Author Archives: Aidan Novia

Word wide outage

https://www.cnn.com/2025/10/25/tech/aws-outage-cause

The cloud AWS provider experienced a massive outage on oct 20, 2025 that shut down or impacted many of the most popular services and products on the internet like Roblox, and snapchat. The outage was so large many systems and product became unusable. This issue stemmed from a DNS issue where multiple automated systems were trying to update the same DNS entry which then threw a empty field. This empty field then was carried down to other services like EC2 which then caused those to fail and further down into other workflows and other systems that relied on services like EC2. Those failures carried down to Network balancers which essentially snowballed into a enormous mess that wrecked many apps and services. I personally clocked into work with our error handling system and alerts absolutely flooded will alarms and alerts. This became so bad my boss told me to just ignore the errors for the day (One of my sprint tasks is to keep alerts down). I chose this article due to its relevance to testing software and the probable use of git to find out when and where the error occurred. As the use of git bisect could be used to troubleshoot where the issue was introduced into the workflow to find out where the DNS field was assigned to two systems that could trigger at the same time. Furthermore AWS in their statement to the public states that “We know this event impacted many customers in significant ways, We will do everything we can to learn from this event and use it to improve our availability even further” This statement aligns with the values of scrum since it prioritizes openness and respect which AWS gives to its customers by openly documenting the issue that occurred while at the same time stressing the communication with the customers to reassure them in their recovery from the failure. They also follow the AGILE manifesto as they are responding to change over developing a plan since their customers need their services back now, prioritizing getting their services back online rather than documenting and collaborating with customers to have their systems restored. Delivering that they are only releasing their documentation once the system was fully restored under 15 hours showing that they needed to deliver on working software. In a way they could also be benefiting from focusing on individuals and interactions over tools since this error occurred at multiple levels but started at the same point so one tool or process couldn’t immediately understand the root cause.

From the blog CS@Worcester – Aidan's Cybersection by Aidan Novia and used with permission of the author. All other rights reserved by the author.

GitHub workflow vulnerabilities

https://github.blog/security/vulnerability-research/how-to-catch-github-actions-workflow-injections-before-attackers-do/ , https://www.legitsecurity.com/blog/-how-we-found-another-github-action-environment-injection-vulnerability-in-a-google-project

Today I want to talk about a blog post I found on GitHub own blog site that details the proper measures to protect repositories against malicious action injections to further protect our repositories and properly enforce standards to safe guard our intellectual property and information.

But first I want to go into detail about what the consequences of a action injection are and what this attack does and how this attack works. The main goal of the attack is for the attacker to have a command ran through one of the workflows in in the repository. This can be done by the attacker creating a branch or issue and this being ran and through this it is executed through a run portion of the workflow. So if you have a automation for when someone creates a issue, the bad actor can put a piece of malicious code in the title and because this title is ran through the workflow and executed which can give a bad actor permissions that they shouldn’t have under normal circumstances, this can even get to the point of them approving their own pull requests.

So the question remains is how to stop this? The answer is environment variables which allows the inputted data like the title of the issue to become untrusted and prevent the run in the workflow being ran with the malicious code. Using the proper standards like environment variables for API’s and other pieces of information is crucial as well to maintain proper change control standards. If these standards aren’t followed this can desecrate the integrity of the repo itself since if a malicious change goes unnoticed early on in development this can lead to the branches later one and other contributors repos and branches becoming compromised as well.

I chose this blog post due to my own internship mainly using automated systems for workflows and we have our own GitHub workflow that documents change control requests for the reason we can see when a push that might compromise information or other systems will be made. Furthermore we can reverse these changes and have workflows that try to detect attacks similar to this where a title through machine learning is detected. This is also important to understand in the class when working with a public repositories where these attacks might be botted to be more educated on when to properly test branches and the proper use of environment variables in a project to further protect the repo.

From the blog CS@Worcester – Aidan's Cybersection by Aidan Novia and used with permission of the author. All other rights reserved by the author.

Introduction

Hi everyone this blog is going to be where I post my finding and developments in my career in computer science with a focus on cybersecurity as that’s the niche that I’m most interested in. This blog will cover everything to exploited vulnerabilities to threat actor trends in the industry. My experience is that I have a Security plus certification and a active cybersecurity engineering internship at barracuda networks where I have contributed to creating and updating detection rules and methods.

From the blog CS@Worcester – Aidan's Cybersection by Aidan Novia and used with permission of the author. All other rights reserved by the author.