Benjamin Haas - Fotolia

News

Risk & Repeat: Lessons from the Equifax breach report

By

Rob Wright, Senior News Director

Listen to this podcast

This week's Risk & Repeat podcast looks at the U.S. House Committee on Oversight and Government Reform report on the Equifax breach and the infosec lessons to be learned from it.

Podcast

The Equifax breach report from the U.S. House Committee on Oversight and Government Reform highlighted serious security certificate failures, among other missteps that led to the personal data of 148 million consumers being exposed.

While an exploit of an Apache Struts vulnerability was initially blamed as the source of the incident, the Equifax breach report outlines how several errors enabled threat actors to move laterally through the credit rating agency's network, gain access to crucial databases and exfiltrate the data without being detected. Those errors included allowing more than 300 security certificates to expire, including a crucial certificate for an SSL traffic monitoring device that could have spotted the exfiltration.

How did Equifax allow so many certificates to lapse? What steps could have helped prevent such a catastrophic breach? Who was behind the attack? In this episode of the Risk & Repeat podcast, SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more on the Equifax breach report.

Search Networking

5 principles of change management in networking
Network change management includes five principles, including risk analysis and peer review. These best practices can help ...
A guide to Li-Fi technology
Li-Fi is an emerging wireless technology that uses visible light to transmit data instead of radio frequencies. Though still ...
AI skills for network professionals
Networking professionals must develop basic networking skills and AI to thrive in a complex landscape. Learn how AI's integration...

Search CIO

Trump's Department of Government Efficiency will face issues
Big political and bureaucratic obstacles await Elon Musk and Vivek Ramaswamy, who will lead the department with the goal of ...
How to run a successful IT pilot program
IT pilot programs are a crucial yet frequently overlooked step in internal tech procurement. Learn how to maximize these programs...
Trump plans to repeal Biden order, limit AI regulation
Donald Trump might want less regulation, but he has close ties to tech entrepreneur Elon Musk, who has supported AI regulation, ...

Search Enterprise Desktop

How to make the most of Windows Autopatch with Intune
IT administrators can use Intune to manage numerous settings related to Windows OSes and business apps. The Windows Autopatch ...
How to perform a Windows 11 ISO file install
The days of IT departments manually provisioning Windows OSes and company settings onto each PC are long gone, but IT staff still...
Omnissa-CrowdStrike union reunites management and security
Organizations have growing security and management needs, so partnerships between vendors such as the Omnissa-CrowdStrike ...

Cloud Computing

Managed identity vs. service principal for Azure apps
Managed identities automate identity management for Azure-native applications, while service principals are ideal for external ...
Top cloud migration service providers and how to choose one
Tools, services and pricing vary widely, and often, the options are platform-specific. Here's a rundown of seven representative ...
6 cloud migration challenges to prepare for and overcome
A cloud migration can bring lots of risks, unexpected costs and inconveniences. You can minimize or avoid them with thorough ...

ComputerWeekly.com

Australia bolsters cyber defences with security bill
Legislation tackles mandatory reporting of ransomware attacks, internet of things security and establishes a Cyber Incident ...
CW APAC – Trend Watch: Modernising security operations
Organisations everywhere know the risks of cyber security complacency. In this handbook, focused on modernising security ...
How Kaspersky is driving growth in APAC
Kaspersky is leveraging its threat intelligence capabilities and local market knowledge to navigate geopolitical tensions and ...

Close