CISA管理员在GitHub上泄露了AWS GovCloud密钥
直到上周末,一名隶属于美国网络安全与基础设施安全局(CISA)的承包商在GitHub上维护着一个公开仓库,其中暴露了多个高权限AWS GovCloud账户以及大量CISA内部系统的凭证。安全专家表示,该公开档案包含了CISA内部如何构建、测试和部署软件的详细文件,并称这是近年来最严重的政府数据泄露事件之一。
相关报道
A CISA administrator accidentally leaked AWS GovCloud access keys on GitHub, exposing sensitive cloud credentials used by the U.S. government. The breach highlights ongoing risks of credential exposure in public repositories, even within federal agencies.
A CISA administrator accidentally leaked AWS GovCloud access keys on GitHub, exposing sensitive internal systems. The keys, discovered by security researchers, provided access to a classified cloud environment used by the U.S. government. CISA has since revoked the credentials and launched an investigation into the incident.