Hacker And The Fed cover image

Hacker And The Fed

Equifax Breach, a Hack of 27 Crypto Companies, and the Arrest of a Department of State IT Contractor

Sep 28, 2023
This podcast covers interesting topics like the Equifax breach, the potential vulnerability of Google Authenticator, an iPhone exploit chain, and the arrest of a Department of State IT contractor on espionage charges. They also discuss the excitement of breaching a system, hacker motivations, asset management in cybersecurity, segmentation and risk assessment in online services, and the importance of following rules and not engaging in illegal activities.
01:13:06

Podcast summary created with Snipd AI

Quick takeaways

  • The Equifax breach highlights the importance of effective asset management and regular patching to prevent long-term infiltrations.
  • The hack of 27 crypto companies raises concerns about relying solely on MFA for security and the need for business to ensure segmentation between personal and work-related accounts.

Deep dives

Equifax Breach and Web Shells

The Equifax breach in 2017 resulted in the exfiltration of personal identifiable information (PII) of 163 million customers. Attackers exploited a vulnerability in Apache Struts software, an open source framework for building Java web applications. The breach occurred due to a system update on a Saturday night, which alerted the security engineer to the presence of the hacker. Attackers used web shells, scripts uploaded to the file system, to maintain access and control of the web server. The attackers also found credentials in a network file share, enabling lateral movement within the network and access to a table containing the PII of millions of people.

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.
App store bannerPlay store banner