The attackers who pulled off the recent breach of continuous integration and continuous delivery (CI/CD) platform maker CircleCI got in by compromising an engineer’s laptop with malware, stealing their 2FA-backed SSO session cookie, and using it to impersonate the employee in a remote location. “Because the targeted employee had privileges to generate production access tokens as part of the employee’s regular duties, the unauthorized third party was able to access and exfiltrate data from a … More
The post CircleCI breach post-mortem: Attackers got in by stealing engineer’s session cookie appeared first on Help Net Security.
This article has been indexed from Help Net Security
Read the original article: