Truffle Security Co.

🔑 Private Key Reuse: It’s everywhere! 🔑 🔍 We analyzed 7B+ TLS certs and found: 😱 10% reuse private keys! 👀We also looked at 65 Million GitHub users’ SSH keys and 2% had the same issue! 🔓Reusing private keys, like passwords, increases the risk of attackers impersonating servers, decrypting sensitive data, or hijacking user sessions if the key is compromised. 👉 Learn why this matters: https://lnkd.in/eczFvAGr #TruffleHog #PrivateKey #TLS #DataSecurity #Appsec #OpenSourceSecurity #cybersecurity #secretsmanagement  #securityawareness #datasecurity #infosec #TruffleSecurity

🔒 TruffleHog Scans Encoded & Archived Data for Secrets 🛠️ 🐷 TruffleHog automagically detects secrets in encoded formats (e.g., Base64, UTF-8) and archived files (e.g., .zip, .tar). 🔍 It quickly uncovers hidden credentials like AWS keys, even when encoded or compressed. 🔐 We've built efficient ways to detect secrets in obfuscated formats, helping both enterprise customers and open-source users. 🔗For more details and examples, check out the blog: https://lnkd.in/ghH6XnKR #TruffleHog #GitHub  #AWS #DataSecurity #Appsec #OpenSourceSecurity #cybersecurity #secretsmanagement  #securityawareness #datasecurity #infosec #TruffleSecurity

🌬 Blown away by the excellent time we had in the Windy City! A gorgeous city made even better by great company. 🐻 🐷 Our team gathered for a week of connection + collaboration at our biannual company #offsite. From business reviews to soaking up the sights on the architecture boat tour and making deep-dish pizzas— not to get cheesy, but it was a recipe for success. 🍕 ⚡ We’re feeling more energized than ever to wrap up 2025 on a high note and tackle what’s ahead for #secretsdetection!

🚨 Developers often unintentionally leak data when open-sourcing a new tool on GitHub! 🛠️ 😨🔍 Savvy users might rebase and squash git history, thinking it hides past commits. But even then, sensitive data in “dangling” commits can still be accessed with the SHA-1 hash. 🛑 Avoid these common pitfalls and keep your data secure! 🔒 ➡️ Check out our latest blog for recommendations on how to securely open-source your next project on GitHub https://lnkd.in/gaPuKWky #TruffleHog #GitHub  #DataSecurity #Appsec #OpenSourceSecurity #cybersecurity #secretsmanagement  #securityawareness #datasecurity #infosec #TruffleSecurity

🍁 🍂  Hacktoberfest 2024 is here! 🐷We’re excited to kick off Truffle Security's Detector Improvement Competition! 🔍Last year, we added 31 new detectors with your amazing contributions. 🛠️This year, it's all about enhancing accuracy and reliability by improving existing detectors. How can you participate? 🔹 Fork the TruffleHog repo 🔹 Improve a detector 🔹 Submit your PR 🎁Win prizes like a MacBook Air, Timbuk2 Backpack, or TruffleHog swag! 🗓️ Submission period: Oct 1 - Oct 31 👉 https://lnkd.in/eKQPSaSJ #TruffleHog #Hacktoberfest  #DataSecurity #Appsec #OpenSourceSecurity #cybersecurity #secretsmanagement  #securityawareness #datasecurity #infosec #TruffleSecurity

🌟Calling all security researchers! 🌟 💡Got a groundbreaking idea? 🐷Truffle Security is sponsoring 2 research projects per month!  Selected proposals receive 💰 and are featured on our blog. Plus, you can still submit your research  to conferences! 🎤 🔑 Priorities: Leaked Secrets Application Security Identity & Access Management Open-source security tooling Submit your proposal and make an impact in the security community! 👉 https://lnkd.in/gsPFqMdr #TruffleHog #DataSecurity #Appsec #IAM #OpenSourceSecurity #cybersecurity #securityresearch #secretsmanagement  #securityawareness #datasecurity #infosec #TruffleSecurity

🌟 OWASP® Foundation 2024 Global AppSec is next week in San Francisco! 🚀To kick things off, we're sharing the top talks we’re most excited about from 0-days in CI/CD pipelines to AI security with AI Goat 🐐. 📣 Shoutout to the speakers behind these amazing talks: Amichai Shulman Cassie Crossley François Proulx Ofir Yakobi Sandro Gauci Shir Sadon 🐷 Don’t miss Dylan Ayrey and Joseph Leon 's talks on API key permissions 🔑 and certificate reuse 🔐. 🔗Get the full scoop in our blog: https://lnkd.in/g85dhbty #TruffleHog #OWASP #DataSecurity #Appsec #OpenSourceSecurity #cybersecurity #secretsmanagement  #securityawareness #datasecurity #infosec #TruffleSecurity

🧐 Recently, we uncovered a vulnerability exposing deleted and private repo data on GitHub. 😬 Now, we've found a similar issue in Microsoft Azure DevOps (ADO)—and it might be even worse. 😱 Private forks of public repos in ADO can expose private commits, breaking security boundaries. 🔍 What’s happening? 1️⃣ Private commits in ADO aren’t staying private. 2️⃣ Microsoft’s documentation says forks are independent, but our findings differ. What can you do? 👉 Read our blog for full details:  https://lnkd.in/gJQeNvdh #TruffleHog #DataSecurity #Azure  #OpenSourceSecurity #cybersecurity #secretsmanagement  #securityawareness #datasecurity #infosec #appsec #TruffleSecurity

🐷+ 🤗 - TruffleHog has partnered with Hugging Face to bring our secret scanning directly to the Hugging Face Hub!  🔐To combat secrets leakage on both public and private Hugging Face repos, we’ve teamed up on two key initiatives: 1️⃣ A native Hugging Face scanner in TruffleHog to scan your own account data.  2️⃣ Adding TruffleHog to Hugging Face’s automated scanning pipeline, detecting secret leaks in every file uploaded. 🚀Stay tuned for more updates as we continue to innovate and collaborate! 👉Learn more: https://lnkd.in/gwBtQuvN #TruffleHog #HuggingFace #AI #DataSecurity #CodeSecurity #OpenSourceSecurity #cybersecurity #secretsmanagement  #securityawareness #datasecurity #infosec #appsec

🚀Two weeks ago, we launched TruffleHog Analyze, the first tool to show you the permissions your API keys have. 🛠️Not sure how it fits into your workflow? 👉Check out these real-world use cases: https://lnkd.in/gxi5kPW3 #TruffleHog #DataSecurity #CodeSecurity #IAM #AppSecurity #OpenSourceSecurity #cybersecurity #secretsmanagement  #securityawareness #datasecurity #infosec #appsec