Incident Response
In-depth guides and analysis on incident response from the Safeguard engineering team.
15 articles
MongoDB Atlas Breach: Customer Metadata Exposed in Corporate Systems Attack
MongoDB disclosed unauthorized access to its corporate systems in December 2023, exposing customer metadata and contact information while Atlas cluster data remained secure.
Okta's Support System Breach: Identity Provider Under Fire Again
Okta disclosed that attackers used stolen credentials to access its customer support system, downloading HAR files containing session tokens for multiple customers.
Incident Response Tabletop Exercises: A Practical Guide for Supply Chain Scenarios
Your incident response plan is untested until people have walked through it under pressure. Here is how to design and run tabletop exercises that actually prepare your team for supply chain compromises.
MOVEit Breach Impact Assessment: The Cl0p Campaign's Fallout
The MOVEit breach became one of the largest data theft incidents in history. Here's an assessment of the damage and what organizations should learn.
OpenAI ChatGPT Data Breach March 2023: What Was Exposed
A bug in ChatGPT exposed user chat histories and payment information. Here's what happened and what it means for AI service security.
GitHub Private RSA Key Exposed in Public Repository
GitHub's accidental exposure of its private RSA SSH host key in a public repository forced an emergency rotation affecting millions of developers.
GitHub RSA SSH Key Rotation Incident: Why It Mattered
GitHub rotated its RSA SSH host key after accidental exposure. A small mistake with major supply chain implications for every Git-based workflow.
Incident Response Playbook for Supply Chain Attacks
Supply chain attacks break your standard IR playbook. The compromise originates outside your perimeter, affects trusted software, and the blast radius is unknown. Here's how to adapt.
Dropbox Breach: Phishing Attack Exposes 130 Private GitHub Repositories
Attackers phished Dropbox employees by impersonating CircleCI, gaining access to 130 private GitHub repos containing internal code and credentials.
Uber's 2022 Breach: How an 18-Year-Old Social Engineered Past MFA
An attacker bombarded an Uber contractor with MFA push notifications until they accepted. What followed was a full compromise of internal systems.
0ktapus: The Phishing Campaign That Hit Cloudflare, Twilio, and 130+ Organizations
A single phishing campaign compromised over 130 companies including Cloudflare and Twilio. Here's how the 0ktapus attack chain worked.
GitHub OAuth Token Theft: The Heroku and Travis CI Breach
Attackers stole OAuth tokens from Heroku and Travis CI to access private GitHub repositories across dozens of organizations, including npm itself. The full scope of the breach took weeks to unravel.