Codecov Releases New Detections for Supply Chain Compromise

Original release date: April 30, 2021

CISA is aware of a compromise of the Codecov software supply chain in which a malicious threat actor made unauthorized alterations of Codecov’s Bash Uploader script, beginning on January 31, 2021. Upon discovering the compromise on April 1, 2021, Codecov immediately remediated the affected script. On April 15, 2021, Codecov notified customers of the compromise and on April 29, 2021, Codecov released an update containing new detections—including indicators of compromise (IOCs) and a non-exhaustive data set of likely compromised environment variables—to assist organizations in determining whether they have been affected.

CISA urges all Codecov users to review the Codecov update and:

  • Search for the IOCs provided.
  • Log in to Codecov to see any additional information specific to their organization and repositories. 

Affected users should immediately implement the guidance in the Recommended Actions for Affected Users and FAQ sections of Codecov’s update. CISA recommends giving special attention to Codecov’s guidance on changing (“re-rolling”) potentially affected credentials, tokens, and keys. CISA also recommends revoking and reissuing any potentially affected certificates.

This product is provided subject to this Notification and this Privacy & Use policy.

Codecov Releases New Detections for Supply Chain Compromise

Original release date: April 30, 2021

CISA is aware of a compromise of the Codecov software supply chain in which a malicious threat actor made unauthorized alterations of Codecov’s Bash Uploader script, beginning on January 31, 2021. Upon discovering the compromise on April 1, 2021, Codecov immediately remediated the affected script. On April 15, 2021, Codecov notified customers of the compromise and on April 29, 2021, Codecov released an update containing new detections—including indicators of compromise (IOCs) and a non-exhaustive data set of likely compromised environment variables—to assist organizations in determining whether they have been affected.

CISA urges all Codecov users to review the Codecov update and:

  • Search for the IOCs provided.
  • Log in to Codecov to see any additional information specific to their organization and repositories. 

Affected users should immediately implement the guidance in the Recommended Actions for Affected Users and FAQ sections of Codecov’s update. CISA recommends giving special attention to Codecov’s guidance on changing (“re-rolling”) potentially affected credentials, tokens, and keys. CISA also recommends revoking and reissuing any potentially affected certificates.

This product is provided subject to this Notification and this Privacy & Use policy.

Samba Releases Security Updates

Original release date: April 30, 2021

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Samba Security Announcements for CVE-2021-20254 and apply the necessary updates and workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.

Samba Releases Security Updates

Original release date: April 30, 2021

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Samba Security Announcements for CVE-2021-20254 and apply the necessary updates and workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.