Home Security CircleCI Urges Clients to Rotate Secrets and techniques Following Safety Incident

CircleCI Urges Clients to Rotate Secrets and techniques Following Safety Incident

by crpt os


Jan 05, 2023Ravie LakshmananDevOps / Security Breach

DevOps platform CircleCI on Wednesday urged its customers to rotate all their secrets following an unspecified security incident.

The company said an investigation is currently ongoing, but emphasized that “there are no unauthorized actors active in our systems.” Additional details are expected to be shared in the coming days.

“Immediately rotate any and all secrets stored in CircleCI,” CircleCI’s chief technology officer, Rob Zuber, said in a terse advisory. “These may be stored in project environment variables or in contexts.”

CircleCI is also recommending users to review internal logs for signs of any unauthorized access starting from December 21, 2022, to January 4, 2023, or until when the secrets are rotated.

The software development service did not disclose any further specifics about the breach, but said it has also invalidated all Project API tokens and that they need to be replaced.

CircleCI

The disclosure comes weeks after the company announced that it had released reliability updates to the service on December 21, 2022, to resolve underlying “systemic issues.”

It’s also the latest breach to hit CircleCI in recent years. The company, in September 2019, revealed “unusual activity” related to a third-party analytics vendor that resulted in unauthorized access to usernames and email addresses associated with GitHub and Bitbucket.

Then last year, it alerted users that fake CircleCI email notifications were being used to steal GitHub credentials and two-factor authentication (2FA) codes.

Slack’s GitHub Code Repositories Stolen

It’s just not CircleCI, as Slack disclosed on December 31, 2022, that it became aware of a security issue that entailed unauthorized access to a subset of its source code repositories on GitHub.

The issue, which came to light on December 29, 2022, resulted in the theft of a limited number of Slack employee tokens that were then used to access its GitHub repository, ultimately permitting the adversary to download the source code.

Slack, however, said no customer action is required and that the breach was quickly contained. The credentials have since been invalidated.

“No downloaded repositories contained customer data, means to access customer data, or Slack’s primary codebase,” the Salesforce-owned company said. “The threat actor did not access other areas of Slack’s environment, including the production environment, and they did not access other Slack resources or customer data.”

The instant messaging service did not share more information on how the employee tokens were stolen, but stressed the “unauthorized access did not result from a vulnerability inherent to Slack.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex