CIO News Hubb
Advertisement
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
CIO News Hubb
No Result
View All Result
Home Information Security

Malware Attack on CircleCI Engineer’s Laptop Leads to Recent Security Incident

admin by admin
January 14, 2023
in Information Security


Jan 14, 2023Ravie LakshmananDevOps / Data Security

DevOps platform CircleCI on Friday disclosed that unidentified threat actors compromised an employee’s laptop and leveraged malware to steal their two-factor authentication-backed credentials to breach the company’s systems and data last month.

The CI/CD service CircleCI said the “sophisticated attack” took place on December 16, 2022, and that the malware went undetected by its antivirus software.

“The malware was able to execute session cookie theft, enabling them to impersonate the targeted employee in a remote location and then escalate access to a subset of our production systems,” Rob Zuber, CircleCI’s chief technology officer, said in an incident report.

Further analysis of the security lapse revealed that the unauthorized third-party pilfered data from a subset of its databases by abusing the elevated permissions granted to the targeted employee. This included customer environment variables, tokens, and keys.

The threat actor is believed to have engaged in reconnaissance activity on December 19, 2022, following it up by carrying out the data exfiltration step on December 22, 2022.

“Though all the data exfiltrated was encrypted at rest, the third-party extracted encryption keys from a running process, enabling them to potentially access the encrypted data,” Zuber said.

The development comes a little over a week after CircleCI urged its customers to rotate all their secrets, which it said was necessitated after it was alerted to “suspicious GitHub OAuth activity” by one of its customers on December 29, 2022.

Upon learning that the customer’s OAuth token had been compromised, it proactively took the step of rotating all GitHub OAuth tokens, the company stated, adding it worked with Atlassian to rotate all Bitbucket tokens, revoked Project API Tokens and Personal API Tokens, and notified customers of potentially affected AWS tokens.

Besides limiting access to production environments, CircleCI said it has incorporated more authentication guardrails to prevent illegitimate access even if the credentials are stolen.

It further plans to initiate periodic automatic OAuth token rotation for all customers to deter such attacks in the future, alongside introducing options for users to “adopt the latest and most advanced security features available.”

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

Recap to security, identity, and compliance sessions at AWS re:Invent 2022

Next Post

Initiatives ~ Future of CIO

Related Posts

Information Security

New Russian-Backed Gamaredon’s Spyware Variants Targeting Ukrainian Authorities

by admin
February 2, 2023
Information Security

AWS achieves ISO 20000-1:2018 certification for 109 services

by admin
February 2, 2023
Information Security

Everything you need to know

by admin
February 2, 2023
Information Security

Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility

by admin
February 1, 2023
Information Security

How to set up ongoing replication from your third-party secrets manager to AWS Secrets Manager

by admin
February 1, 2023
Next Post

Initiatives ~ Future of CIO

Recommended

Initiatetogoapproach

February 2, 2023

New Russian-Backed Gamaredon’s Spyware Variants Targeting Ukrainian Authorities

February 2, 2023

AWS achieves ISO 20000-1:2018 certification for 109 services

February 2, 2023

Everything you need to know

February 2, 2023

Influentialleadership ~ Future of CIO

February 1, 2023

Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility

February 1, 2023

© 2022 CIO News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

Newsletter Sign Up

No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

© 2022 CIO News Hubb All rights reserved.