Close Menu
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice

Subscribe to Updates

Get the latest creative news from FooBar about art, design and business.

What's Hot

CISA Details Incident Response to Exposed AWS GovCloud Keys

July 10, 2026

6 Capabilities That Separate Leaders from Bolt-On AI solutions

July 10, 2026

Anthropic and OpenAI Security Tools Could Fuel Cyber-Attacks

July 10, 2026
Facebook X (Twitter) Instagram
Friday, July 10
Facebook X (Twitter) Instagram Pinterest Vimeo
Cyberwire Daily
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice
Cyberwire Daily
Home»News»CISA Details Incident Response to Exposed AWS GovCloud Keys
News

CISA Details Incident Response to Exposed AWS GovCloud Keys

Team-CWDBy Team-CWDJuly 10, 2026No Comments3 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
Share
Facebook Twitter LinkedIn Pinterest Email


The US Cybersecurity and Infrastructure Security Agency (CISA) has detailed its response to internal CISA Amazon AWS GovCloud Keys and other information being made available in a public repository. 

The reaction came after KrebsOnSecurity detailed in May how a security researcher with GitGuardian had identified a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems.

The GitHub repository was not part of CISA’s official GitHub but rather was a personal repository owned by a contractor.

In an update published on June 9, CISA said, “Within moments of receiving this information, CISA’s Office of the Chief Information Officer (OCIO) took swift and comprehensive action to mitigate any exposure to CISA’s cloud resources and code repositories.”

CISA’s internal incident response began on May 15.

The actions taken by the agency’s incidents responders included efforts to eliminate public exposure, prevent further harm, understand the scope of information shared, assess the impact and implement corrective actions.

It was highlighted that no customer or mission data was exposed and leaked credentials were not used outside of CISA’s environments.

The third-party individual uploaded copies of a CISA build and deployment repository to their personal GitHub account for the purpose of creating cloud infrastructure autonomously. This repository included CISA’s Infrastructure As Code and build code.

Take Security Tips Seriously

In its reflections on the incident the cybersecurity agency said it was vital to take cybersecurity tips and external reporting seriously. CISA thanked the security researcher and the reporter for their collaboration.

CISA also said the incident highlighted the need to adopt zero trust principles in order to protect systems and development environments.

It was also highlighted that strong logging capabilities are vital. CISA said its SOC has the necessary logs to successfully investigate the incident and continuous improvement of logging capabilities remains a key element of a strong security program. 

CISA said the incident drew attention to several areas for improvement, including tighter controls over public code repository access, stronger monitoring for exposed secrets, and the development of comprehensive GitHub and cloud incident-response playbooks.

The agency also plans to simplify security researcher reporting channels. In this instance, these channels “were not well defined” which resulted in the security researcher attempting to communicate via multiple channels.

These included emailing the contractor, submitting through CISA’s vulnerability disclosure platform (which is intended for vulnerabilities impacting the broader cybersecurity community), and ultimately involving a reporter. 

Finally, CISA plans to strengthen security guardrails in developer environments and improve cryptographic key management to enable faster credential rotation during future incidents.

“It is not a matter of “if”, but “when” a cybersecurity incident will happen to your organization. It is important to the broader cybersecurity community that we address these matters openly to strengthen trust and foster transparency. Such transparency unlocks opportunities for learning that will enhance not only CISA’s security posture but that of other organizations as well,” CISA wrote.

CISA also published the update on its LinkedIn channel with one commenter praising the agency for its willingness to document both the strengths and the gaps in its response to the indent.



Source

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous Article6 Capabilities That Separate Leaders from Bolt-On AI solutions
Team-CWD
  • Website

Related Posts

News

6 Capabilities That Separate Leaders from Bolt-On AI solutions

July 10, 2026
News

Anthropic and OpenAI Security Tools Could Fuel Cyber-Attacks

July 10, 2026
News

Opera GX Flaw Let Malicious Sites Auto-Install Mods to Steal Data From Visited Pages

July 10, 2026
Add A Comment
Leave A Reply Cancel Reply

Latest News

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202523 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views

Why SOC Burnout Can Be Avoided: Practical Steps

November 14, 20259 Views

Cyber M&A Roundup: Cyber Giants Strengthen AI Security Offerings

December 1, 20258 Views
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Most Popular

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202523 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views
Our Picks

Why cybercriminals want to break into your email account

June 29, 2026

Look out for phony verification pages spreading malware

September 14, 2025

The quest for greater tech independence

May 19, 2026

Subscribe to Updates

Get the latest news from cyberwiredaily.com

Facebook X (Twitter) Instagram Pinterest
  • Home
  • Contact
  • Privacy Policy
  • Terms of Use
  • California Consumer Privacy Act (CCPA)
© 2026 All rights reserved.

Type above and press Enter to search. Press Esc to cancel.