Subscribe to Updates

    Get the latest creative news from CRYPTO NOUNCE.

    What's Hot

    Hygraph raises $30M to scale out a new, federated approach to managing digital content

    March 29, 2023

    Sidecars could be the last ILS segment to rebound: Anger, GC Securities

    March 29, 2023

    Hannon Armstrong Sustainable Infrastructure Capital, Inc. (NYSE:HASI) Given Average Recommendation of “Hold” by Brokerages

    March 29, 2023
    Facebook Twitter Instagram
    Facebook Twitter Instagram Vimeo
    Cryptonounce.com
    Contact
    • Business
      • Deals
      • investors
      • IPO
      • Startups
      • Wall Street
    • Markets
      • Bonds
      • Commodities & Futures
      • Currencies
      • Funds & ETFs
      • Stocks
    • Crypto
      • Alticoins News
      • Binance News
      • Bitcoins News
      • Blockchain News
      • Ethereum News
      • Token Sales News
      • XRP News
    • Technology
      • Artificial Intelligence
      • Big Data
      • Cloud Computing
      • Cybersecurity
      • Gaming
      • Internet of Things
      • Mobile
      • Social Media
      • Transportation
      • VR & AR
    • FinTech
    • Personal finance
    • Grides
      • Crypto
      • FinTech
      • Investing
      • Personal Finance Guides
      • Techonology
    • Tools
      • Coins
      • ICO List
      • Organigations
      • Events
    Cryptonounce.com
    Home » CircleCI Urges Customers to Rotate Secrets Following Security Incident
    Cybersecurity

    CircleCI Urges Customers to Rotate Secrets Following Security Incident

    AdmincryptBy AdmincryptJanuary 5, 2023No Comments3 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp VKontakte Email
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Jan 05, 2023Ravie LakshmananDevOps / Security Breach

    CircleCI

    DevOps platform CircleCI on Wednesday urged its customers to rotate all their secrets following an unspecified security incident.

    The company said an investigation is currently ongoing, but emphasized that “there are no unauthorized actors active in our systems.” Additional details are expected to be shared in the coming days.

    “Immediately rotate any and all secrets stored in CircleCI,” CircleCI’s chief technology officer, Rob Zuber, said in a terse advisory. “These may be stored in project environment variables or in contexts.”

    CircleCI is also recommending users to review internal logs for signs of any unauthorized access starting from December 21, 2022, to January 4, 2023, or until when the secrets are rotated.

    The software development service did not disclose any further specifics about the breach, but said it has also invalidated all Project API tokens and that they need to be replaced.

    CircleCI

    The disclosure comes weeks after the company announced that it had released reliability updates to the service on December 21, 2022, to resolve underlying “systemic issues.” CircleCI noted that the two events are not related.

    It’s also the latest breach to hit CircleCI in recent years. The company, in September 2019, revealed “unusual activity” related to a third-party analytics vendor that resulted in unauthorized access to usernames and email addresses associated with GitHub and Bitbucket.

    Then last year, it alerted users that fake CircleCI email notifications were being used to steal GitHub credentials and two-factor authentication (2FA) codes.

    Slack’s GitHub Code Repositories Stolen

    It’s just not CircleCI, as Slack disclosed on December 31, 2022, that it became aware of a security issue that entailed unauthorized access to a subset of its source code repositories on GitHub.

    The issue, which came to light on December 29, 2022, resulted in the theft of a limited number of Slack employee tokens that were then used to access its GitHub repository, ultimately permitting the adversary to download the source code.

    Slack, however, said no customer action is required and that the breach was quickly contained. The credentials have since been invalidated.

    “No downloaded repositories contained customer data, means to access customer data, or Slack’s primary codebase,” the Salesforce-owned company said. “The threat actor did not access other areas of Slack’s environment, including the production environment, and they did not access other Slack resources or customer data.”

    The instant messaging service did not share more information on how the employee tokens were stolen, but stressed the “unauthorized access did not result from a vulnerability inherent to Slack.”

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp Email
    Previous ArticleFrom Phishing Emails to Social Media
    Next Article Mitigate the LastPass Attack Surface in Your Environment with this Free Tool
    Admincrypt
    • Website

    Related Posts

    North Korean APT43 Group Uses Cybercrime to Fund Espionage Operations

    March 29, 2023

    Microsoft Introduces GPT-4 AI-Powered Security Copilot Tool to Empower Defenders

    March 28, 2023

    Pakistan-Origin SideCopy Linked to New Cyberattack on India’s Ministry of Defence

    March 28, 2023

    IcedID Malware Shifts Focus from Banking Fraud to Ransomware Delivery

    March 28, 2023

    Leave A Reply Cancel Reply

    Our Picks
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo
    Don't Miss
    Technology

    Hygraph raises $30M to scale out a new, federated approach to managing digital content

    By AdmincryptMarch 29, 20230

    Digital content and how we consume it continue to endlessly evolve, and with that, so…

    Sidecars could be the last ILS segment to rebound: Anger, GC Securities

    March 29, 2023

    Hannon Armstrong Sustainable Infrastructure Capital, Inc. (NYSE:HASI) Given Average Recommendation of “Hold” by Brokerages

    March 29, 2023

    Fact of the Day – 3/29/2023

    March 29, 2023

    Subscribe to Updates

    Get the latest creative news from CRYPTO NOUNCE.

    NEWS
    • Business
    • Crypto
    • Blockchain
    • Markets
    • Technology
    FEATURED SECTIONS
    • Coins
    • ICO List
    • Organigations
    • Events
    • Grides
    FEATURED LINKS
    • Story of the day
    • Videos
    • Infographics
    CONNECT WITH US
    • Facebook
    • Twitter
    • Telegram
    • LinkedIn
    • Pinterest
    ABOUT US
    • Contact
    • Advertise
    • Sitemap
    Copyright © 2023 Cryptonounce All rights reserved. Cryptonounce.
    • Home
    • Buy Now

    Type above and press Enter to search. Press Esc to cancel.

    Sign In or Register

    Welcome Back!

    Login to your account below.

    Lost password?