incident-response
Safeguard articles tagged "incident-response" — guides, analysis, and best practices for software supply chain and application security.
95 articles
How to Run a Tabletop Exercise for a Supply Chain Breach
A 90-minute tabletop built on a compromised dependency scenario will expose more gaps than a year of policy reviews. Here is the full agenda, injects included.
Malicious Package Quarantine Procedures
How to quarantine a malicious package across your registries, caches, and running systems without breaking every developer's workflow.
What is Red Teaming
Red teaming emulates a real adversary to test not just your defenses but your ability to detect and respond. Here's how it works and how it differs from a pentest.
Disaster Recovery for Supply Chain Security Incidents
When a critical dependency is compromised, your disaster recovery plan determines whether you recover in hours or weeks. Most DR plans do not cover this scenario.
Supply Chain Incident Forensics Playbook
A practical, hour-by-hour forensics playbook for responding to software supply chain incidents, from first alert through root cause and disclosure.
CI/CD Compromise Investigation Steps
A step-by-step investigation playbook for suspected CI/CD pipeline compromise, from runner forensics to secrets rotation.
Cloudflare's Thanksgiving 2023 Breach: How Okta Credentials Led to a Nation-State Intrusion
Cloudflare disclosed that a nation-state actor used credentials stolen from the October 2023 Okta breach to access their Atlassian systems. Their transparent post-mortem set a new standard.
Building a Security Automation Playbook Library for Supply Chain Defense
Security automation playbooks codify response procedures into executable workflows. A well-designed playbook library turns supply chain incidents from fire drills into routine operations.
MongoDB Atlas Breach: Customer Metadata Exposed in Corporate Systems Attack
MongoDB disclosed unauthorized access to its corporate systems in December 2023, exposing customer metadata and contact information while Atlas cluster data remained secure.
Mr. Cooper Mortgage Breach Exposes 14.7 Million Customers
In November 2023, mortgage giant Mr. Cooper disclosed a cyberattack that compromised the personal and financial data of 14.7 million current and former customers, making it one of the largest financial services breaches of the year.
Incident Response Tabletop Exercises: A Practical Guide for Supply Chain Scenarios
Your incident response plan is untested until people have walked through it under pressure. Here is how to design and run tabletop exercises that actually prepare your team for supply chain compromises.
MGM Resorts and Caesars Hit by Scattered Spider: Social Engineering at Scale
In September 2023, the Scattered Spider hacking group crippled MGM Resorts and extorted Caesars Entertainment through phone-based social engineering, exposing how human vulnerabilities can bypass even the most expensive security stacks.