TECH NEWS

America's top cyber-defense agency left a GitHub repo open with with passwords, keys, tokens – and incredibly obvious filenames

I wonder what's in 'external-secret-repo-creds.yaml' and 'AWS-Workspace-Firefox-Passwords.csv'?

The US Cybersecurity and Infrastructure Security Agency (CISA) left open a GitHub repository named “Private-CISA” containing plain-text passwords, private keys, tokens, and secrets – with obvious file names like “external-secret-repo-creds.yaml” and “AWS-Workspace-Firefox-Passwords.csv” – for six months.

GitGuardian researcher Guillaume Valadon, fresh off a recent talk on Kubernetes secret leaks, found the public repository on May 14, and told The Register that he “quickly understood that the leak was bad and that time was running out. A national agency having 844 MB of production infrastructure material in a public GitHub repository for six months is as serious as a secrets leak gets.”

Valadon, who previously spent nine years at France’s CISA equivalent, ANSSI, told us the leak included tokens for CISA's internal JFrog Artifactory, Azure registry keys, AWS credentials, Kubernetes manifests, ArgoCD application files, Terraform infrastructure code, GitHub personal access tokens, and Entra ID...

Copyright of this story solely belongs to theregister.com. To see the full text click HERE

https://cdn.mos.cms.futurecdn.net/arr8DfDMhwxR9B9ApTAYkN-1920-80.jpg

Lego Batman: Legacy of the Dark Knight is ‘a real mish-mash’ of genres and gameplay features held together by having the Batman: Arkham series as its muse

Lego Batman: Legacy of the Dark Knight is a love song to the enduring legacy and decades-long adventures of the Caped Crusader, offering great fun for all the family. Newly added combat mechanics, difficulty levels, and a slimmer roster of characters with unique skills make for a well-rounded gameplay experience.

http://www.techmeme.com/img/techmeme_sq328.png

GitHub says it's investigating “unauthorized access” to its internal repositories, and there's no proof of customer data outside its repositories being impacted

Sponsor Posts Niantic Spatial: World models need real-world data — Scaniverse is the gateway to spatial services — self-serve and built for AI and robotics. Large-area 3D reconstruction from 360° cameras and precise localization, anywhere machines operate. Protecting your Cloud Applications Data — Backing up Office 365, Google Workspace, Dropbox & Salesforce data

https://image.theregister.com/242302.jpg?imageId=242302&x=0&y=0&cropw=100&croph=100&panox=0&panoy=0&panow=100&panoh=100&width=1200&height=683

AI sackings reach New Zealand, which will use it to eject 14 percent of government staff

Public Sector Minister demands AI becomes ‘basic expectation for all public entities’ The wave of layoffs attributable to the adoption of AI has washed up on the shores of New Zealand, which has announced an overhaul of its public service that will see the technology become a “basic expectation” for

Q&A with Google SVP James Manyika on AI's ability to automate tasks versus occupations, his optimism about the labor market despite AI-driven layoffs, and more

Read more

Lego Batman: Legacy of the Dark Knight is ‘a real mish-mash’ of genres and gameplay features held together by having the Batman: Arkham series as its muse

GitHub says it's investigating “unauthorized access” to its internal repositories, and there's no proof of customer data outside its repositories being impacted

AI sackings reach New Zealand, which will use it to eject 14 percent of government staff

Q&A with Google SVP James Manyika on AI's ability to automate tasks versus occupations, his optimism about the labor market despite AI-driven layoffs, and more