supply chain

Cisco warns of Internet of Things, Supply Chain Risk

Cisco Systems warned that companies need to do a better job monitoring IoT devices and third party software providers, as Internet of Things based botnets and supply chain attacks become more common.

GPS

Update: Two Years After Discovery Dangerous Security Hole Lingers in GPS Services

Security researchers warned of a serious vulnerability in a GPS service by the China-based firm ThinkRace exposes sensitive data in scores of GPS services, more than two years after the hole was discovered and reported to the firm. (Update: added comment from John van den Oever, the CEO of one2track B.V – PFR 1/3/2018)

THAAD Missile System

Exclusive: Eye on Weapons Systems, North Korean Hackers target US Defense Contractors

North Korean hackers have stepped up their attacks on U.S. defense contractors in an apparent effort to gain intelligence on weapon systems and other assets that might be used against the country in an armed conflict with the United States and its allies, The Security Ledger has learned.

Looking at companies from the outside.

Hacker Eye on the Consultant Guy: Deloitte and the Art of spotting Vulnerable Firms from the Outside

Podcast: Play in new window | Download (24.9MB)Subscribe: Apple Podcasts | Android | Email | Google Podcasts | Stitcher | TuneIn | RSS | https://www.securityledger.com/subscribeIn the latest Security Ledger podcast, we analyze the breach of Deloitte by talking to two people who spend a lot of time judging the security of firms by how they look to the outside world. Dan Tentler of the firm Phobos Group tells us what he found out about Deloitte doing some fast and dirty open source research. Also: we talk to Stephen Boyer of the firm BitSight about a new study that firm did of the gap between the security readiness of financial services firms and the third-party software supply chain they rely on. 

Is CCleaner the Tip of an Iceberg of Supply Chain Hacks? And Alexa: did China hack us Last Night?

Podcast: Play in new window | Download (17.9MB)Subscribe: Apple Podcasts | Android | Email | Google Podcasts | Stitcher | TuneIn | RSS | https://www.securityledger.com/subscribeIn the latest Security Ledger podcast, Paul speaks with Michael Gorelik of the firm Morphisec about the hack of security software vendor CCleaner – a hack that Gorelik’s firm discovered. CCleaner, he says, may just be the tip of the iceberg when it comes to supply chain hacks. And: “Alexa: have we been hacked by China?” Paul speaks with Grant Wernick of the firm Insight Engines, which is releasing a product this week that integrates the Splunk log management tool with Amazon’s voice assistant.