• Abusing Distance Learning Software (Security Affairs)

• Can We Stop Pretending SMS Is Secure Now? (Krebson Security)

• Microsoft Exchange Server Attacks (ZD Net)

• Purple Fox Malware Worms Into Windows System (Bleeping Computer)

• Black Kingdom ransomware begins appearing on Exchange servers (Sophos)

• Do You Know About this AWS Authorization Bypass? (Lightspin)

• Facial recognition beats the COVID-19 mask challenge (BBC)

• FatFace hit by cyberattack (IT Security Guru)

• Chinese hackers used Facebook to spy on Uighurs abroad (Aljazeera)

• Hidden OAuth attack vectors (PortSwigger)

• The Escalating Stakes of Cyber Insurance (Pondurance)

• CISA Leader: Agency Must Expand Visibility into Risks (HS Today)

• 30K Servers Vulnerable, Daily Attacks Spike (Health IT Security)

• Acer Reportedly Suffered a REvil Ransomware Attack (CPO Magazine)

[Download the MP3]

When we think about cyber threats to the hardware supply chain, we often think about defense contractors making missiles and fighter jets. But these days, hardware supply chain security affects a wide range of companies – not just technology giants like Intel or cloud computing providers like Amazon and Google, but banks and financial services companies, healthcare companies, consumer electronics firms and more. 

Despite media attention to the problem, the awareness of hardware supply chain risks is still low within companies. Tools and talent to address it are hard to find and expensive. What’s a company to do?

Hardware Supply Chain Is Everyone’s Problem

In this episode of the Podcast we welcome Michael Mattioli into the Security Ledger studio. Michael leads the Hardware Engineering team within Goldman Sachs. There, he is responsible for the design and engineering of the firm’s digital experiences and technologies. He is also responsible for the overall strategy and execution of hardware innovation both within the firm and within the broader technology industry.

Michael is the author of a paper Consumer Exposure to Counterfeit Hardware. In it, he notes that many of the methods used to ensure hardware supply chain integrity are fallible. Visual inspection of installed parts or open source research on sellers don’t scale and are unreliable. He’s trying to sound the alarm about the threat that hardware supply chain insecurity poses to our entire economy.

TCG Tackles Hardware Supply Chain

Michael’s part of a new working group at Trusted Computing Group and the GSA that is working to develop standards based technology and tools to enforce hardware integrity at scale. In this interview, Michael and I talk about the growing risk of hardware supply chain risk and the need for coordination throughout the industry to address hardware security threats.Goldman Sachs joined the TCG in February as it looks for partners in securing FinTech, where activities like mobile transactions are growing by leaps and bounds.   

To start off, I asked Michael to describe the work he does at Goldman Sachs and why a financial services company employs a hardware security expert.

(*) Disclosure: This podcast and blog post were sponsored by Trusted Computing Group. For more information on how Security Ledger works with its sponsors and sponsored content on Security Ledger, check out our About Security Ledger page on sponsorships and sponsor relations.

As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloud, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted.