Close this window

Email Announcement Archive

[Users] NERSC Cyber Security Advisory: Codecov Cyber Attack Implications

Author: Rebecca Hartman-Baker <rjhartmanbaker_at_lbl.gov>
Date: 2021-04-22 16:20:19

Dear NERSC Users, Codecov, a code coverage tool that many open-source projects use as part of their software testing processes, was recently compromised in a cyber attack. This is a significant compromise that could impact the HPC user community. The attack enabled the malicious actors to exfiltrate data from users’ continuous integration (CI) environments, including sensitive data such as credentials, tokens, ssh keys, or API keys. The stolen data could be used by attackers to access any services, datastores, and application code and git repositories that could be accessed with these stolen credentials, tokens, or keys. If you or your project uses Codecov, you should immediately expire/reset any tokens or keys used by Codecov, contained in your CI environment or git repository, or located in local source code. This includes tokens and keys used during CI from GitLab, GitHub, BitBucket, AWS, or any other service, as well as any credentials used as part of your continuous integration pipeline (e.g., database logins). If you have any questions about actions you should take to protect your NERSC accounts and projects, please submit a ticket at https://help.nersc.gov. -- Rebecca Hartman-Baker, Ph.D User Engagement Group Leader National Energy Research Scientific Computing Center | Berkeley Lab rjhartmanbaker@lbl.gov | phone: (510) 486-4810 fax: (510) 486-6459 Pronouns: she/her/hers _______________________________________________ Users mailing list Users@nersc.gov

Close this window