TECH NEWS

CISA contractor apparently leaked 'highly sensitive' government AWS keys on Github

https://cdn.mos.cms.futurecdn.net/yga3LG7XiRJcCatEoQaGuG-2560-80.png
  • A public GitHub repository called “Private‑CISA” exposed highly sensitive internal credentials and systems used by the US Cybersecurity and Infrastructure Security Agency
  • Security researchers confirmed the authenticity of the leak, describing it as one of the worst government data exposures they had ever seen
  • The repository, maintained by contractor Nightwing, was eventually locked down, with CISA pledging safeguards to prevent future incidents

Researchers have revealed details on what they called, “one of the most egregious government data leaks in recent history” involving some potentially incredibly sensitive US government information.

Security researcher Guillaume Valadon reached out toKrebsOnSecurity to help contact a person in charge of a public GitHub repository.

This person, who was not responding to messages, was operating a GitHub repository called “Private-CISA” which contained, among other things:

  • AWS GovCloud administrative credentials for three accounts
  • AWS access keys
  • AWS tokens (including “importantAWStokens” file)
  • Plaintext usernames and passwordsfor internal...

Copyright of this story solely belongs to techradar.com. To see the full text click HERE

Read more

http://www.techmeme.com/img/techmeme_sq328.png

GitHub says it's investigating “unauthorized access” to its internal repositories, and there's no proof of customer data outside its repositories being impacted

Sponsor Posts Niantic Spatial: World models need real-world data — Scaniverse is the gateway to spatial services — self-serve and built for AI and robotics. Large-area 3D reconstruction from 360° cameras and precise localization, anywhere machines operate. Protecting your Cloud Applications Data — Backing up Office 365, Google Workspace, Dropbox & Salesforce data
http://www.techmeme.com/img/techmeme_sq328.png

Q&A with Google SVP James Manyika on AI's ability to automate tasks versus occupations, his optimism about the labor market despite AI-driven layoffs, and more

Sponsor Posts Niantic Spatial: World models need real-world data — Scaniverse is the gateway to spatial services — self-serve and built for AI and robotics. Large-area 3D reconstruction from 360° cameras and precise localization, anywhere machines operate. Protecting your Cloud Applications Data — Backing up Office 365, Google Workspace, Dropbox & Salesforce data