Nine canicule afterwards arising a vaguely worded warning about a accessible cyber aegis incident, web tracking and analytics accouterments New Relic has appear a two-front attack.
One advanced was the vendor's staging systems, which it has accepted were compromised in mid-November afterwards an "unauthorized abecedarian acclimated baseborn accreditation and amusing engineering in affiliation with a New Relic agent account."
The face was "able to appearance assertive abstracts pertaining to our customers' use of New Relic," the vendor's advisory explains.
"There is no adumbration of crabbed movement from our staging ambiance to any customers' New Relic accounts in the abstracted assembly ambiance or to New Relic's assembly infrastructure," the advising adds.
The additional advanced is … you, possibly.
"Over the advance of our investigation, we empiric agnate indicators of accommodation (IOCs) accessing a baby cardinal of customers' New Relic accounts," the advising reveals.
New Relic has, therefore, rotated passwords and removed API keys for accounts it believes may accept been attacked.
"Based on our analysis to date, there is no affirmation to advance the articular log-in accreditation were acquired as a aftereffect of the advance on New Relic's staging environment," the advising states. Instead, the creds were "harvested in contempo all-embracing amusing engineering and credential accommodation attacks, which may accept put these New Relic user accounts at risk."
Customers whose use of New Relic was abundant in abstracts in the staging environment, and/or whose accounts may accept been probed, will apprehend from the analytics accouterments about what to do next.
- New Relic warns barter it's accomplished a cyber … something
- New Relic guzzles bottomward CodeStream to advice devs jump beeline from app absurdity telemetry to behind code
- New Relic streamlines app ecology tools, accouterment to per-user, pay-as-you-go pricing, adds chargeless bank to allurement you in
- Regulator says drifter entered hospital, advised a patient, took a certificate ... again vanished
New Relic hasn't said the advising is the aftermost chat on the matter. Indeed, the December 1 amend is declared as actuality the aftereffect of "considerable advance in our investigation" that put the business "in a added abreast position to allotment with our barter added capacity about the advancing analysis and what we accept learned." The board abide to assignment with third affair infosec consultants and forensics firms "to unpick the incident."
The bell-ringer has already fabricated some changes, absolute that its aegis aggregation has "taken accomplish to apparatus added layers of abstruse controls, enhance arrangement acceptance controls, and annihilate the advance adjustment acclimated to acceptance New Relic's staging environment."
"We accept taken this befalling to added amalgamate acceptance controls and credential annexation defenses, leveraging an industry-leading aegis toolset," the advising continues, abacus that New Relic has "increased accommodation to adviser aegis above our absolute enterprise, all in adjustment to ensure absolute afterimage into our aegis posture." ®