lapsus
Safeguard articles tagged "lapsus" — guides, analysis, and best practices for software supply chain and application security.
6 articles
Okta 2022-2023 Incidents: Supply Chain Lessons
A retrospective on Okta's string of security incidents from 2022 through 2023 and what they teach us about identity providers as critical supply chain dependencies.
LAPSUS$ Group: Unconventional Attack Techniques That Embarrassed Big Tech
LAPSUS$ broke into Microsoft, Nvidia, Samsung, and Okta using social engineering and insider recruitment rather than sophisticated malware. Their techniques exposed fundamental security gaps.
Microsoft LAPSUS$ Breach: Source Code Access and the Limits of Perimeter Security
LAPSUS$ claimed access to Microsoft's source code repositories, leaking 37GB of code from Bing, Cortana, and other projects. The breach showed that even tech giants have access control gaps.
Okta LAPSUS$ Breach: When Your Identity Provider Gets Compromised
LAPSUS$ breached an Okta support contractor, gaining access to customer tenants. The incident raised critical questions about identity provider supply chain risk.
Samsung LAPSUS$ Breach: 190GB of Source Code and the Cost of Insider Access
The LAPSUS$ group stole 190GB of Samsung source code including biometric authentication algorithms and bootloader code. The breach exposed critical device security internals.
NVIDIA LAPSUS$ Breach: Stolen Code Signing Certificates Used to Sign Malware
When LAPSUS$ breached NVIDIA, they stole code signing certificates that were immediately weaponized to sign malware. The incident demonstrated how trust mechanisms become attack vectors.