fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Codecov Hackers Gained Access To Monday.com Source Code

Codecov Hackers Gained Access To Monday.com Source Code

Monday.com has recently disclosed the impact of the Codecov supply-chain attack that affected multiple companies.

Monday.com is an online workflow management platform used by project managers, sales and CRM professionals, marketing teams, and various other organizational departments.

The platform’s customers include prominent names like Uber, BBC Studios, Adobe, Universal, Hulu, L’Oreal, Coca-Cola, and Unilever.

As reported by BleepingComputer last month, popular code coverage tool Codecov had been a victim of a supply-chain attack that lasted for two months.

During this two-month period, threat actors had modified the legitimate Codecov Bash Uploader tool to exfiltrate environment variables (containing sensitive information such as keys, tokens, and credentials) from Codecov customers’ CI/CD environments.

Using the credentials harvested from the tampered Bash Uploader, Codecov attackers reportedly breached hundreds of customer networks.

Monday.com source code accessed in Codecov attack

Codecov customer Monday.com has recently announced that it was impacted by the Codecov supply-chain attack.

In an F-1 form filed this week with the U.S. Securities and Exchange Commission (SEC) for Monday.com’s proposed Initial Public Offering (IPO), the company shared details on the extent of the Codecov breach.

After their investigation into the Codecov breach, Monday.com found that unauthorized actors had gained access to a read-only copy of their source code.

Also Read: PDPA Singapore Guidelines: 16 Key Concepts For Your Business

However, the company states, to this date, there is no evidence that the source code was tampered with by the attackers, or that any of its products are impacted.

Additionally, “the attacker did access a file containing a list of certain URLs pointing to publicly broadcasted customer forms and views hosted on our platform and we have contacted the relevant customers to inform them how to regenerate these URLs,” states the company.

At this time, there is also no indication that Monday.com customers’ data was affected by this incident, although the company continues to investigate.

Prior to the disclosure made in the SEC filing this week, Monday.com had previously stated that following the Codecov incident, they removed Codecov’s access to their environment and discontinued the service’s use altogether:

“Upon learning of this issue, we took immediate mitigation steps, including revoking Codecov access, discontinuing our use of Codecov’s service, rotating keys for all of monday.com’s production and development environments, and retaining leading cybersecurity forensic experts to assist with our investigation,” said Monday.com’s security team in last week’s blog post.

Monday.com one of the many victims of the Codecov breach

Monday.com is not the first or the only company to be impacted by the Codecov supply-chain attack.

Although the Codecov attack went undetected for two months, the full extent of the attack continues to unfold even after its discovery.

Codecov incident timeline 18-May-2021
Codecov incident timeline updated 18-May-2021(BleepingComputer)

As reported by BleepingComputer this week, US cybersecurity firm Rapid7 disclosed that some of their source code repositories and credentials were accessed by Codecov attackers.

Last month, HashiCorp had announced that their GPG private key had been exposed in the attack.

This key had been used for signing and verifying software releases, and therefore had to be rotated.

Cloud communications platform Twilio, cloud services provider Confluent, and insurance company Coalition had also reported that Codecov attackers accessed their private repositories.

Since then, several other Codecov clients have had to rotate their credentials. Whether or not they have been impacted, and in what capacity, remains a mystery.

Prior to the breach having been spotted by Codecov, the Bash Uploader was in use by thousands of open-source projects:

codecov clients
Thousands of repositories using Codecov Bash Uploader
Source: grep.app

Because the Codecov breach has drawn comparisons to the SolarWinds supply-chain attack, U.S. federal investigators have stepped in to investigate its full impact.

Also Read: Data Protection Officer Singapore | 10 FAQs

“As of the date of this prospectus, we found no evidence of any unauthorized modifications to our source code nor any impact on our products,” says Monday.com, while adding the fine print in the SEC filing: 

“However, the discovery of new or different information regarding the Codecov cyberattack, including with respect to its scope and any potential impact on our IT environment, including regarding the loss, inadvertent disclosure or unapproved dissemination of proprietary information or sensitive or confidential data about us or our customers, or vulnerabilities in our source code, could result in litigation and potential liability for us, damage our brand and reputation, negatively impact our sales or otherwise harm our business. Any claims or investigations may result in our incurring significant external and internal legal and advisory costs, as well as the diversion of management’s attention from the operation of our business.”

Last month, Codecov began sending additional notifications to the impacted customers and disclosed a thorough list of Indicators of Compromise (IOCs), i.e. attacker IP addresses associated with this supply-chain attack.

Codecov users should scan their CI/CD environments and networks for any signs of compromise, and as a safeguard, rotate any and all secrets that may have been exposed.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us