• Trends
  • Topics
  • Nodes
Search for keywords, #hashtags, $sites, add a dash to exclude, e.g. -$theonion.com

From trufflesecurity.com

Millions of Accounts Vulnerable due to Google’s OAuth Flaw ◆ Truffle Security Co.

0 1

Millions of Americans can have their data stolen right now because of a deficiency in Google’s “Sign in with Google” authentication flow. If you’ve worked for a startup in the past - especially one that has since shut down - you might be vulnerable.

on Jan 14

From trufflesecurity.com

You can Access Private Azure DevOps Repo Data ◆ Truffle Security Co.

0 0

A few weeks ago, we introduced a new class of vulnerability (Cross Fork Object Reference) and shared how they could be used to access deleted and private repo data on GitHub. Well, we’re back. Same topic, different provider. Except in some ways, it’s worse in the case of Azure DevOps (ADO).

on Sep 12

From trufflesecurity.com

TruffleHog Partners With Hugging Face to Scan for Secrets ◆ Truffle Security Co.

0 1

We're happy to announce that we've partnered with Hugging Face to bring TruffleHog’s secret scanning to the Hugging Face Hub.

on Sep 4

From trufflesecurity.com

TruffleHog now finds all Deleted & Private Commits on GitHub ◆ Truffle Security Co.

0 0

TruffleHog can now enumerate Cross Fork Object References (and deleted git history), and then scan them for secrets.

on Aug 4

From trufflesecurity.com

Anyone can Access Deleted and Private Repository Data on GitHub ◆ Truffle Security Co.

0 0

You can access data from deleted forks, deleted repositories and even private repositories on GitHub. And it is available forever. This is known by GitHub, and intentionally designed that way.

on Jul 27

From trufflesecurity.com

Secrets in Source Code Are Not A Code Security Problem ◆ Truffle Security Co.

0 1

Seven years ago I created TruffleHog; today I'm putting this blog out with the creator of GitLeaks, to reshape the industry on how we think about secrets in our code. Many companies now offer secret scanning DevSecOps CI/CD suite to keep your source code secure. They’re wrong. API keys in your...

on Jul 25

From trufflesecurity.com

Truffle Security Co.

0 0

TruffleHog is an open-source secret scanning engine that detects and helps resolve secrets across your entire tech stack. Learn more...

on Jul 25

From trufflesecurity.com

Credentials Leaking with Subdomain Takeover ◆ Truffle Security Co.

0 0

We’re disclosing new techniques to steal sensitive data in localStorage (like API keys and passwords) via subdomain takeover.

on Jun 3

From trufflesecurity.com

Stop Recommending JWTs (with symmetric keys) ◆ Truffle Security Co.

0 0

This post focuses on the popular symmetric cryptography choice, and our analysis of its implementation in the wild.

on May 28

From trufflesecurity.com

(The) Postman Carries Lots of Secrets ◆ Truffle Security Co.

0 0

Postman, the popular API testing platform, hosts the largest collection of public APIs. Unfortunately, it’s become one of the largest public sources of leaked secrets. We estimate over 4,000 live credentials are currently leaking publicly on Postman for a variety of popular SaaS and cloud providers.

on Apr 25

From trufflesecurity.com

The Keyboard Button that Displays Linux Root Memory ◆ Truffle Security Co.

0 0

You might be wondering, what button on the keyboard could possibly leak root memory? Well, there's this button to the right of the backspace button, above the insert button, which I, and probably you too, had literally never pressed (until recently). It's labeled "SysRq,".

on Apr 16

From trufflesecurity.com

TruffleHog Now Detects AWS Canaries without setting them off ◆ Truffle Security Co.

0 0

Today we’re unveiling a novel way to identify canarytokens.org canaries completely statically without setting them off. Thinkst offers self hosted, and paid alternatives that are protected from these techniques. We’re open sourcing this capability and including it in TruffleHog.

on Feb 29

From trufflesecurity.com

The Risks of a Leaked Stripe API Key - Truffle Security

0 0

Millions of businesses use Stripe’s payment processing platform everyday. What could happen if a Stripe API key is leaked (or stolen)? 

on Feb 4

From trufflesecurity.com

Webinar - Truffle Security

0 0

Register now for our free webinar on rotating API keys!

on Jan 29

From trufflesecurity.com

Research Uncovers AWS Account Numbers Hidden in Access Keys - Truffle Security

0 0

Our interview with Tal Be'ery, the researcher who discovered a way to extract AWS account numbers from AWS access keys ids.

on Jan 20, 2024

From trufflesecurity.com

Google OAuth is broken (sort of) - Truffle Security

0 0

A Google Oauth vulnerability that allows employees to maintain access to services after they're offboarded.

on Dec 16, 2023

From trufflesecurity.com

Unearth Your Secrets - Truffle Security

0 0

Truffle Security offers the first automated solution to continuously scan your environment for secrets like private keys and credentials, so you can protect your data before a breach occurs.

on Nov 9, 2023

From trufflesecurity.com

Thousands of GitHub Comments Leak Live API Keys - Truffle Security

0 0

GitHub Issue and Pull Request comments contain thousands of live API keys and passwords. TruffleHog now supports scanning GitHub Issues/PRs.

on Oct 5, 2023