data breach
4 articles with this tag
MOVEit mass breach (2023) — how a SQL injection zero-day reached 2,700+ orgs, and how to defend
The entry was a SQL injection zero-day (CVE-2023-34362) in the internet-facing MOVEit Transfer. A web shell (LEMURLOOT) was planted and data was bulk-stolen from the backing database, hitting 2,700+ orgs and ~93.3M people. Most victims were pulled in indirectly because a vendor used MOVEit. In your environment: KEV fast-patching, minimize exposure, web↔DB least privilege and segmentation, vendor inventory and data minimization.
Capital One breach (2019) — how SSRF leaked 100M+ records, and how to defend
A single SSRF reached the metadata endpoint → over-privileged IAM temporary credentials → bulk S3 copy, leaking ~106M records. Every hop could have stopped it. In your environment: IMDSv2, IAM least privilege, and an allowlist for outbound fetches.
Codecov breach (2021) — when a 'trusted tool' in CI was hijacked and secrets leaked
A trusted CI tool (the curl|bash Bash Uploader) was altered upstream. Because your own code was untouched, it went unnoticed for ~2 months while CI secrets leaked; a checksum check caught it. In your CI: verify fetched artifacts, least-privilege secrets, rotation, egress monitoring.
Equifax breach (2017) — how an unpatched Apache Struts flaw leaked 147M people
The cause was a known, already-patched CVE (CVSS 10.0) left unapplied on a public system. An expired monitoring certificate hid the exfiltration for 76 days. In your environment: asset inventory, a patch SLA, machine monitoring, and healthy detection.