It’s always good to have your radar up on April Fool’s Day, constantly on the lookout for potential pranks or tomfoolery. For one company, what they discovered on April 1 was far from a joke.
Yesterday, software company Codecov, which sells a tool that lets developers measure the testing coverage of their codebase, disclosed that it suffered a breach. In particular, the attackers exploited a bug in the company’s Docker image creation process to gain access to a Bash Uploader script designed to map out development environments and report back to the company. This small modification quietly called out for user credentials that could have been used to access and exfiltrate data from their users’ continuous integration environment.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.