On January 19th, the maintainers of the popular PHP package management system disclosed that they had discovered a backdoor in an installer component named go-pear.phar. The PEAR website is still down as of today and maintainers state that they have no ETA for when a clean site will be on line. Although initial indications were […]
Today, Bloomberg published an article claiming that at least some Super Micro motherboards contained hardware backdoors. While we don’t have any inside information, we’ve been fielding several calls from clients about actions they should take and wanted to expand our thoughts on this outside our existing customer base. To begin, it’s important to note that […]
The grocery chain Wegmans is suing one of its suppliers (Invermar) for a supply chain breach. Though all the details aren’t yet available, Wegmans claims that Invermar was compromised and that the compromise allowed attackers to reroute payments. Wegmans’ total losses aren’t known, though the suit asks for $900,000 in damages. When we talk about […]
From the NotPetya attacks last year to the recent hijack of the MEGA browser plugin, it’s obvious that supply chain compromise isn’t just a theoretical risk anymore. But how do you threat hunt in an environment that isn’t your own? This is a difficult task, but we really focus on looking for the few indicators […]
Today, I gave a talk at the SANS Threat Hunting Summit on Supply Chain Threat Hunting. I’ll publish slides later, but I wanted to post our supply chain threat hunting framework worksheet. I want to thank Brandon McCrillis (Rendition Infosec CEO) for freeing me up for the time to work on this (he also gave […]
This will be copy area - something to the effect of estimated ship time if applicable