🤔 Why don’t bug bounty programs reward researchers for finding stolen credentials?
🔍We interviewed #HackerOne ’s CISO about new guidelines including:
🔑 Credential types & vulnerabilities
⚖️ Legal risks
🛠️ TruffleHog tools
trufflesecurity.com/blog/bug-bount…

May the 4th (and your Secrets) Be With You!

If you are BSidesSF this weekend, stop by the Truffle Security Booth, meet the team, and get your free sticker! #StarWarsDay

Heading to BSidesSF this weekend?

🚀 Visit our booth for the latest #TruffleHog updates!

📅 Talks to catch:
🌟 Sat, May 4, 12 PM - 'The Secret Life of Secrets'
🌟 Sun, May 5, 11:15 AM - 'Beyond Code and Clicks'
Check out the schedule: bsidessf.org/schedule

🚀 Big news for #Postman users!

🐷 TruffleHog now scans for secrets in public & private workspaces!

🔐 Secure over 800 types of secrets across your environments
👉 Get Started: trufflesecurity.com/blog/scan-post…

Postman users exposing thousands of Passwords/API keys

Months of research went into this; you can now scan Postman with TruffleHog, here's a video with myself and researcher Joe Leon going over the details youtu.be/o6Vj6Uknakc

Guess which developer tool is publicly exposing over 4,000 live credentials right now? 😱

🔍 Research shows #postman is exposing secrets for major SaaS & cloud providers like AWS, GCP, OpenAI, & GitHub!

👀 Find out why & learn how to protect your data: trufflesecurity.com/blog/postman-c…

#TruffleHog stickers are 😚👌

🐝Have you signed up for the OWASPBayArea Meetup in SF next Tuesday on 4/23 from 5-8?

🌟You won't want to miss Dylan’s talk on “Secrets from a bygone era.”

👉 Spaces are filling up. Secure your spot now: meetup.com/bay-area-owasp…

🐝Join us next week on 4/23 from 5-8pm for the OWASPBayArea Meetup in SF.

🌟We are excited to welcome Sam Curry as one of our featured speakers!

Sam will be talking about Leaked Secrets and Unlimited Miles. ✈️

👉 Secure your spot now: meetup.com/bay-area-owasp…

CISA is now recommending all Sisense customers revoke all credentials shared with Sisense, following an attacker abusing an AWS key Sisense had laying around in a Git repo.

We (Truffle Security ) made howtorotate.com a while ago to make revocation as painless as we can.

🔒 How many secrets leak on public gists?

Of 37,323 checked, only 11 with secrets! 🤯

🤔Why so few?

👉Find out the unexpected reasons and secure your gists with 🐷 TruffleHog.

trufflesecurity.com/blog/do-secret…

Join us for an evening filled with expert security insights and valuable peer networking on 4/23 OWASPBayArea Meetup. Don't miss talks by Dylan, Sam Curry, and Denis Smajlović.

👉 Secure your spot now: meetup.com/bay-area-owasp…

New TruffleHog open-source script 🐷 helps make Docker Build Cloud is here! 🐳🧱☁️ 🐳more secure!

🔍 Scans every Docker image tag & architecture for leaked secrets

👉Get the script for a more comprehensive scan of Docker images: trufflesecurity.com/blog/scan-ever…

20 essential open-source cybersecurity tools that save you time - helpnetsecurity.com/2024/03/25/ess… - Lars Karlslund - mucking around with your AD Permiso Security ProjectDiscovery.io Mario Rojas Amged m-1-k-3 Josh Summitt Ajin Abraham Bojan Zdrnja FalconForce Official Truffle Security Travis CI ˗ˏˋ Alicia Sykes ˎˊ˗ 🚀 Harshit Raj Singh

Jira stores a lot of company data - including leaked keys and passwords!🤦‍♀️
🎟️ Tickets can contain password resets, API keys and other sensitive data.
🐷Find out how TruffleHog detects and remediates hidden secrets.👉 trufflesecurity.com/blog/how-to-sc…

⌨️ There's a keyboard button in Linux that can sometimes dump root memory when pressed.

😅 It's made worse with Marc Newlin 's bluetooth bugs, that can remotely press the button every 50ms

👉 Learn more: trufflesecurity.com/blog/the-keybo…

🌟We're spotlighting a few members of our community this week for helping to keep TruffleHog secure by reporting vulnerabilities.

Huge thank you to Helena Rosenzweig and the Assetnote team!

trufflesecurity.com/blog/contribut…