Hackers behind Codecov gained access to Monday.com source code

Monday.com recently exposed the influence of the Codecov supply chain attack that affected several companies.

Monday.com is an online workflow management manifesto used by project managers, sales and CRM professionals, marketing teams, and various other systemized departments.

Consumers of the manifesto include prominent names like Uber, BBC Studios, Adobe Applications, Universal, Hulu, L’Oreal, Coca-Cola and Unilever.

BleepingComputer reported last month that the admired code hedging tool Codecov was the victim of a supply chain attack that lasted two months.

During this two month period, the threat actors had modified the legitimate Codecov Bash Uploader tool to remove environment variables (containing very sensitive information such as keys, tokens and credentials) CI / CD environments of the Codecov client.

Using credentials gathered from the tinker Bash Uploader, Codecov attackers allegedly violated hundreds of customer networks.

Codecov consumer Monday.com recently announced that he is affected by Codecov’s supply chain assault.

After their investigation into the Codecov violation, Monday.com discovered that unauthorized actors had gained access to a read-only copy of their source code.

Regardless, the company claims, to date, that there is no evidence that the source code was tinkered with by attackers, or that any of its products are influenced.

In addition, the attacker accessed a file containing a list of certain URLs pointing to publicly served consumer forms and organized views on our platform and we approached affected consumers to explain how to recreate those URLs, the said. society.

At this time, there is also no indication that Monday.com consumer data was influenced by the incident, although the company continues to investigate.

Antecedent to the disclosure made in the SEC filing this week, Monday.com previously said that following the Codecov incident, they exfiltrated Codecov’s access to their surroundings and stopped continuing to use the Codecovs. services.

Learning from this issue, we took immediate mitigating actions including revoking access to Codecov, ceasing to continue using Codecov services, key rotation for all production and release environments. development of monday.com and obtaining cutting-edge expertise in cybersecurity forensics to aid us in our investigation. , the Monday.com security team blog said last week.


Source link

About Scott Bridges

Check Also

Billions of dollars were spent on Chevron by Berkshire Hathaway

Starting a business can be a daunting task. There is so much to do and …

Leave a Reply

Your email address will not be published.