Safeguard
Tag

incident-response

Safeguard articles tagged "incident-response" — guides, analysis, and best practices for software supply chain and application security.

95 articles

Guides

How to Run a Tabletop Exercise for a Supply Chain Breach

A 90-minute tabletop built on a compromised dependency scenario will expose more gaps than a year of policy reviews. Here is the full agenda, injects included.

Jul 11, 20246 min read
Best Practices

Malicious Package Quarantine Procedures

How to quarantine a malicious package across your registries, caches, and running systems without breaking every developer's workflow.

Jun 20, 20246 min read
Concepts

What is Red Teaming

Red teaming emulates a real adversary to test not just your defenses but your ability to detect and respond. Here's how it works and how it differs from a pentest.

Jun 20, 20245 min read
Security Operations

Disaster Recovery for Supply Chain Security Incidents

When a critical dependency is compromised, your disaster recovery plan determines whether you recover in hours or weeks. Most DR plans do not cover this scenario.

May 12, 20246 min read
Best Practices

Supply Chain Incident Forensics Playbook

A practical, hour-by-hour forensics playbook for responding to software supply chain incidents, from first alert through root cause and disclosure.

Apr 15, 20246 min read
DevSecOps

CI/CD Compromise Investigation Steps

A step-by-step investigation playbook for suspected CI/CD pipeline compromise, from runner forensics to secrets rotation.

Mar 8, 20246 min read
Incident Analysis

Cloudflare's Thanksgiving 2023 Breach: How Okta Credentials Led to a Nation-State Intrusion

Cloudflare disclosed that a nation-state actor used credentials stolen from the October 2023 Okta breach to access their Atlassian systems. Their transparent post-mortem set a new standard.

Feb 1, 20245 min read
DevSecOps

Building a Security Automation Playbook Library for Supply Chain Defense

Security automation playbooks codify response procedures into executable workflows. A well-designed playbook library turns supply chain incidents from fire drills into routine operations.

Dec 18, 20236 min read
Incident Response

MongoDB Atlas Breach: Customer Metadata Exposed in Corporate Systems Attack

MongoDB disclosed unauthorized access to its corporate systems in December 2023, exposing customer metadata and contact information while Atlas cluster data remained secure.

Nov 15, 20235 min read
Incident Analysis

Mr. Cooper Mortgage Breach Exposes 14.7 Million Customers

In November 2023, mortgage giant Mr. Cooper disclosed a cyberattack that compromised the personal and financial data of 14.7 million current and former customers, making it one of the largest financial services breaches of the year.

Nov 1, 20237 min read
Incident Response

Incident Response Tabletop Exercises: A Practical Guide for Supply Chain Scenarios

Your incident response plan is untested until people have walked through it under pressure. Here is how to design and run tabletop exercises that actually prepare your team for supply chain compromises.

Oct 12, 20235 min read
Incident Analysis

MGM Resorts and Caesars Hit by Scattered Spider: Social Engineering at Scale

In September 2023, the Scattered Spider hacking group crippled MGM Resorts and extorted Caesars Entertainment through phone-based social engineering, exposing how human vulnerabilities can bypass even the most expensive security stacks.

Sep 14, 20238 min read
incident-response (Page 7) — Safeguard Blog