Other News

Did Bloomberg get its story on a supply chain attack on motherboard maker Super Micro right?

Podcast Episode 115: Joe Grand on Unicorn Spotting and Bloomberg’s Supply Chain Story

Podcast: Play in new window | Download (Duration: 35:36 — 40.7MB)Subscribe: Android | Email | Google Podcasts | RSSIn this week’s episode (#115), noted hardware enthusiast and hacker Joe Grand (aka “Kingpin”) told reporters from Bloomberg that finding an in-the-wild supply chain hack implanting malicious hardware on motherboards was akin to witnessing “a unicorn jumping over a rainbow.” They went with their story about just such an attack anyway. Joe joins us in the Security Ledger studios to talk about whether Bloomberg got it right. Also, Adam Meyers of Crowdstrike comes into the studio to talk about the U.S. Department of Justice indictment of seven Russian nationals. Adam talks about the hacks behind the charges and what comes next.

China's government appears to be suppressing information on serious, exploitable security vulnerabilities in software, a study by Recorded Future found.

Apple, Amazon Throw Shade on Supply Chain Hack Story

A report by Bloomberg alleging a massive operation by China’s Peoples Liberation Army (PLA) to plant spy hardware on servers used by some of the U.S.’s most high profile corporations is being refuted by tech vendors Apple as well as Amazon, who contend that no such compromises took place. The report written by Jordon Robinson and Michael Riley and released Thursday says that PLA agents implanted tiny surveillance chips on server motherboards manufactured by Super Micro Computer. The devices, no larger than a pencil tip, could give Chinese agents access to and control over critical hardware used by Apple Computer, Amazon and other large, U.S. firms, including financial services firms and intelligence agencies, the report says. [You might also want to read: Massive Facebook Breach Affects 90 Million Accounts] If true, the incident would be one of the most serious uses of a so-called “supply chain” hack, in which sophisticated adversaries […]

Facebook said a breach affected some 50 million account holders. Is complexity the problem?

Episode 114: Complexity at Root of Facebook Breach and LoJax is a RAT You Can’t Kill

Podcast: Play in new window | Download (Duration: 29:33 — 33.8MB)Subscribe: Android | Email | Google Podcasts | RSSIn this week’s podcast: Facebook revealed that a breach affected 50 million accounts and as many as 90 million users. Is complexity at the root of the social media giant’s troubles? We speak with Gary McGraw of the firm Synopsys about it. Also: BIOS-based malware has been demonstrated at security conferences for years.  Last week, the security firm ESET warned that it identified a sample in the wild. Even worse: the Russian Hacking Group Fancy Bear was believed to be responsible. We’ll talk to firmware security expert Giovanni Vigna of the firm Lastline about the truth and hype around LoJax and other firmware based attacks.