All news with #trufflehog tag

Talos Discloses TruffleHog, Fade In, and BSAFE Flaws

🔒 Cisco Talos’ Vulnerability Discovery & Research team disclosed multiple vulnerabilities affecting TruffleHog, Fade In, and Dell BSAFE Crypto-C, including arbitrary code execution, out-of-bounds write/use-after-free, and integer/stack overflow issues. The issues were reported by Talos researchers and external collaborators and vendors have issued patches following Cisco’s disclosure policy. Users should apply vendor updates, deploy updated detection rules such as Snort signatures, and consult Talos advisories for indicators and recommended mitigations.

Large-Scale AWS Credential Abuse and SES Exploitation

🔐 Identity compromise is driving large-scale AWS abuse, with attackers leveraging stolen access keys to test accounts and weaponize Amazon SES for Business Email Compromise and invoice fraud. FortiGuard Labs attributes the reconnaissance layer to a campaign named TruffleNet that uses TruffleHog and automated AWS CLI/Boto3 requests to validate credentials and probe SES quotas. Fortinet recommends continuous monitoring, least-privilege access, MFA, and integrated detection via FortiCNAPP and related controls to detect and block these activities.

Self-propagating 'Shai-Hulud' supply-chain attack hits npm

🐛 Security researchers report at least 187 npm packages compromised in an active supply-chain campaign dubbed Shai‑Hulud. The malware, first observed in the widely used @ctrl/tinycolor package, includes a self‑propagating payload that injects a bundle.js, abuses TruffleHog to harvest tokens and cloud credentials, and creates unauthorized GitHub Actions workflows to exfiltrate secrets. Affected vendors including CrowdStrike say they removed malicious packages and rotated keys; developers are urged to audit environments, rotate secrets, and pin dependencies.

Self-Replicating Worm Infects Over 180 NPM Packages

🐛 A self-replicating worm dubbed Shai-Hulud has infected at least 187 NPM packages, stealing developer credentials and publishing them to public GitHub repositories that include the string 'Shai-Hulud'. The malware searches for NPM tokens, uses them to inject itself into the top 20 packages accessible to the token and auto-publishes new versions, and leverages tools such as TruffleHog to locate secrets. The campaign briefly affected multiple packages linked to CrowdStrike and was first observed being modified on Sept. 14.

Supply-Chain Attack Trojanizes Over 40 npm Packages

🚨 Security researchers say a new software supply chain campaign has compromised more than 40 npm packages by injecting a malicious bundle.js into republished releases. The trojan installs a downloader that executes TruffleHog to scan hosts for secrets and cloud credentials, targeting both Windows and Linux developer environments. Vendors warn maintainers to audit environments, rotate tokens, and remove affected versions to prevent ongoing exfiltration.