Another significant software supply chain hack: Codecov Bash Uploader breach went undetected for four months as attackers stole credentials, tokens and keys from orgs around the world Tweet added by Ryan Naraine @ryanaraine

Ryan Naraine

3 years

Another significant software supply chain hack: Codecov Bash Uploader breach went undetected for four months as attackers stole credentials, tokens and keys from orgs around the world

Codecov Bash Uploader Dev Tool Compromised in Supply Chain Hack

www.securityweek.com

4

80

124

Costin Raiu

@craiu

3 years

@ryanaraine Why is this even a justification for not sharing iocs of such a significant compromise?

0

2

27

Will Dormann

@wdormann

3 years

@ryanaraine "The actor gained access because of an error in Codecov’s Docker image creation process that allowed the actor to extract the credential required to modify our Bash Uploader script" What's the translation of this statement? "We leaked credentials in published code" ?

0

4

25

Nate Dunning

@natedunning

3 years

@ryanaraine It is major. But ita only 2.5 months

0

James 'Iv0ryW0lf' Boyd

@Iv0ryw0lfP

3 years

@ryanaraine

0

Replies