PHP PEAR Backdoor Discovered

On January 19th, the maintainers of the popular PHP package management system disclosed that they had discovered a backdoor in an installer component named go-pear.phar. The PEAR website is still down as of today and maintainers state that they have no ETA for when a clean site will be on line. Although initial indications were […]

Super Micro Hardware Backdoors

Today, Bloomberg published an article claiming that at least some Super Micro motherboards contained hardware backdoors. While we don’t have any inside information, we’ve been fielding several calls from clients about actions they should take and wanted to expand our thoughts on this outside our existing customer base. To begin, it’s important to note that […]

Wegmans Suffers From A Supply Chain Attack

The grocery chain Wegmans is suing one of its suppliers (Invermar) for a supply chain breach. Though all the details aren’t yet available, Wegmans claims that Invermar was compromised and that the compromise allowed attackers to reroute payments. Wegmans’ total losses aren’t known, though the suit asks for $900,000 in damages. When we talk about […]

Threat Hunting Your Supply Chain

From the NotPetya attacks last year to the recent hijack of the MEGA browser plugin, it’s obvious that supply chain compromise isn’t just a theoretical risk anymore. But how do you threat hunt in an environment that isn’t your own? This is a difficult task, but we really focus on looking for the few indicators […]

Introducing SCREATH (Supply Chain Risk Framework)

Today, I gave a talk at the SANS Threat Hunting Summit on Supply Chain Threat Hunting. I’ll publish slides later, but I wanted to post our supply chain threat hunting framework worksheet. I want to thank Brandon McCrillis (Rendition Infosec CEO) for freeing me up for the time to work on this (he also gave […]

Your cart

This will be copy area - something to the effect of estimated ship time if applicable


Rendition's advanced courses contain the latest in information security knowledge. Please contact us for more information.

This page has proprietary information in it, please contact us for more information.