Safeguard
Topic

Incident Analysis

In-depth guides and analysis on incident analysis from the Safeguard engineering team.

137 articles

Incident Analysis

Dropbox 2022: The Supply Chain Angle

Dropbox's 2022 GitHub phishing incident began with a developer-targeted CircleCI lookalike campaign; the supply chain lessons centered on CI tokens and code.

Jul 18, 20246 min read
Incident Analysis

Microsoft Midnight Blizzard: Detailed Timeline

A reconstructed public timeline of Microsoft's Midnight Blizzard intrusion, from the initial password spray in November 2023 through the source code and federal agency disclosures.

Jun 25, 20247 min read
Incident Analysis

Snowflake Customer Data Breaches: 165 Organizations Hit by Credential Theft Campaign

Attackers used stolen credentials from infostealer malware to access Snowflake customer accounts without MFA, compromising data at Ticketmaster, Santander, AT&T, and over 160 other organizations.

Jun 10, 20245 min read
Incident Analysis

Cisco Duo Incident: Supply Chain Depth

Cisco Duo's 2024 disclosure about a telephony provider breach exposed SMS and voice MFA logs; the supply chain depth of authentication vendors is the story.

May 25, 20247 min read
Incident Analysis

Dell Data Breach Exposes 49 Million Customer Records via API Abuse

In May 2024, Dell Technologies disclosed a breach exposing 49 million customer records after a threat actor exploited a partner portal API to scrape names, addresses, and purchase details, then attempted to sell the data online.

May 10, 20247 min read
Incident Analysis

Twilio 2022 Incidents: Supply Chain Lessons

Twilio disclosed two social engineering incidents in 2022 that cascaded through its customer base; the supply chain lessons remain relevant for any B2B vendor.

Apr 28, 20246 min read
Incident Analysis

Sisense Data Breach: When Your Analytics Platform Becomes the Threat

CISA issued a rare advisory urging Sisense customers to reset credentials after attackers compromised the business intelligence platform, potentially accessing customer data across thousands of organizations.

Apr 15, 20245 min read
Incident Analysis

Roku Credential Stuffing Attacks Compromise 576,000 Accounts

In April 2024, Roku disclosed that two separate credential stuffing campaigns had compromised approximately 576,000 customer accounts, with attackers making fraudulent purchases and changing account details on some affected accounts.

Apr 12, 20247 min read
Incident Analysis

XZ Utils Backdoor: Technical Breakdown

The xz-utils backdoor (CVE-2024-3094) nearly compromised SSH on every modern Linux distro. Here is how the implant worked and what it teaches us.

Apr 5, 20246 min read
Incident Analysis

AT&T Data Breach: 73 Million Customer Records Surface on the Dark Web

In March 2024, AT&T confirmed that a dataset containing personal information of approximately 73 million current and former customers, including encrypted passcodes, had been published on the dark web, three years after its initial appearance.

Mar 30, 20247 min read
Incident Analysis

Okta 2022-2023 Incidents: Supply Chain Lessons

A retrospective on Okta's string of security incidents from 2022 through 2023 and what they teach us about identity providers as critical supply chain dependencies.

Mar 18, 20246 min read
Incident Analysis

LockBit Takedown: Inside Operation Cronos

Operation Cronos seized LockBit's leak site in February 2024. We unpack the NCA-led takedown, the decryptor release, and LockBit's rapid rebuild.

Feb 28, 20245 min read
Incident Analysis (Page 8) — Supply Chain Security Blog | Safeguard