CircleCI security alert after hackers steal encryption keys and secrets
Up next
Author
Tags
Share article
The post has been shared by 2 people.
Facebook 0
Twitter 0
LinkedIn 0
Reddit 0
Pinterest 2
Pocket 0
Mail 0

Continuous integration and continuous delivery platform CircleCI has published more details regarding a security breach that occurred at the start of the year.

The company disclosed in an updated blog post that “an intruder gained access through an employee’s laptop that was compromised with malware,” allowing the theft of session tokens to keep the employee logged into internal systems—even though the applications were protected with two-factor authentication.

CircleCI is taking responsibility for the compromise and breach, calling it a “systems failure,” since the malware was able to evade company antivirus software.

Once the cybercriminals were inside internal systems, they were able to impersonate the infected employee and gain access to customer data and production systems.

Even though the customer data was encrypted, the cybercriminals were able to obtain the encryption keys to decrypt the stolen customer data.

CircleCI security recommendations

CircleCI recommends all customers add additional layers of protection to their CI/CD pipeline configuration. The company strongly advises customers to perform the following to increase security:

  • Use OIDC tokens wherever possible to avoid storing long-lived credentials in CircleCI.
  • Take advantage of IP ranges to limit inbound connections to your systems to known IP addresses.
  • Use Contexts to enable the sharing of environment variables across projects, which can then be rotated automatically via API.
  • For privileged access and additional controls, you may choose to use runners, which allow you to connect the CircleCI platform to your own compute and environments, including IP restrictions and IAM management.

CircleCI breach may impact Datadog customers

Cloud firm Datadog disclosed that it was informed by CircleCI of the breach, and “identified a single secret stored in CircleCI that could theoretically be misused by a potential attacker.”

The affected RPM GPG signing key has the fingerprint of:

60A389A44A0C32BAE3C03F0B069B56F54172A230

Datadog only recommends customers take action if “you’re on an RPM-based Linux distribution (RHEL, CentOS, Rocky Linux, AlmaLinux, Amazon Linux, SUSE/SLES, Fedora), and your system trusts the affected GPG key.”

Complete details on recommended actions to take for Datadog customers are available on their blog.

You May Also Like
Microsoft Deploys GPT-4 to Azure Government Top Secret Cloud for DoD

Microsoft Deploys GPT-4 to Azure Government Top Secret Cloud for DoD

OpenAI’s GPT-4 multimodal large language model is coming to Azure Government Cloud Top Secret
RSAC 2024: Crowdstrike Falcon Cloud Security enhanced for cloud asset visualization Falcon Query Builder Falcon Asset Graph

RSAC 2024: Crowdstrike Falcon Cloud Security enhanced for cloud asset visualization

Crowdstrike is enhancing its Falcon Cloud Security platform for AI-assisted cyber incident detection, mitigation and response
Wiz Cloud Cybersecurity Platform raises $1B at $12B valuation

Wiz Cloud Cybersecurity Platform raises $1B at $12B valuation

Wiz is one of the fastest-growing cybersecurity startups, with an IPO on the horizon