Rapid7 says attacker accessed its source code in Codecov supply chain hack
An unauthorized party accessed Rapid7 source code via the Codecov supply chain compromise, the cybersecurity company said Thursday, making it the latest confirmed victim known to be swept up in the attack. Rapid7 said it made limited use of Codecov’s affected Bash Uploader tool, used to share code reports with the software auditing company, as part of its managed detection and response program. After conducting an internal investigation, Rapid7 determined to what degree any outsiders might have infiltrated Rapid7 repositories. “A small subset of our source code repositories for internal tooling for our MDR service was accessed by an unauthorized party outside of Rapid7,” the company wrote in a blog post. “We have contacted the small subset of customers who may be impacted by this incident to ensure they take appropriate steps to mitigate any potential risk,” the blog post continued. “Note: If you haven’t been contacted by us about […]
The post Rapid7 says attacker accessed its source code in Codecov supply chain hack appeared first on CyberScoop.
Continue reading Rapid7 says attacker accessed its source code in Codecov supply chain hack