Product
GitHub CLI Incorrectly Includes Authorization Header in API Requests
2 rules 1 TTP 3 IOCsGitHub CLI versions 2.92.0 and earlier incorrectly include authorization headers in API requests to TUF repository mirrors and external hosts when using the `gh attestation`, `gh release verify`, and `gh release verify-asset` commands, potentially exposing sensitive tokens.
Azure Blob Storage Permissions Modified for Defense Evasion
2 rules 1 TTPAn adversary may modify Azure Blob Storage permissions to weaken security controls, leading to potential data exposure or loss; this rule detects such modifications by monitoring Azure activity logs for specific operations related to permission changes on blobs.
Abnormally High Number of Cloud Infrastructure API Calls
2 rules 2 TTPsDetection of an abnormally high number of cloud infrastructure API calls, indicating potential malicious activity or misconfiguration in a cloud environment.
Azure Blob Storage Container Access Level Modified
2 rules 3 TTPsThe rule identifies modifications to Azure Blob Storage container access levels, which, if unauthorized, may lead to data exposure and exfiltration.