all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

CircleCI breach and harmful advice

Add to bookmarks
Jan. 6, 2023, 12:01 p.m. | /u/akostadi

cybersecurity www.reddit.com

As many know, [CircleCI was hacked recently](https://circleci.com/blog/january-4-2023-security-alert/) and they advise to rotate all secrets. But there is quiet an issue especially with SSH keys and their advice:


> **Project SSH keys**: Go to Project Settings > SSH Keys. Delete the Deploy Key and add it again. If you were using any additional keys, then those need to be deleted and recreated.


This advice is harmful because removing these keys does not remove them from the target system (usually github). It …

advice breach circleci cybersecurity delete github go to important key keys project remove settings ssh ssh keys system systems target

Visit resource

More from www.reddit.com / cybersecurity

How to Detect a GIFshell Attack: Step-by-Step Guide 3 hours ago | www.reddit.com
attack cybersecurity detect gifshell +1
Security Engineer 9 hours ago | www.reddit.com
account analyst cybersecurity detect +18
Active Directory Security A Concern? 10 hours ago | www.reddit.com
active directory active directory security cloud cybersecurity +8
NSA security designer goes to jail for sharing top secret files 12 hours ago | www.reddit.com
cybersecurity designer files goes +7
Thousands of Airsoft players under threat after data breach 12 hours ago | www.reddit.com
breach cybersecurity data data breach +3
Hackers of all kinds are attacking routers across the world | TechRadar 13 hours ago | www.reddit.com
cybersecurity hackers routers world
🤣 Ivanti is hiring an Offensive Security Engineer 13 hours ago | www.reddit.com
assessment cybersecurity old team +3
Migrating to Australia as a cybersecurity consultant 16 hours ago | www.reddit.com
australia clients consultant cybersecurity +11
Why is an entry level job so hard to get? 17 hours ago | www.reddit.com
automatic cybersecurity don down +7

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Offensive Security Engineer

@ Ivanti | United States, Remote
View on infosec-jobs.com

Senior Security Engineer I

@ Samsara | Remote - US
View on infosec-jobs.com

Senior Principal Information System Security Engineer

@ Chameleon Consulting Group | Herndon, VA
View on infosec-jobs.com

Junior Detections Engineer

@ Kandji | San Francisco
View on infosec-jobs.com

Data Security Engineer/ Architect - Remote United States

@ Stanley Black & Decker | Towson MD USA - 701 E Joppa Rd Bg 700
View on infosec-jobs.com
View more jobs