supply chain

Podcast Episode 127: Donnie, Talk to China and Other Lessons from 2018

In this week’s podcast: as 2018 winds down, we invited David Aitel, the Chief Security Technical Officer at Cyxtera Technologies, to talk about the biggest stories of the year, including the supply chain attack on Super Micro, China’s continued attacks on western firms, U.S. indictments of Russian and Chinese hackers and what 2019 may have in store. 

Gilet jaune arrest

Episode 124: The Twitter Accounts Pushing French Protests. Also: social engineering the Software Supply Chain

In this week’s podcast (#124):  we speak with French security researcher Baptiste Robert about research on the social media accounts pushing the french “Yellow Vest” protests. Surprise, surprise: they’re not french. Also: Brian Fox of the firm Sonatype joins us to talk about the recent compromise of the Github event-stream project and why social engineering poses a real risk to the security of the software supply chain. 

Apple, Amazon Throw Shade on Supply Chain Hack Story

A report by Bloomberg alleging a massive operation by China’s Peoples Liberation Army (PLA) to plant spy hardware on servers used by some of the U.S.’s most high profile corporations is being refuted by tech vendors Apple as well as Amazon, who contend that no such compromises took place. The report written by Jordon Robinson and Michael Riley and released Thursday says that PLA agents implanted tiny surveillance chips on server motherboards manufactured by Super Micro Computer. The devices, no larger than a pencil tip, could give Chinese agents access to and control over critical hardware used by Apple Computer, Amazon and other large, U.S. firms, including financial services firms and intelligence agencies, the report says. [You might also want to read: Massive Facebook Breach Affects 90 Million Accounts] If true, the incident would be one of the most serious uses of a so-called “supply chain” hack, in which sophisticated adversaries […]

Researchers Warn of Physics-Based Attacks on Sensors

Billions of sensors that are already deployed lack protections against attacks that manipulate the physical properties of devices to cause sensors and embedded devices to malfunction, researchers working in the U.S. and China have warned. 

Looking at companies from the outside.

Hacker Eye on the Consultant Guy: Deloitte and the Art of spotting Vulnerable Firms from the Outside

Podcast: Play in new window | Download (24.9MB) | EmbedSubscribe: Apple Podcasts | Google Podcasts | Stitcher | Email | TuneIn | RSS | https://www.securityledger.com/subscribeIn the latest Security Ledger podcast, we analyze the breach of Deloitte by talking to two people who spend a lot of time judging the security of firms by how they look to the outside world. Dan Tentler of the firm Phobos Group tells us what he found out about Deloitte doing some fast and dirty open source research. Also: we talk to Stephen Boyer of the firm BitSight about a new study that firm did of the gap between the security readiness of financial services firms and the third-party software supply chain they rely on.