CISA details security lapses that led to GitHub leak of passwords, cloud access keys
Weak security controls around the use of public GitHub code repositories allowed a contractor for the Cybersecurity and Infrastructure Security Agency (CISA) to accidentally leak private cloud access keys and other sensitive credentials, CISA said in a report released Thursday.
“The individual had uploaded copies of a CISA build and deployment repository to their personal GitHub account for the purpose of creating cloud infrastructure autonomously,” two CISA officials, acting CIO Preston Werntz ...
Read more at cybersecuritydive.com