• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
malware attack on circleci engineer's laptop leads to recent security

Malware Attack on CircleCI Engineer’s Laptop Leads to Recent Security Incident

You are here: Home / General Cyber Security News / Malware Attack on CircleCI Engineer’s Laptop Leads to Recent Security Incident
January 14, 2023

DevOps platform CircleCI on Friday disclosed that unknown risk actors compromised an employee’s laptop computer and leveraged malware to steal their two-factor authentication-backed qualifications to breach the company’s methods and facts previous month.

The CI/CD support CircleCI mentioned the “innovative attack” took place on December 16, 2022, and that the malware went undetected by its antivirus software program.

“The malware was ready to execute session cookie theft, enabling them to impersonate the targeted worker in a remote place and then escalate entry to a subset of our generation units,” Rob Zuber, CircleCI’s main technology officer, claimed in an incident report.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


More investigation of the security lapse disclosed that the unauthorized 3rd-party pilfered data from a subset of its databases by abusing the elevated permissions granted to the specific personnel. This integrated purchaser setting variables, tokens, and keys.

The menace actor is thought to have engaged in reconnaissance exercise on December 19, 2022, subsequent it up by carrying out the knowledge exfiltration stage on December 22, 2022.

“Though all the info exfiltrated was encrypted at relaxation, the third-party extracted encryption keys from a jogging course of action, enabling them to likely accessibility the encrypted information,” Zuber said.

The advancement arrives a little over a 7 days following CircleCI urged its consumers to rotate all their tricks, which it said was necessitated soon after it was alerted to “suspicious GitHub OAuth exercise” by one of its shoppers on December 29, 2022.

On mastering that the customer’s OAuth token experienced been compromised, it proactively took the phase of rotating all GitHub OAuth tokens, the enterprise stated, adding it labored with Atlassian to rotate all Bitbucket tokens, revoked Task API Tokens and Private API Tokens, and notified consumers of potentially impacted AWS tokens.

Other than restricting obtain to manufacturing environments, CircleCI said it has included far more authentication guardrails to avert illegitimate access even if the qualifications are stolen.

It even more plans to initiate periodic computerized OAuth token rotation for all shoppers to discourage such attacks in the potential, together with introducing choices for people to “undertake the latest and most advanced security options readily available.”

Uncovered this posting exciting? Adhere to us on Twitter  and LinkedIn to examine far more distinctive information we submit.


Some parts of this report are sourced from:
thehackernews.com

Previous Post: «cacti servers under attack as majority fail to patch critical Cacti Servers Under Attack as Majority Fail to Patch Critical Vulnerability
Next Post: Guide to Building Secure, Compliant Containerswww.drata.comContainer Security / DevSecOpsA guide to improving container security posture for cloud-first organizations. Download it now. Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New FjordPhantom Android Malware Targets Banking Apps in Southeast Asia
  • Qakbot Takedown Aftermath: Mitigations and Protecting Against Future Threats
  • Chinese Hackers Using SugarGh0st RAT to Target South Korea and Uzbekistan
  • Discover How Gcore Thwarted Powerful 1.1Tbps and 1.6Tbps DDoS Attacks
  • WhatsApp’s New Secret Code Feature Lets Users Protect Private Chats with Password
  • U.S. Treasury Sanctions North Korean Kimsuky Hackers and 8 Foreign Agents
  • Zyxel Releases Patches to Fix 15 Flaws in NAS, Firewall, and AP Devices
  • Zero-Day Alert: Apple Rolls Out iOS, macOS, and Safari Patches for 2 Actively Exploited Flaws
  • Google Unveils RETVec – Gmail’s New Defense Against Spam and Malicious Emails
  • North Korea’s Lazarus Group Rakes in $3 Billion from Cryptocurrency Hacks

Copyright © TheCyberSecurity.News, All Rights Reserved.