By Juha Saarinen on Apr 20, 2021 12:14PM
Scores of projects potentially affected by supply chain attack.
A malicious alteration to a shell script lay undetected since January this year at software testing coverage report provider Codecov, sparking fears of another significant supply chain attack.
Forensic analysis shows that an unknown threat actor exploited an error in Codecov s Docker container image creation process, and gained access to the credential that allowed the modification to the company s Bash Uploader script.
Codecov said a Google Cloud Storage key was accessed starting January 31 this year, and not secured until April 1 US time.
The script is normally used to upload coverage reports to Codecov, but it was altered to transmit the UNIX shell environment, which can be used to store variables.
Web Software Engineer III - Memphis, Tennessee - qZpeN0MtpHbQQBbjgcn0jrS40KxhyB
latpro.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from latpro.com Daily Mail and Mail on Sunday newspapers.
Engineer II - Web Software - Memphis, Tennessee - TiRdeYCwpIqoakvoQgUUOy13Zhyr5V
latpro.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from latpro.com Daily Mail and Mail on Sunday newspapers.