$ grep -l "tag:incident" writing/
tag: incident.
2 pieces tagged incident, newest first. The full taxonomy is on the tag index.
2022·04·26
What the teenagers taught the Fortune 500 LAPSUS$ compromised Microsoft, Okta, Nvidia, Samsung, Vodafone, and several others in a few months. They were teenagers using social engineering and MFA fatigue. The lesson, awkwardly, is that the dominant compromise vector in 2022 is social, not technical. incident · social engineering · mfa · governance
8 min
2021·04·06
Hafnium and the patch-window asymmetry Five weeks after the Microsoft Exchange ProxyLogon disclosure, the dust is settling on what may turn out to be the most consequential mass-exploitation event of the decade. What it teaches us is structural, not tactical. incident · patching · craft · ned
7 min
→ all tags · all writing