Tag Archive for: laptop
Malware Attack on CircleCI Engineer’s Laptop Leads to Recent Security Incident
DevOps platform CircleCI on Friday disclosed that unidentified threat actors compromised an employee’s laptop and leveraged malware to steal their two-factor authentication-backed credentials to breach the company’s systems and data last month.
The CI/CD service CircleCI said the “sophisticated attack” took place on December 16, 2022, and that the malware went undetected by its antivirus software.
“The malware was able to execute session cookie theft, enabling them to impersonate the targeted employee in a remote location and then escalate access to a subset of our production systems,” Rob Zuber, CircleCI’s chief technology officer, said in an incident report.
Further analysis of the security lapse revealed that the unauthorized third-party pilfered data from a subset of its databases by abusing the elevated permissions granted to the targeted employee. This included customer environment variables, tokens, and keys.
The threat actor is believed to have engaged in reconnaissance activity on December 19, 2022, following it up by carrying out the data exfiltration step on December 22, 2022.
“Though all the data exfiltrated was encrypted at rest, the third-party extracted encryption keys from a running process, enabling them to potentially access the encrypted data,” Zuber said.
The development comes a little over a week after CircleCI urged its customers to rotate all their secrets, which it said was necessitated after it was alerted to “suspicious GitHub OAuth activity” by one of its customers on December 29, 2022.
Upon learning that the customer’s OAuth token had been compromised, it proactively took the step of rotating all GitHub OAuth tokens, the company stated, adding it worked with Atlassian to rotate all Bitbucket tokens, revoked Project API Tokens and Personal API Tokens, and notified customers of potentially affected AWS tokens.
Besides limiting access to production environments, CircleCI said it has incorporated more authentication guardrails to prevent illegitimate access even if the credentials are stolen.
It further plans to initiate periodic automatic OAuth token rotation for all customers to deter such…
CircleCI probe links malware placed on engineer’s laptop to larger breach
CircleCI said an unauthorized third-party leveraged malware on the laptop of one of its engineers to steal a valid 2FA-backed single-sign-on session, according to highly anticipated report stemming from a security incident disclosed earlier this month.
The engineer’s laptop was compromised on Dec. 16, but the company’s antivirus software failed to detect the malware, the company said.
“Our investigation indicates that the malware was able to execute session cookie theft, enabling them to impersonate the targeted employee in a remote location and then escalate across to a subset of our production systems,” CircleCI CTO Rob Zuber explained in the updated blog post.
Less than five customers have said they experienced unauthorized access to third-party systems, the company said.
The engineer had privileges to generate production access tokens, so the third-party was able to exfiltrate data from a subset of databases and stores, including customer environment variables, tokens and keys, according to the blog post.
CircleCI strongly defended the employee in the report, emphasizing the incident was not due to the actions of any one person, but a collective failure of various systems.
“While one employee’s laptop was exploited through this sophisticated attack, a security incident is a systems failure,” Zuber said in the blog post. “Our responsibility as an organization is to build layers of safeguards that protect against all attack vectors.”
The threat actor did reconnaissance activity on Dec. 19 and the exfiltration took place on Dec. 22.
“Though all the data exfiltrated was encrypted at rest, the third party extracted encryption keys from a running process, enabling them to potentially access the encrypted data,” Zuber said.
By Dec. 29, the company was alerted to suspicious GitHub OAuth activity and realized on Dec. 30 a Github OAuth token belonging to one of its customers was compromised by an unauthorized party.
The customer resolved the issue, but on Dec. 31 CircleCI decided to rotate all GitHub OAuth tokens on behalf of customers.
CircleCI said it considers the platform safe for customers to…
Airport Security Check Will Happen Without Taking Out Laptop, Mobile From Your Bag! Find Out How? – Trak.in
Flight passengers will no longer be required to remove their electronic devices while getting their cabin baggage screened.
Latest reports have confirmed that airports will soon employ advanced technology to screen bags without having to remove electronic devices.
Airports To Use Technology For Screening Cabin Baggage
In India, the lengthy lines of passengers removing their laptops, cell phones, and chargers from their carry-on bags before security screenings may soon be a thing of the past.
The Bureau of Civil Aviation Security (BCAS), the agency in charge of overseeing aviation security, is anticipated to release technical norms within a month, which will encourage airports to use cutting-edge equipment to screen bags without removing electronic devices.
As per a senior official of the Central Industrial Security Force (CISF), “All airports, including Delhi airport, need to improve the machines deployed for screening of cabin bags. They are lagging behind. Technologies such as dual x-ray, computer tomography and neutron beam technology will eliminate the need for passengers to remove laptops and other electronic devices.”
Today, airports all over the nation are experiencing a record number of passengers, which has already surpassed pre-Covid levels. On December 11, there were 4.27 lakh domestic travelers.
Civil Aviation Minister Confirms Order of Providing More Machines
Security lanes were discovered to be the biggest congestion points at Delhi Airport, which recently experienced scenes of overcrowding resulting in passengers missing their flights. This was primarily because the number of x-ray machines for screening cabin bags was not commensurate with passenger traffic during peak hours.
Civil Aviation Minister Jyotiraditya Scindia intervened to order the airport operator to provide more machines for screening cabin bags after senior government officials accused airports of failing to expand their infrastructure to handle the increasing number of flights and passengers. Although the CISF supplies personnel, airport operators are responsible for providing the necessary security infrastructure.
Newer technologies, like computer tomography, produce 3-D images with…