This allowed TeamPCP to focus on quite a lot of helpful data together with AWS, GCP, Azure cloud credentials, Kubernetes tokens, Docker registry credentials, database passwords, TLS non-public keys, SSH keys, and cryptocurrency pockets recordsdata, in keeping with security researchers at Palo Alto Networks. In impact, the attackers had turned a software used to search out cloud vulnerabilities and misconfigurations right into a yawning vulnerability of its personal.
CERT-EU suggested organizations affected by the Trivy compromise to instantly replace to a recognized protected model, rotate all AWS and different credentials, audit Trivy variations in CI/CD pipelines, and most significantly guarantee GitHub Actions are tied to immutable SHA-1 hashes fairly than mutable tags.
It additionally advisable in search of indicators of compromise (IoCs) similar to uncommon Cloudflare tunnelling exercise or visitors spikes which may point out information exfiltration.
