Cloud security firm Datadog claims that one of its RPM GPG signing keys and passphrase were exposed in a recent CircleCI security breach.

However, the company added that it has yet to find any evidence that this key has been leaked or misused.

“As of January 16, 2023, Datadog has no indication that the key has been leaked or misused, but we are still taking the following steps out of an abundance of caution,” Datadog said.

In response to CircleCI’s revelation that the malicious actor stole environment variables, tokens and customer keys from its databases, Datadog has released a new version of its Agent 5 RPM for CentOS/RHEL, signed with a new key.

The company has also released a new Linux installer script that removes the affected key from the Datadog repository file and the RPM database.

Datadog repositories are not compromised

Datadog added that even if the attacker managed to steal the signing key and created a malicious RPM package, he could not use it to target corporate customers, as he would also need access to the repositories of official packages.

“The official Datadog repositories have not been compromised. The signing key, if indeed leaked, could be used to build an RPM package that appears to be from Datadog, but it would not be enough to place such a package in our official package repositories,” Datadog said.

“A hypothetical attacker with the affected key should be able to download the built RPM package to a repository used by the system.”

Customers are advised to ensure that their systems stop trusting the affected key and, if they still do, remove the key and verify that all installations were built by Datadog using the available guidance. here.

Datadog has posted this information on its documentation page as “Frequently Asked Questions”, which is not listed on the company’s website. next to other FAQs.

Also, BleepingComputer couldn’t find this page on the web because search engines won’t index it since Datadog added “noindex” and “nofollow” tags to its metadata.

A Datadog spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today for further details.

Datadog CircleCI FAQs
Datadog CircleCI FAQ ‘noindex’ tag (BleepingComputer)

Datadog’s disclosure comes after CircleCI revealed on Friday that its systems had been hacked through an engineer’s laptop infected with malware.

CircleCI first revealed that it suffered a security incident in early January and warned all customers to spin their secrets and tokens.

Last week, the software company said attackers also stole customer secrets after gaining access to its internal systems using a 2FA-backed SSO session cookie from the company’s compromised device. ’employee.

The company added that several customers (“less than 5”) had already found “unauthorized access to third-party systems” and warned customers to investigate their environments for suspicious activity starting December 16, 2022.


Source link