supply chain

Bloomberg Chip Cover

Podcast Episode 115: Joe Grand on Unicorn Spotting and Bloomberg’s Supply Chain Story

Podcast: Play in new window | Download (Duration: 35:36 — 40.7MB)Subscribe: Android | Email | Google Podcasts | RSSIn this week’s episode (#115), noted hardware enthusiast and hacker Joe Grand (aka “Kingpin”) told reporters from Bloomberg that finding an in-the-wild supply chain hack implanting malicious hardware on motherboards was akin to witnessing “a unicorn jumping over a rainbow.” They went with their story about just such an attack anyway. Joe joins us in the Security Ledger studios to talk about whether Bloomberg got it right. Also, Adam Meyers of Crowdstrike comes into the studio to talk about the U.S. Department of Justice indictment of seven Russian nationals. Adam talks about the hacks behind the charges and what comes next.

Apple, Amazon Throw Shade on Supply Chain Hack Story

A report by Bloomberg alleging a massive operation by China’s Peoples Liberation Army (PLA) to plant spy hardware on servers used by some of the U.S.’s most high profile corporations is being refuted by tech vendors Apple as well as Amazon, who contend that no such compromises took place. The report written by Jordon Robinson and Michael Riley and released Thursday says that PLA agents implanted tiny surveillance chips on server motherboards manufactured by Super Micro Computer. The devices, no larger than a pencil tip, could give Chinese agents access to and control over critical hardware used by Apple Computer, Amazon and other large, U.S. firms, including financial services firms and intelligence agencies, the report says. [You might also want to read: Massive Facebook Breach Affects 90 Million Accounts] If true, the incident would be one of the most serious uses of a so-called “supply chain” hack, in which sophisticated adversaries […]

Cisco warns of Internet of Things, Supply Chain Risk

Cisco Systems warned that companies need to do a better job monitoring IoT devices and third party software providers, as Internet of Things based botnets and supply chain attacks become more common.

GPS

Update: Two Years After Discovery Dangerous Security Hole Lingers in GPS Services

Security researchers warned of a serious vulnerability in a GPS service by the China-based firm ThinkRace exposes sensitive data in scores of GPS services, more than two years after the hole was discovered and reported to the firm. (Update: added comment from John van den Oever, the CEO of one2track B.V – PFR 1/3/2018)

THAAD Missile System

Exclusive: Eye on Weapons Systems, North Korean Hackers target US Defense Contractors

North Korean hackers have stepped up their attacks on U.S. defense contractors in an apparent effort to gain intelligence on weapon systems and other assets that might be used against the country in an armed conflict with the United States and its allies, The Security Ledger has learned.