Safeguard
Topic

Incident Analysis

In-depth guides and analysis on incident analysis from the Safeguard engineering team.

137 articles

Incident Analysis

Boeing Hit by LockBit Ransomware: 43GB of Sensitive Data Leaked

In November 2023, the LockBit ransomware gang published 43 gigabytes of Boeing's internal data after the aerospace giant refused to pay ransom, exposing the persistent vulnerability of manufacturing supply chains to ransomware.

Nov 10, 20238 min read
Incident Analysis

Mr. Cooper Mortgage Breach Exposes 14.7 Million Customers

In November 2023, mortgage giant Mr. Cooper disclosed a cyberattack that compromised the personal and financial data of 14.7 million current and former customers, making it one of the largest financial services breaches of the year.

Nov 1, 20237 min read
Incident Analysis

MGM Resorts and Caesars Hit by Scattered Spider: Social Engineering at Scale

In September 2023, the Scattered Spider hacking group crippled MGM Resorts and extorted Caesars Entertainment through phone-based social engineering, exposing how human vulnerabilities can bypass even the most expensive security stacks.

Sep 14, 20238 min read
Incident Analysis

MOVEit Vulnerability Mass Exploitation: A Field Analysis

Inside the Cl0p ransomware gang's zero-day attack on Progress MOVEit Transfer, the CVE-2023-34362 timeline, and the supply chain lessons it exposed.

Jun 25, 20235 min read
Incident Analysis

3CX Desktop App: Anatomy of a Cascading Breach

How a Trading Technologies installer from 2022 poisoned the 3CX build pipeline in 2023, producing the first publicly confirmed cascading supply chain attack.

Apr 5, 20235 min read
Incident Analysis

GoAnywhere MFT Zero-Day (CVE-2023-0669): Clop Ransomware's File Transfer Rampage

The Clop ransomware gang exploited a pre-auth RCE in GoAnywhere MFT to breach over 130 organizations. The campaign foreshadowed their devastating MOVEit attack months later.

Feb 6, 20236 min read
Incident Analysis

T-Mobile API Breach: 37 Million Records Stolen Through an Unsecured API

In January 2023, T-Mobile disclosed that an attacker exploited an API to steal personal data of 37 million customers. It was their ninth major breach in five years.

Jan 19, 20236 min read
Incident Analysis

CircleCI Credential Rotation: The Mass-Reset Event

CircleCI told every customer to rotate every secret on January 4, 2023. Here is what actually happened and why the scope was total.

Jan 10, 20237 min read
Incident Analysis

Slack GitHub Repository Theft: Stolen Tokens and the Risks of Third-Party Integrations

In December 2022, Slack disclosed that stolen employee tokens were used to access private GitHub repositories. The breach highlighted the risks of token-based authentication in CI/CD pipelines.

Jan 4, 20236 min read
Incident Analysis

Azure AD Token Theft Campaigns: A 2022 Retrospective

Token theft is the quiet successor to credential phishing, and 2022 turned it into an industry. Here is what the year's Azure AD campaigns actually looked like.

Jul 14, 20227 min read
Incident Analysis

The Log4Shell Response Playbook Six Months In

Six months after CVE-2021-44228 broke the internet, here is what worked, what didn't, and the response patterns security teams should keep as muscle memory.

Jun 12, 20226 min read
Incident Analysis

Microsoft LAPSUS$ Breach: Source Code Access and the Limits of Perimeter Security

LAPSUS$ claimed access to Microsoft's source code repositories, leaking 37GB of code from Bing, Cortana, and other projects. The breach showed that even tech giants have access control gaps.

Mar 22, 20226 min read
Incident Analysis (Page 10) — Supply Chain Security Blog | Safeguard