Safeguard
Tag

social-engineering

Safeguard articles tagged "social-engineering" — guides, analysis, and best practices for software supply chain and application security.

26 articles

Incident Analysis

Mailchimp 2022-2023 Incidents: A Timeline

Mailchimp disclosed three social-engineering-driven intrusions in thirteen months; the timeline illustrates how repeated incidents shape vendor trust.

Nov 25, 20247 min read
Industry Analysis

Scattered Spider: Developer Targeting Patterns

The English-speaking social engineering crew behind MGM and Caesars keeps going after developers and help desks. Here's what I keep seeing.

Jul 22, 20246 min read
Open Source Security

Maintainer Burnout: Security Implications

Exhausted maintainers are not just a welfare problem. They are a security problem. Burnout is a precondition for social engineering, delayed patches, and hostile takeovers.

Jul 8, 20247 min read
AI Security

Deepfakes and Social Engineering: The Human Layer of Supply Chain Attacks

AI-generated deepfakes are making social engineering attacks against software supply chains more convincing and harder to detect.

May 20, 20245 min read
Incident Analysis

Twilio 2022 Incidents: Supply Chain Lessons

Twilio disclosed two social engineering incidents in 2022 that cascaded through its customer base; the supply chain lessons remain relevant for any B2B vendor.

Apr 28, 20246 min read
Threat Actors

Scattered Spider: The Social Engineering Group That Outmaneuvered Enterprise Security

Scattered Spider combined aggressive social engineering with deep knowledge of enterprise IT to breach MGM Resorts, Caesars Entertainment, and dozens of other organizations.

Oct 8, 20237 min read
Incident Analysis

MGM Resorts and Caesars Hit by Scattered Spider: Social Engineering at Scale

In September 2023, the Scattered Spider hacking group crippled MGM Resorts and extorted Caesars Entertainment through phone-based social engineering, exposing how human vulnerabilities can bypass even the most expensive security stacks.

Sep 14, 20238 min read
Software Supply Chain Security

Starjacking Attacks on Package Registries: Exploiting Repository Trust

Starjacking exploits the trust developers place in GitHub stars and repository metadata. Attackers link malicious packages to popular repositories to appear legitimate. Here is how it works.

Jul 5, 20235 min read
Vulnerability Analysis

Microsoft Teams Vulnerability: External Tenant Attacks and the Collaboration Security Gap

Researchers demonstrated that Microsoft Teams' default configuration allowed external attackers to deliver malware directly to employees, bypassing email security controls entirely.

Jun 22, 20236 min read
Social Engineering

Email Security and Supply Chain Phishing Attacks

Phishing remains the top initial access vector for supply chain attacks. Targeted emails against developers, maintainers, and DevOps engineers open the door to code injection, credential theft, and pipeline compromise.

Mar 8, 20236 min read
Incident Response

Uber's 2022 Breach: How an 18-Year-Old Social Engineered Past MFA

An attacker bombarded an Uber contractor with MFA push notifications until they accepted. What followed was a full compromise of internal systems.

Sep 16, 20226 min read
Threat Actors

LAPSUS$ Group: Unconventional Attack Techniques That Embarrassed Big Tech

LAPSUS$ broke into Microsoft, Nvidia, Samsung, and Okta using social engineering and insider recruitment rather than sophisticated malware. Their techniques exposed fundamental security gaps.

Apr 8, 20227 min read
social-engineering (Page 2) — Safeguard Blog