CircleCI loses encryption keys and customer secrets to data theft
CircleCI recently disclosed a December 2022 incident in which customer data was misappropriated. Attackers misused session tokens to steal encryption keys and other sensitive information.
In a blog post, CTO Rob Zuber shed light on the breach. Cybercriminals had access to customer data until Ja... Read more
Source code of nearly 2,000 apps gives access to private AWS environments
Researchers at Symantec warn of hard-coded credentials in mobile apps. The security company discovered access tokens for AWS environments in nearly 2,000 apps for iOS and Android.
Hard-coded credentials are referenced in the source code of software. The credentials typically allow an applicatio... Read more