A supply chain attack was recently confirmed in Codecov and would have hit multiple companies. One of the organizations impacted by this incident is Monday.com, which provides online workflow management solutions employed by project managers, sales teams, marketing, and other business areas.

Through the filing of U.S. Securities and Exchange Commission (SEC) Form F-1, the company confirmed and gave some details about the incident and the perceived impact: “After an initial investigation, it was confirmed that an unidentified actor accessed a read-only copy of our source code,” the report mentions, however, Monday.com also notes that there is no evidence to indicate that criminals manipulated the source code or any other recourse of the affected company.

Monday.com also ensures that your customers’ information has not been exposed by these incidents. Before submitting the report to the SEC, the company stated that detecting the incident eliminated Codecov’s access to its environment and suspended the use of these solutions.

Unfortunately, Monday.com is not the only company affected by the incident in Codecov, which would have gone unnoticed for up to two months and of which its actual scopes are unknown. U.S. cybersecurity firm Rapid7 revealed that some of its source code repositories and credentials were compromised by this incident; on the other hand, the HashiCorp firm revealed that its GPG private key was compromised by the attack.

Other affected companies include cloud services firms Twilio and Confluent, as well as the Coalition insurer. Since then, multiple Codecov customers have had to implement multiple security mechanisms to prevent threat actors from abusing existing security weaknesses.

Due to the similarities of this incident to the supply chain attack on SolarWinds, the attack on Codecov is being investigated by the Federal Bureau of Investigation (FBI). For the time being, Codecov continues to send notifications to affected customers, even revealing a list of compromise indicators for identifying potential security risks.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Supply chain attack in Codecov generates leaking of the Monday.com source code appeared first on Information Security Newspaper | Hacking News.

You May Also Like

‘How would I feel if that was posted in Times Square?’ Lawyers warn to watch what you say about breaches

View of Jumbotrons in Times Square. One lawyer warned of the legal…

Hackers encrypt the vaccination certificates of the Brazilian population with ransomware

A hacking group calling itself Lapsus$ Group claims to have encrypted with…

Lessons learned from the ANPR data leak that shook Britain

On April 28, 2020, The Register reported the massive Automatic Number-Plate Recognition…

Hackers attack real estate authorities’ systems to obtain illegal permissions

A complex cyberattack campaign against the Kenyan government led to improper approval…