supply chain

China's government appears to be suppressing information on serious, exploitable security vulnerabilities in software, a study by Recorded Future found.

Apple, Amazon Throw Shade on Supply Chain Hack Story

by

A report by Bloomberg alleging a massive operation by China’s Peoples Liberation Army (PLA) to plant spy hardware on servers used by some of the U.S.’s most high profile corporations is being refuted by tech vendors Apple as well as Amazon, who contend that no such compromises took place. The report written by Jordon Robinson and Michael Riley and released Thursday says that PLA agents implanted tiny surveillance chips on server motherboards manufactured by Super Micro Computer. The devices, no larger than a pencil tip, could give Chinese agents access to and control over critical hardware used by Apple Computer, Amazon and other large, U.S. firms, including financial services firms and intelligence agencies, the report says. [You might also want to read: Massive Facebook Breach Affects 90 Million Accounts] If true, the incident would be one of the most serious uses of a so-called “supply chain” hack, in which sophisticated adversaries […]

Continue Reading →
What can you tell about a company's security just by looking at it from the outside? A lot.

Hacker Eye on the Consultant Guy: Deloitte and the Art of spotting Vulnerable Firms from the Outside

by

Podcast: Play in new window | Download (24.9MB)Subscribe: Apple Podcasts | Android | Email | Google Podcasts | Stitcher | TuneIn | RSS | https://www.securityledger.com/subscribeIn the latest Security Ledger podcast, we analyze the breach of Deloitte by talking to two people who spend a lot of time judging the security of firms by how they look to the outside world. Dan Tentler of the firm Phobos Group tells us what he found out about Deloitte doing some fast and dirty open source research. Also: we talk to Stephen Boyer of the firm BitSight about a new study that firm did of the gap between the security readiness of financial services firms and the third-party software supply chain they rely on. 

Continue Reading →
Update: Five Billion Tests Later: IoT and Industrial Control System Protocols Raise Alarms

Update: Five Billion Tests Later: IoT and Industrial Control System Protocols Raise Alarms

by

In-brief: Close to five billion “fuzzing” tests conducted during 2016 reveal protocols used by industrial control systems, vehicles and Internet of Things devices to be weaker, on average, with many crashing hundreds of times and revealing vulnerabilities that could be used by malicious actors. (Editor’s note: added comment by Chris Clark. Aug 9 2017 – PFR)

Continue Reading →
1 2 3 16