Safeguard
Topic

Incident Response

In-depth guides and analysis on incident response from the Safeguard engineering team.

15 articles

Incident Response

MongoDB Atlas Breach: Customer Metadata Exposed in Corporate Systems Attack

MongoDB disclosed unauthorized access to its corporate systems in December 2023, exposing customer metadata and contact information while Atlas cluster data remained secure.

Nov 15, 20235 min read
Incident Response

Okta's Support System Breach: Identity Provider Under Fire Again

Okta disclosed that attackers used stolen credentials to access its customer support system, downloading HAR files containing session tokens for multiple customers.

Oct 20, 20235 min read
Incident Response

Incident Response Tabletop Exercises: A Practical Guide for Supply Chain Scenarios

Your incident response plan is untested until people have walked through it under pressure. Here is how to design and run tabletop exercises that actually prepare your team for supply chain compromises.

Oct 12, 20235 min read
Incident Response

MOVEit Breach Impact Assessment: The Cl0p Campaign's Fallout

The MOVEit breach became one of the largest data theft incidents in history. Here's an assessment of the damage and what organizations should learn.

Jun 10, 20237 min read
Incident Response

OpenAI ChatGPT Data Breach March 2023: What Was Exposed

A bug in ChatGPT exposed user chat histories and payment information. Here's what happened and what it means for AI service security.

Mar 24, 20236 min read
Incident Response

GitHub Private RSA Key Exposed in Public Repository

GitHub's accidental exposure of its private RSA SSH host key in a public repository forced an emergency rotation affecting millions of developers.

Mar 10, 20236 min read
Incident Response

GitHub RSA SSH Key Rotation Incident: Why It Mattered

GitHub rotated its RSA SSH host key after accidental exposure. A small mistake with major supply chain implications for every Git-based workflow.

Jan 25, 20236 min read
Incident Response

Incident Response Playbook for Supply Chain Attacks

Supply chain attacks break your standard IR playbook. The compromise originates outside your perimeter, affects trusted software, and the blast radius is unknown. Here's how to adapt.

Nov 28, 20229 min read
Incident Response

Dropbox Breach: Phishing Attack Exposes 130 Private GitHub Repositories

Attackers phished Dropbox employees by impersonating CircleCI, gaining access to 130 private GitHub repos containing internal code and credentials.

Nov 2, 20226 min read
Incident Response

Uber's 2022 Breach: How an 18-Year-Old Social Engineered Past MFA

An attacker bombarded an Uber contractor with MFA push notifications until they accepted. What followed was a full compromise of internal systems.

Sep 16, 20226 min read
Incident Response

0ktapus: The Phishing Campaign That Hit Cloudflare, Twilio, and 130+ Organizations

A single phishing campaign compromised over 130 companies including Cloudflare and Twilio. Here's how the 0ktapus attack chain worked.

Aug 8, 20226 min read
Incident Response

GitHub OAuth Token Theft: The Heroku and Travis CI Breach

Attackers stole OAuth tokens from Heroku and Travis CI to access private GitHub repositories across dozens of organizations, including npm itself. The full scope of the breach took weeks to unravel.

Apr 15, 20225 min read
Incident Response — Supply Chain Security Blog | Safeguard