New, by me: CISA Admin Leaked AWS GovCloud Keys on GitHub
-
New, by me: CISA Admin Leaked AWS GovCloud Keys on GitHub
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history.
-
@briankrebs dying to know how that person was selected
@briankrebs because i actually reached out to cisa in the past, asking how to work for them. they told me the only way to do it was unpaid, and condesendingly told me i should do it 'because i love my country'. many others were getting paid. so, needless to say, theres a little club, and im not in it.
but this guy was.
so i reeeeeally wanna know -
New, by me: CISA Admin Leaked AWS GovCloud Keys on GitHub
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history.
Nightwing employee? This outfit?
Threat Convergence: Staying Ahead of Coordinated Attacks | Nightwing posted on the topic | LinkedIn
#ICYMI 🚨 Threat actors aren't slowing down—and neither should your defenses. The #TeamNightwing intelligence experts have identified a concerning trend: threat convergence. Attackers are no longer using isolated tactics. Instead, they are combining multiple sophisticated techniques in coordinated campaigns. Full breakdown of what you need to know ⤵️ https://lnkd.in/einXizGm
LinkedIn (www.linkedin.com)
-
It's possible this set of instructions by the CISA contractor might have caused all the trouble:
@briankrebs Where are these from? Didn’t see in the article.
-
@briankrebs Where are these from? Didn’t see in the article.
@richlv from dude's exposed GitHub repo.
-
R relay@relay.infosec.exchange shared this topic
-
New, by me: CISA Admin Leaked AWS GovCloud Keys on GitHub
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history.
@briankrebs Our tax dollars at work
-
@briankrebs Our tax dollars at work
@krypt3ia @briankrebs which is ironic, because ive talked to almost half a dozen shops who cisa was paying as their outsourced assessment teams, but when i asked to be one of those they told me to fuck off, then 'how dare you'd me because i asked to be paid for my work. i have all the receipts. made sure to keep those emails tagged.
-
@krypt3ia @briankrebs which is ironic, because ive talked to almost half a dozen shops who cisa was paying as their outsourced assessment teams, but when i asked to be one of those they told me to fuck off, then 'how dare you'd me because i asked to be paid for my work. i have all the receipts. made sure to keep those emails tagged.
@Viss @briankrebs No bid contract
-
New, by me: CISA Admin Leaked AWS GovCloud Keys on GitHub
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history.
@briankrebs “Currently, there is no indication that any sEnSiTIVe datA was compromised as a result of this incident,” the CISA spokesperson wrote. "I mean, of course, sensitive data was exposed, but not sEnSiTIVe datA."
-
@briankrebs “Currently, there is no indication that any sEnSiTIVe datA was compromised as a result of this incident,” the CISA spokesperson wrote. "I mean, of course, sensitive data was exposed, but not sEnSiTIVe datA."
@bbdd333 @briankrebs no logs no crime!
-
@briankrebs Are you seriously telling me that somebody stored AWS govcloud secrets in a github repo ? In a file called "Important AWS Tokens" ? Do they not know who github is ? Is it intentional ?
Has that person been fired into the sun yet, along with whoever hired them ?
At some point its intentional. When you have that type of access it should be assumed it is.
-
New, by me: CISA Admin Leaked AWS GovCloud Keys on GitHub
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history.
CISA should know better than to use Cloud. AWS in particular. SMH.
-
New, by me: CISA Admin Leaked AWS GovCloud Keys on GitHub
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history.
@briankrebs this is unbelievable
-
New, by me: CISA Admin Leaked AWS GovCloud Keys on GitHub
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history.
@briankrebs bruh what the fuck lmao
-
Nightwing employee? This outfit?
Threat Convergence: Staying Ahead of Coordinated Attacks | Nightwing posted on the topic | LinkedIn
#ICYMI 🚨 Threat actors aren't slowing down—and neither should your defenses. The #TeamNightwing intelligence experts have identified a concerning trend: threat convergence. Attackers are no longer using isolated tactics. Instead, they are combining multiple sophisticated techniques in coordinated campaigns. Full breakdown of what you need to know ⤵️ https://lnkd.in/einXizGm
LinkedIn (www.linkedin.com)
One more Nightwing LinkedIn post, from three days ago.
#definingtheedge | Nightwing
Cyber threats in the space domain aren’t theoretical, they’re persistent, asymmetric, and accelerating. From ground infrastructure to on-orbit systems, Nightwing helps uncover critical vulnerabilities before adversaries can exploit them, strengthening the resilience of the architectures our national security depends on. That’s why we’re proud to have sponsored Tectonic and Payload's Inside the Dome this week. Bringing together leaders across government and industry it’s clear that cyber resiliency isn’t optional – it’s foundational to every space mission. United States Space Force // United States Department of War #DefiningTheEdge
LinkedIn (www.linkedin.com)
-
@briankrebs Are you seriously telling me that somebody stored AWS govcloud secrets in a github repo ? In a file called "Important AWS Tokens" ? Do they not know who github is ? Is it intentional ?
Has that person been fired into the sun yet, along with whoever hired them ?
@jab01701mid @briankrebs isn't the real wtf storing secrets in a git repo, let alone pushing it to github?
-
@jab01701mid @briankrebs isn't the real wtf storing secrets in a git repo, let alone pushing it to github?
@GerardThornley @briankrebs I guess you have to store secrets somewhere, in your source or CI/CD pipeline playbook. I hope people are not checking in private keys, or the CEO's email password.
But govcloud IIRC is basically AWS but "secure for fedramp". Then using "github" for your source control is like the Manhattan Project keeping their notebooks in the local college library, but in a locked room.
-
New, by me: CISA Admin Leaked AWS GovCloud Keys on GitHub
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history.
@briankrebs csv password docs... wow, just wow.
-
@briankrebs That sounds pretty bad, sure- but remember, whomever is left over there has the most important thing, which is loyalty.
@chux0r @briankrebs This is correct. The regime shitcanned everyone associated Biden’s CISA, including the contractors and brought their own people in. Watched it happen
-
It's possible this set of instructions by the CISA contractor might have caused all the trouble:
@briankrebs Seems this dude doesn't know how git works and the organisation did not enforced Separation of work and private stuff (on different devices!).
