Malware Attack on CircleCI Engineer's Laptop Leads to Recent Security Incident

By Ravie Lakshmanan — January 14^th 2023 at 08:41

DevOps platform CircleCI on Friday disclosed that unidentified threat actors compromised an employee's laptop and leveraged malware to steal their two-factor authentication-backed credentials to breach the company's systems and data last month. The CI/CD service CircleCI said the "sophisticated attack" took place on December 16, 2022, and that the malware went undetected by its antivirus

Naked Security

CircleCI – code-building service suffers total credential compromise

By Paul Ducklin — January 9^th 2023 at 14:52

They're saying "rotate secrets"... in plain English, they mean "change your credentials". The company has a tool to help you find them all.

The Hacker News

CircleCI Urges Customers to Rotate Secrets Following Security Incident

By Ravie Lakshmanan — January 5^th 2023 at 09:12

DevOps platform CircleCI on Wednesday urged its customers to rotate all their secrets following an unspecified security incident. The company said an investigation is currently ongoing, but emphasized that "there are no unauthorized actors active in our systems." Additional details are expected to be shared in the coming days. "Immediately rotate any and all secrets stored in CircleCI,"

FreshRSS

Malware Attack on CircleCI Engineer's Laptop Leads to Recent Security Incident

CircleCI – code-building service suffers total credential compromise

CircleCI Urges Customers to Rotate Secrets Following Security Incident