[Nulled] » Information security » CircleCI forcibly changes GitHub OAuth tokens for its customers after a cyber incident.
January 16 2023

CircleCI forcibly changes GitHub OAuth tokens for its customers after

web3 16-01-2023, 13:10 Information security 303

CircleCI forcibly changes GitHub OAuth tokens for its customers after a cyber incident.

Earlier this month, CircleCI reported a security incident, warning customers about the need for token rotation.

In a new incident report, the company reports that one of its employees was the victim of a targeted attack using a stiller, thanks to which a 2FA-enabled engineer session was compromised.

Hackers broke into CircleCI in December after an engineer became infected with malware that intercepted a single sign-on session cookie with 2FA, which allowed them to eventually gain access to the company's internal systems.

CircleCI specialists first learned about unauthorized access to the systems after contacting one of the clients, who announced the compromise of his GitHub OAuth token.

As of January 4, as a result of the investigation, it was found that on December 16, the engineer was infected with malware to steal information that the company's antivirus software could not detect and neutralize in time.

After that, the stolen corporate session cookie with the passed 2FA allowed the attacker to log in as a target employee at a remote location, and then expand access to production systems.

According to CircleCI, using the privileges of an engineer, on December 22, the hacker began to exfiltrate data from some of the company's databases and repositories, including environment variables, tokens and client keys.

He also managed to get the encryption keys from the running processes, which allowed the attacker to decrypt the CircleCI encrypted data.

Having studied all the circumstances of the incident, the company began urgently notifying customers, warning about the change of all tokens and secrets, starting from December 21, 2022 to January 4, 2023.

To date, CircleCI has changed all tokens associated with clients, including Project API, Personal API and GitHub OAuth.

The company was also in contact with Atlassian and AWS to notify customers about possibly compromised Bitbucket and AWS tokens.

CircleCI has deployed additional malware detection tools to steal information in the antivirus solutions and MDM mobile device management systems used.

In addition, the company has also restricted access to production environments, narrowing the number of admitted employees and increasing the security of 2FA implementation.

The CircleCI incident is another example of how attackers are increasingly implementing successful MFA circumvention tactics: Microsoft, Cisco, Uber, and now CircleCI.

Information

Visitors who are in the group Guests they can't download files.
Log in to the site under your login and password or if you are a new user go through the process registrations on the website.

Comments:

This publication has no comments yet. You can be the first!

Information the publication:

  • Author of the publication: web3
  • Date of publication: 16 January 2023 13:10
  • Publication category(s): Information security
  • Number of views of the publication: 303
  • Number of comments to the publication: 0

Related News

16 January 2023
Information security
The corporate

The corporate communication and collaboration platform Slack reported a cyber incident that occurred during the

Read more
16 January 2023
Information security
Air France and KLM have

Air France and KLM have informed Flying Blue customers about a cyber incident that resulted in their accounts

Read more
16 January 2023
Information security
Cryptoplatform 3Commas

Cryptoplatform 3Commas has recognized a cyber incident, as a result of which API keys were stolen. Recently, an

Read more
16 January 2023
Information security
BTC.com robbed of $3

The seventh largest cryptocurrency mining pool has officially announced an incident in which attackers stole about

Read more
16 January 2023
Information security
Royal Ransomware claimed

Royal Ransomware claimed responsibility for the cyberattack on the telecommunications company Intrado.

Read more

Information

Users of 🆅🅸🆂🅸🆃🅾🆁 are not allowed to comment this publication.

Site Search

Site Menu


☑ Websites Scripts

Calendar

«    December 2024    »
MonTueWedThuFriSatSun
 1
2345678
9101112131415
16171819202122
23242526272829
3031 

Advertisement

Survey on the website

Evaluate the work of the site
 

Statistics

  • +6 Total articles 6751
  • +15 Comments 4235
  • +25 Users : 6069