bluebay2014 - Fotolia

Manage Learn to apply best practices and optimize your operations.

Risk & Repeat: Shadow Brokers' dump shakes IT industry

Listen to this podcast

In part two of Risk & Repeat's podcast on the Equation Group, SearchSecurity editors discuss the zero-day vulnerabilities discovered in the Shadow Brokers' data dump.

The Shadow Brokers' dump of hacking tools and zero-day vulnerabilities from the Equation Group has IT vendors scrambling to patch the flaws as the identity of the hacking group remains a mystery.

Major vendors such as Cisco and Fortinet have reacted to the dump with patches addressing some of the zero-day bugs in the Shadow Brokers' dump. But the flaws have led to questions about the nature of the cyberweapons and vulnerabilities. How long they have been kept secret by the Equation Group and the National Security Agency, and what other flaws and hacking tools may be coming from the Shadow Brokers?

What does this mean for mean for the U.S. government's cybersecurity policy and its stance on security vulnerabilities? How will the Shadow Brokers' dump affect and potentially undermine enterprise security? And what effect will this controversy have on the government's effort to gain access to encrypted data?

In part one of this Risk & Repeat podcast, editors Rob Wright and Peter Loshin discussed the Shadow Brokers' auction of these cyberweapons and the Equation Group's controversial ties to the National Security Agency. In part two of the podcast, the editors examine the effect of the Shadow Brokers' data dump and what it means for major IT vendors as well as the U.S. government.

Next Steps

Risk & Repeat: Black Hat 2016 highlights and trends

Risk & Repeat: Malicious Tor nodes discovered

Risk & Repeat: ASN.1 compiler flaw raises concern

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

How will the Equation Group hack affect the IT industry and government policy regarding zero-day vulnerabilities?
Is it possible that the cyber security industry is becoming an unwitting "protection racket" by failing to disclose the vulnerabilities which are now being designated "cyber weapons" by the U.S. Government and which tools are being used by the Equation tookits?  The secrecy will damage national security itself because no one will be able to determine what is a real and present danger?