Summary CircleCI Rotates GitHub 0Auth Tokens After Security Incident - Security Boulevard securityboulevard.com
2,030 words - html page - View html page
One Line
Organizations must take security breaches seriously and ensure layered security with application security controls, visibility into privileged activities, multi-factor authentication, and mature access management capabilities to protect against attackers targeting CI/CD vendors.
Key Points
- Organizations should ensure visibility into privileged activities in the pipeline, require multi-factor authentication for all user accounts and privileged activities, and mature access management capabilities in order to protect against security threats.
- Secrets management is an important part of any security design, and customers should ensure they have a well-designed secrets management solution to protect their secrets and rotate their keys/secrets/tokens as per the company's guidance.
- CircleCI recently experienced a security breach and urged customers to rotate any and all secrets stored in their project environment variables or in contexts and review internal logs for unauthorized access.
Summaries
96 word summary
Organizations must take security breaches seriously. On December 21, 2020, CircleCI urged customers to rotate secrets stored in their project environment variables and on January 4, 2021, they announced an investigation into a breach. Secrets management is essential and customers should rotate their keys/secrets/tokens as advised by the company. Attackers are targeting CI/CD vendors, and CircleCI is the latest. Organizations should ensure layered security with application security controls, visibility into privileged activities, multi-factor authentication, and mature access management capabilities. Techstrong Group Inc. provides various products and services, blog posts, webinars, and free ebooks related to cybersecurity.
395 word summary
Techstrong Group Inc. offers various products and services, such as DevOps TV, DevOps Dozen, DevOps Chat, Techstrong.tv Podcast, Techstrong TV, Techstrong Research, Digital CxO, DevOps.com, Container Journal, and more. They also provide useful links, a privacy policy, DMCA compliance statement, TOS, copyright, sponsor info, media kit, about page, and email contact. Additionally, they have a blog with posts discussing topics like CircleCI Rotates GitHub 0Auth Tokens After Security Incident; WithSecure Experiments Highlight Language Model Threat; Yikes, Control Web Panel has Critical RCE Patch NOW; Cybersecurity Legal Trends for 2023; NIST Completes Satellite Command-and-Control Guidance; Another Password Manager Breach: NortonLifeLock Apes LastPass; and more. There are also webinars and free ebooks available. Organizations are embracing DevSecOps to ensure layered security with application security controls. Common threats include source code breaches, Slack secrets, Okta, LastPass, and cyberattacks. To protect against these risks, organizations should ensure visibility into privileged activities in the pipeline, require multi-factor authentication for all user accounts and privileged activities, and mature access management capabilities. Additionally, they should follow security reference architectures. Secrets management is an important part of any security design. Customers should ensure they have a well-designed secrets management solution to protect their secrets and rotate their keys/secrets/tokens as per the company's guidance. Attackers are increasingly targeting CI/CD and software development tool vendors, and CircleCI is the latest vendor to make the news. While the investigation is ongoing and full details of the breach are still forthcoming, there is concern about the potential loss of secrets and keys, as well as the possibility of an intruder obtaining write access or making code or configuration changes that could have a grave and lasting impact on customers. Companies need to ensure they have tokens that give access to code repositories, as attackers can introduce vulnerabilities in widely used enterprise software. Organizations should take security breaches seriously. John Steven, CTO at ThreatModeler, said a breach of this kind gives access to production and a map of what to do when there. On December 21, 2022, CircleCI urged customers to rotate any and all secrets stored in their project environment variables or in contexts and review internal logs for unauthorized access. On January 4, 2023, CircleCI announced it was investigating an incident and advised customers to rotate their tokens. CircleCI has since completed the process of rotating GitHub OAuth tokens and said customers can continue to build.