Benjamin Haas - Fotolia
This week's Risk & Repeat podcast looks at the U.S. House Committee on Oversight and Government Reform report on the Equifax breach and the infosec lessons to be learned from it.
The Equifax breach report from the U.S. House Committee on Oversight and Government Reform highlighted serious security certificate failures, among other missteps that led to the personal data of 148 million consumers being exposed.
While an exploit of an Apache Struts vulnerability was initially blamed as the source of the incident, the Equifax breach report outlines how several errors enabled threat actors to move laterally through the credit rating agency's network, gain access to crucial databases and exfiltrate the data without being detected. Those errors included allowing more than 300 security certificates to expire, including a crucial certificate for an SSL traffic monitoring device that could have spotted the exfiltration.
How did Equifax allow so many certificates to lapse? What steps could have helped prevent such a catastrophic breach? Who was behind the attack? In this episode of the Risk & Repeat podcast, SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more on the Equifax breach report.