Will the CodeCov breach become the next big software supply chain hack? scmagazine.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from scmagazine.com Daily Mail and Mail on Sunday newspapers.
GovInfoSecurity
Compliance
DougOlenick) • April 16, 2021 Get Permission
Codecov, a company that tests software code prior to release, has notified customers that attackers had access to its network for a month and placed malware in one of its systems, which may have led to the exfiltration of customers information.
The company says it learned from a customer on April 1 that attackers had gained access to its Docker image creation process and extracted the credentials needed to access and modify the company s Bash Uploader and other internal systems. An investigation determined the attackers routinely accessed the company s network for about a month. Our investigation has determined that beginning Jan. 31, 2021, there were periodic, unauthorized alterations of our Bash Uploader script by a third party, which enabled them to potentially export information stored in our users continuous integr
Bash Uploader Security Update
Note: If you are in the affected user group, at 6 am PT, Thursday, April 15th, we emailed your email address on file from GitHub / GitLab / Bitbucket and added a notification banner in the Codecov application after you log in. About the Event
Codecov takes the security of its systems and data very seriously and we have implemented numerous safeguards to protect you. On Thursday, April 1, 2021, we learned that someone had gained unauthorized access to our Bash Uploader script and modified it without our permission. The actor gained access because of an error in Codecov’s Docker image creation process that allowed the actor to extract the credential required to modify our Bash Uploader script.