Trufflehog - Find Credentials All Over The Place

TruffleHog Find leaked credentials. Join The Slack Have questions? Feedback? Jump in slack and hang out with us https://join.slack.com/t/trufflehog-community/sharedinvite/zt-pw2qbi43-Aa86hkiimstfdKH9UCpPzQ Demo docker run -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest github...

Imperva Introduces New Features to Help Prevent Online Fraud

As we move more of our daily activities and the services we consume online, the threat of fraud grows, and the risks become greater. Data suggests the majority of organizations are already detecting a rise in online fraud. In a recent survey of senior risk executives, 67 percent said that their...

How Secrets Lurking in Source Code Lead to Major Breaches

If one word could sum up the 2021 infosecurity year well, actually three, it would be these: "supply chain attack". A software supply chain attack happens when hackers manipulate the code in third-party software components to compromise the 'downstream' applications that use them. In 2021, we hav...

Jenkins JX Resources Plugin cross-site request forgery vulnerability

Jenkins jx-resources Plugin did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified Kubernetes server and obtain information about an attacker-specified namespace. Doing so might also le...

U.S. Dept Of Defense: username and password leaked via pptx for █████████ website

Description: While performing my recon, I can accross this https://███/███████ which contain username and password for accessing your asset here █████ ████ References: ███████ Impact I tried accessing the ip but it is not working here, I f it can be accessed somewhere this will result in full...

AWS Credentials Disclosure

Amazon Web Services AWS is a public cloud provider offering different hosting services for their customers. Amazon Web Services can be accessed through programmatic calls to their API by authenticating with access keys, which are a combination of both an access key ID and a secret access key...

Information Disclosure

github.com/argoproj/argo-cd is vulnerable to information disclosure. Credentials used for accessing the remote Helm OCI repository are leaked to anyone with access to the pod logs via access with appropriate permissions to the Kubernetes control plane or a third party log management system becaus...

Why do companies fail to stop breaches despite soaring IT security investment?

Let's first take a look back at 2020! Adding to the list of difficulties that surfaced last year, 2020 was also grim for personal data protection, as it has marked a new record number of leaked credentials and PI data. A whopping 20 billion records were stolen in a single year, increasing 66% fro...

Florida Water Plant Hack: Leaked Credentials Found in Breach Database

Researchers say they found several stolen and leaked credentials for a Florida water-treatment plant, which was hacked last week. Researchers at CyberNews said they found 11 credential pairs linked to the Oldsmar water plant, in a 2017 compilation of stolen breach credentials. Meanwhile, they als...

Security Bulletin: Vulnerabilities in Curl affect PowerSC (CVE-2020-8169, CVE-2020-8177)

Summary There are vulnerabilities in Curl that affect PowerSC. Vulnerability Details CVEID: CVE-2020-8169 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain sensitive information, caused by the failure to correctly URL encode the credential data when set using an curleasysetopt...

Collating Hacked Data Sets

Two Harvard undergraduates completed a project where they went out on the dark web and found a bunch of stolen datasets. Then they correlated all the information, and combined it with additional, publicly available, information. No surprise: the result was much more detailed and personal. "What w...

Starbucks: China - Leaked credentials permitted a limited ability to create Starbucks coupons and cards

neweq discovered a Github repository exposing credentials with which they could obtain an access token. The access token permitted limited access to generate Starbucks coupons and cards. @neweq — thank you for reporting this vulnerability...

The lucrative business of Bitcoin sextortion scams (updated)

Update 2019-09-04: A new wave of sextortion emails purporting to have originated from a group of hackers called ChaosCC—a play on the legitimate European white hat hacking community, Chaos Computer Club CCC—has recently caught the attention of the security world. Below is a sample email we captur...

Dodging bad passwords with Google’s new tool

By Sudais Google's new Password checkup extension checks for leaked credentials and informs whether they have been leaked before in a data breach. In 2019, more than 20 million unique passwords among other credentials were leaked and available online for sale. This fact represents only one year...

Demystifying Password Hash Sync

This blog is part of a series of posts providing a behind-the-scenes look of Microsoft’s Detection and Response Team DART. While responding to cybersecurity incidents around the world, DART engages with customers who are wary about using Password Hash Sync PHS or are not utilizing this service’s...

Zendesk: Leaked artifactory_key, artifactory_api_key, and gcloud refresh_token via GitHub.

It was reported to Zendesk that valid credentials to an instance of Artifactory and a gcloud project were unintentionally leaked via a public GitHub repository. We immediately rotated the credentials and investigated to ensure they were not utilized by any other party. We want to thank @rubyroobs...

CVE-2018-3828

Elastic Cloud Enterprise ECE versions prior to 1.1.4 contain an information exposure vulnerability. It was discovered that certain exception conditions would result in encryption keys, passwords, and other security sensitive headers being leaked to the allocator logs. An attacker with access to t...

CVE-2018-1191

Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an information exposure vulnerability. A user with access to Garden logs may be able to obtain leaked credentials and perform authenticated actions using those credentials...

CVE-2018-1191

Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an information exposure vulnerability. A user with access to Garden logs may be able to obtain leaked credentials and perform authenticated actions using those credentials...

CVE-2018-1191

Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an information exposure vulnerability. A user with access to Garden logs may be able to obtain leaked credentials and perform authenticated actions using those credentials...