CISA credentials get leaked on GitHub

Congressional Democrats want answers from the Cybersecurity and Infrastructure Security Agency https://cyberscoop.com/cisa-credential-leak-congress-demands-answers/ on GitHub in an incident that the security researcher who discovered it called one of the worst leaks he’s ever seen. Other security professionals also voiced concern Tuesday about the leak and the potential for abuse by any malicious parties who got a hold of the information. Security firm GitGuardian said it discovered a public GitHub repository last week that exposed credentials for privileged AWS GovCloud accounts and internal CISA systems dating back to November. The repository, apparently maintained by a contractor, was named “Private-CISA.” Krebs on Security first reported the incident. A GitGuardian researcher said his main fear upon verifying the leak was real “is that a state actor will get the data and might be able to do bad stuff.” State-based attackers who obtained the credentials “might be able to gain persistence,” the researcher said, calling it worse than an attacker destroying a database or having an intruder gain access to a government system.

The Office of Personnel Management would get a better handle on the federal biotechnology workforce under a pair of bills from a bipartisan House duo. Introduced Wednesday, the Federal Biotechnology Workforce Assessment Act directs OPM to coordinate with agency heads on defining the federal biotech workforce, in addition to assessing current and future needs for those “bio-literate” federal employees. The bill from Reps. Ro Khanna, D-Calif., and Rich McCormick, R-Ga., shared first with FedScoop, is aimed at ensuring the federal government workforce keeps the country a step ahead of China in the biotech space. Priority No. 1 for OPM’s assessment is identifying the total number of biotech positions required at federal agencies. The legislation is focused specifically on the departments of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, Interior, State, and Treasury, as well as the Environmental Protection Agency, the National Science Foundation, NASA, and the offices of the Director of National Intelligence and the U.S. Trade Representative.