How mistakes can help businesses improve their security programs