all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Lessons to Learn From CircleCI's Breach Investigation

Add to bookmarks
Jan. 19, 2023, 7:16 p.m. |

DataBreachToday.co.uk RSS Syndication www.databreachtoday.co.uk

Beware: Malware Bypassed Antivirus; Attackers Reused Stolen Single Sign-On Tokens
Essential reading for network defenders: CircleCI's report into its recent breach, which began when malware infected an engineer's laptop. After stealing "a valid, 2FA-backed" single sign-on session cookie, attackers stole customers' secrets and gained unauthorized access to third-party systems.

2fa access antivirus attackers breach circleci cookie customers defenders engineer investigation laptop learn malware network network defenders party report secrets session sign single single sign-on stealing stolen systems third third-party unauthorized access valid

Visit resource

More from www.databreachtoday.co.uk / DataBreachToday.co.uk RSS Syndication

Critical Flaw in R Language Poses Supply Chain Risk 11 hours ago | www.databreachtoday.co.uk
code critical critical flaw data +21
Experts Say White House Memo Overlooks Space Cyber Risks 12 hours ago | www.databreachtoday.co.uk
calling critical critical infrastructure cyber +16
Permira Takes Majority Stake in BioCatch at $1.3B Valuation 12 hours ago | www.databreachtoday.co.uk
acquisitions amp behavioral biometrics biocatch +18
Rehab Hospital Chain Hack Affects 101,000; Facing 6 Lawsuits 12 hours ago | www.databreachtoday.co.uk
action attack class class action +15
Breach Roundup: REvil Hacker Gets Nearly 14-Year Sentence 13 hours ago | www.databreachtoday.co.uk
agency attacks breach breached +26
Veracode CEO on Mastering Application Security in the AI Era 15 hours ago | www.databreachtoday.co.uk
application application management application security artificial +18
Cryptohack Roundup: Geosyn Fraud Lawsuit 17 hours ago | www.databreachtoday.co.uk
analyst anti-money laundering cash charges +24
Managed Service Provider Denies Being Source of Breach 19 hours ago | www.databreachtoday.co.uk
analytics breach data exposed +15
Dropbox Sees Breach of Legally Binding E-Signature Service 1 day, 1 hour ago | www.databreachtoday.co.uk
api authentication breach breached +22

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

SITEC- Systems Security Administrator- Camp HM Smith

@ Peraton | Camp H.M. Smith, HI, United States
View on infosec-jobs.com

Cyberspace Intelligence Analyst

@ Peraton | Fort Meade, MD, United States
View on infosec-jobs.com

General Manager, Cybersecurity, Google Public Sector

@ Google | Virginia, USA; United States
View on infosec-jobs.com

Cyber Security Advisor

@ H&M Group | Stockholm, Sweden
View on infosec-jobs.com

Engineering Team Manager – Security Controls

@ H&M Group | Stockholm, Sweden
View on infosec-jobs.com
View more jobs