{"id":289172,"date":"2026-07-13T11:15:00","date_gmt":"2026-07-13T15:15:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/07\/13\/lessons-learned-from-cisas-recent-github-leak-krebs-on-security\/"},"modified":"2026-07-13T20:00:11","modified_gmt":"2026-07-14T00:00:11","slug":"lessons-learned-from-cisas-recent-github-leak-krebs-on-security","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/07\/13\/lessons-learned-from-cisas-recent-github-leak-krebs-on-security\/","title":{"rendered":"Lessons Learned from CISA\u2019s Recent GitHub Leak \u2013 Krebs on Security"},"content":{"rendered":"<p><a href=\"https:\/\/krebsonsecurity.com\/2026\/07\/lessons-learned-from-cisas-recent-github-leak\/\">Lessons Learned from CISA\u2019s Recent GitHub Leak \u2013 Krebs on Security<\/a><\/p>\n<p><a href=\"https:\/\/krebsonsecurity.com\/2026\/07\/lessons-learned-from-cisas-recent-github-leak\/\">https:\/\/krebsonsecurity.com\/2026\/07\/lessons-learned-from-cisas-recent-github-leak\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-07-13 11:15:00<\/a><\/p>\n<p>Source Domain: <a href=\"krebsonsecurity.com\">krebsonsecurity.com<\/a><\/p>\n<p>The <strong>Cybersecurity and Infrastructure Security Agency<\/strong> (CISA) has issued a postmortem on a recent data leak in which a contractor published dozens of internal CISA credentials \u2014 including AWS Govcloud keys \u2014 in a public GitHub repository for almost six months before being notified by KrebsOnSecurity. Experts say the gaps identified in the agency\u2019s initial response provide important lessons that all security teams should absorb.<\/p>\n<\/p>\n<p>On May 15, 2026, the security firm <strong>GitGuardian<\/strong> asked for help in notifying CISA about the existence of a public GitHub repository called \u201cPrivate CISA\u201d that included 844 MB of sensitive CISA-related data. One of the exposed files, titled \u201cimportantAWStokens,\u201d included the administrative credentials to three Amazon AWS GovCloud servers. Another file \u2014 \u201cAWS-Workspace-Firefox-Passwords.csv\u201d \u2014 listed plaintext usernames and passwords for dozens of internal CISA systems.<\/p>\n<p>CISA quickly acknowledged our initial alert, but took more than 48 hours to invalidate the AWS keys and many other important secrets leaked in the GitHub repo. In its report on the data leak, CISA said the complexities of the agency\u2019s systems and interconnections with federal and industry partners caused its key rotation to take longer than anticipated.<\/p>\n<p>\u201cDrawing on this experience, CISA encourages others to maintain mature and well-tested key management capabilities,\u201d the report notes.<\/p>\n<p>CISA also admitted it can do better when it comes to responding to security incident notifications from external parties. The postmortem stresses that clear and distinct reporting channels are essential to ensure that incidents affecting the organization itself are handled differently from those involving its products or customers.<\/p>\n<p>\u201cIn CISA\u2019s case, these channels were not well defined, leading the security researcher to try multiple avenues \u2013 including emailing the contractor, submitting through CISA\u2019s vulnerability disclosure platform (which is&#8230;<\/p>\n<p><a href=\"https:\/\/krebsonsecurity.com\/2026\/07\/lessons-learned-from-cisas-recent-github-leak\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Lessons Learned from CISA\u2019s Recent GitHub Leak \u2013 Krebs on Security https:\/\/krebsonsecurity.com\/2026\/07\/lessons-learned-from-cisas-recent-github-leak\/ Publish Date: 2026-07-13&#8230;<\/p>\n","protected":false},"author":1,"featured_media":289173,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2026\/05\/CISA-logo.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,27],"class_list":["post-289172","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/289172"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=289172"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/289172\/revisions"}],"predecessor-version":[{"id":289174,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/289172\/revisions\/289174"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/289173"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=289172"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=289172"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=289172"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}