January 14, 2023Rabbi LakshmananDevOps / Data Security

DevOps platform CircleCI said Friday that unidentified attackers compromised employee laptops, used malware to steal credentials backed by two-factor authentication, and compromised the company’s systems and data last month. made it clear.

CI/CD service CircleCI said a “sophisticated attack” occurred on December 16, 2022, and the malware was not detected by the company’s antivirus software.

CircleCI Chief Technology Officer Rob Zuber said: Said in the incident report.

Further analysis of the security blunders revealed that an unauthorized third party had stolen data from a subset of the database by abusing the elevated privileges granted to the targeted employee. This contained the customer’s environment variables, tokens, and keys.

The threat actor is believed to have conducted reconnaissance activities on December 19, 2022, followed by data exfiltration steps on December 22, 2022.

“Although all the stolen data was encrypted at rest, a third party could have extracted the encryption key from the running process and could have accessed the encrypted data,” Zuber said. said.

This development comes just over a week after CircleCI urged customers to rotate all secrets after being warned by one of their customers about “suspicious GitHub OAuth activity” on December 29, 2022. rice field.

Upon learning that a customer’s OAuth tokens had been compromised, the company said it took proactive steps to rotate all GitHub OAuth tokens, and worked with Atlassian to rotate all Bitbucket tokens and project API tokens. and revoked personal API tokens and notified customers. of AWS tokens that may be affected.

CircleCI says it’s incorporating more authentication guardrails to not only limit access to production environments, but to prevent unauthorized access even if credentials are stolen.

In addition, we are introducing options for users to “adopt the latest and most advanced security features available” and all customers will be asked to implement regular automatic OAuth token rotation to prevent such attacks in the future. I am planning to start.

Did you find this article interesting?Please follow us twitter When LinkedIn To read more exclusive content that we post.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog