Researcher Finds Public GitHub Repo Exposing Sensitive CISA Credentials

Researcher Finds Public GitHub Repo Exposing Sensitive CISA Credentials

Cybersecurity Today

B123 مايو 202626 min
تشغيل

The episode recounts how GitGuardian security researcher Guillaume Valadon, while monitoring public GitHub for leaked secrets, discovered a publicly accessible repository labeled "CISA-Private" containing highly sensitive CISA materials, including internal DHS/CISA credentials, cloud keys, tokens, plaintext passwords, logs, and files such as "Important AWS Tokens" and a CSV listing usernames and passwords for internal systems. Believing a contractor likely used GitHub to move work from a work device to a home device, Valadon escalated via responsible disclosure to CERT, then involved journalist Brian Krebs to reach CISA faster when the repo remained public. After additional outreach, t...

الحلقات · Cybersecurity Today