1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • CircleCI confirms customer data was stolen in malware-powered hac

    From TechnologyDaily@1337:1/100 to All on Mon Jan 16 19:45:03 2023
    CircleCI confirms customer data was stolen in malware-powered hack

    Date:
    Mon, 16 Jan 2023 19:33:44 +0000

    Description:
    CircleCI employee with high privileges had their laptop compromised with token-stealing malware.

    FULL STORY ======================================================================

    CircleCi has confirmed that a recent security incident it has been investigating was malware -powered grand theft data.

    The company revealed the news in a blog post that described what recently happened, what it did to minimize the damage, and how it plans on keeping its users safe in the future.

    In the blog, it was said that an employee with high privileges has had their laptop infected with token-stealing malware which gave the attackers keys to the kingdom. Stealing data for weeks

    The malware apparently managed to run on the endpoint despite the device having an antivirus program installed. The attackers used the tool to grab session tokens which kept the employee logged in to some applications.

    When a user logs into an app, even if they did so with a password and a multi-factor authentication (MFA) tool, some apps drop session tokens which allow the users to remain logged into the app for prolonged periods of time. In other words, by stealing session tokens, the attackers effectively
    bypassed any MFA the company had set up.

    After that, it was only a question of accessing the right production systems in order to compromise sensitive data.

    Because the targeted employee had privileges to generate production access tokens as part of the employees regular duties, the unauthorized third party was able to access and exfiltrate data from a subset of databases and stores, including customer environment variables, tokens, and keys, the blog notes.

    The threat actors lingered around CircleCIs infrastructure for roughly three weeks - from December 16, 2022, to January 4, 2023. Read more

    CircleCI tells users to move their secrets following security alert


    GitHub accounts are being stolen by fake CircleCI accounts


    These are the best ID theft protection tools right now

    Even the fact that the stolen data was encrypted didnt help much, as the attackers obtained encryption keys, too.

    We encourage customers who have yet to take action to do so in order to prevent unauthorized access to third-party systems and stores, the blog concluded.

    CircleCi had asked its customers to rotate any and all secrets stored in its systems. These may be stored in project environment variables or in contexts. Check out the best firewalls today

    Via: TechCrunch



    ======================================================================
    Link to news story: https://www.techradar.com/news/circleci-confirms-customer-data-was-stolen-in-m alware-powered-hack


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)