Releases
New from Truffle Security
Truffle Security Raises $25 Million Series B to Expand NHI Security
Funding fuels customer growth and product expansion, including TruffleHog GCP Analyze for context-aware detection of NHI leaks in Google Cloud.
New from Truffle Security
TruffleHog Analyze: Know your secrets
We are proud to introduce TruffleHog Analyze, the only tool that automatically provides a comprehensive analysis of each key’s capabilities, enabling security teams to understand the impact of credential leaks and prioritize remediation across multiple SaaS (and cloud) providers.
In the press
John Hammond
Thousands of API Keys Exposed
Podcast with John Hammond: Google API keys didn't use to be considered "secret," so they're all over the web-- but now they are an open door to Gemini.
Axios
Hackers can exploit thousands of exposed Google API keys to access Gemini and steal data
Truffle Security discovered that old Google API keys, previously used in other projects as harmless identifiers, can turn into a serious risk after the Gemini API is enabled.
Axios
Truffle Security raises $25M for enterprise credential protection
Truffle Security, which helps enterprises keep track of credentials, locked up a $25 million Series B led by Intel Capital and a16z.
Security Week
Truffle Security Raises $25 Million for Secret Scanning Engine
TThe investment will fuel the development of Truffle’s enterprise-grade secrets detection, verification, and remediation platform.
Tech Crunch
Employees of failed startups are at special risk of stolen personal data through old Google logins
Employees at failed startups are at particular risk of having their data stolen..
Forbes
Millions Of Sign-In-With-Google Users Warned Of Data-Theft Vulnerability
The bad new is that Google’s OAuth authentication can be exploited by attackers to gain access to sensitive data from, potentially, millions of accounts.
The Hacker News
Google OAuth Vulnerability Exposes Millions via Failed Startup Domains
New research has pulled back the curtain on a "deficiency" in Google's "Sign in with Google" authentication flow that exploits a quirk in domain ownership to gain access to sensitive data
HelpNet Security
TruffleHog: Open-Source Solution for Scanning Secrets
TruffleHog is an open-source scanner that identifies and addresses exposed secrets throughout your entire technology stack.
SecurityWeek
Thousands of Popular Websites Leaking Secrets
Code security firm Truffle Security warns that thousands of the domains in the Alexa top 1 million websites list are leaking secrets, including credentials.
TechCrunch
India’s national logistics portal exposed sensitive personal data, trade records
Called the National Logistics Portal-Marine, the website made the sensitive and private data public due to misconfigured Amazon S3 buckets. It also carried a JavaScript file that included login credentials into the web source code. Security researcher Bob Diachenko found the issues with the Indian portal through the open source security tool TruffleHog.
The New Stack
The Challenges of Secrets Management, from Code to Cloud
TruffleHog is a powerful open source tool for identifying secrets and sensitive information across an organization’s entire software development life cycle (SDLC). In addition to identifying secrets in code, TruffleHog can also detect insecurely shared secrets in other areas of the SDLC, such as configuration files, build scripts and deployment pipelines.
iTnews
Docker users careless with secrets
The researchers emphasised that image creators need to be warned against uploading secrets to public Docker registries, and when deploying containers based on downloaded images, users should be warned that secrets like private keys might already be compromised. They also suggest that “credential-finding tools such as TruffleHog or SecretScanner … be integrated on both sides of the Docker paradigm.”
tl;dr sec
[tl;dr sec] #199 - Supply Chain Security Overview, Container Escapes, AI + Cybersecurity
Truffle’s Joe Leon et al scanned the Alexa Top 1 Million for https://.com/.git, and found 4,500 exposed their source code (note: this is not even looking at sub paths, only top level).
Expa
Founder Spotlight: Dylan Ayrey of Truffle Security
As George Washington and Bill Belichick have often said: The best defense is a good offense. One of the best examples of this adage in action is Truffle Security, which helps companies identify and address credentials and passwords before hackers are able to find and exploit them.
SkyNet Tools
