Equifax Site Hacked Again? Links Redirect Users to Malicious URL

兴业太阳能授出1200万份购股权
In a blog post yesterday, analyst Randy Abrams said that he visited the Equifax site to check and see whether false information from another credit bureau had made its way into his credit report on Equifax. When he tried to access his personal information, he said he was redirected to a site with a fake Flash Player update screen. In a tweet yesterday, Abrams said it appeared that the issue might indicate Equifax’ Web site had been breached again.
Equifax revealed in early September that its systems had been compromised sometime between May and July, causing sensitive personal data for around 143 million Americans, as well as a number of Canadian and British citizens, to be exposed. Early this month, the company increased its estimate of the number of U.S. victims by 2.5 million. The U.K.’s National Cyber Security Centre reported yesterday that nearly 700,000 Britons might have been affected by the breach.
Flash Update Link a Red Flag
Abrams noted on his blog that he “just sort of tripped over” the latest problem at Equifax’ Web site while trying to view his credit information. The appearance of a Flash update site was an immediate red flag, according to Abrams.

“Seriously folks, Equifax has enough on their plate trying to update Apache,” he said. “They are not going to help you update Flash. I know that nobody is surprised at my find, but watching Equifax is getting to be like watching a video of United Airlines ‘deplaning’ a passenger . . . It hurts.”
The fake Flash download links appeared during at least four separate visits Abrams made to the Equifax site, according to a report today in Ars Technica. An analysis by the German IT firm Payload Security gave the malicious file that attempted to load a threat score of 96 out of a possible 100.
客户的敏感信息如信用卡信息、订单信息甚至联系方式等,在市场竞争日益激烈的今天,关乎企业的生死存亡。
‘Gets Scarier the More I Look’
Early last week, Equifax said the cybersecurity company Mandiant had completed a forensic investigation of the breach, although the credit bureau’s own internal investigation remains ongoing. The company added it’s working on its own and with outside advisors to “implement and accelerate long-term security improvements.”
In the wake of last month’s report, Equifax’ chief information officer and chief security officer both announced immediate plans to retire. The company is also offering to help people affected by the breach with credit freezes and credit monitoring.
Equifax continues to come under fire from many directions, not only for the initial breach but for its subsequent handling of the incident. After yesterday’s update by the National Cyber Security Centre, U.K.-based security writer Graham Cluley called the company’s response to date “shambolic.”
“Equifax said that it had not yet started notifying the affected UK consumers because it did not think it was ‘appropriate’ as it was waiting until ‘the full forensics investigation was completed,'” Cluley wrote yesterday on his blog. “Given the mess Equifax has made in its attempts to respond to this breach, you would think the credit bureau would be itching to repair its reputation in the eyes of consumers everywhere. Honestly, I’m not sure that reasoning does the trick.”
Meanwhile, U.S.-based security writer Brian Krebs has pointed out that the Equifax breach could expose not only people’s names, Social Security numbers, and birth dates, but also details about their salary and employment histories. Krebs also criticized the Web site that Equifax created to keep people informed about the issue.
“I’ve been spending quite a bit of time looking at Equifax’s various Web properties over the past few weeks and I have to say it gets scarier the more I look,” he said.
真实的网络战争,网络战是战争的最新样式,不论是网络游击战、网络特种作战、网络间谍战还是网络火力准备,都会在未来国与国的冲突中反复上演。公众应该对此有所了解、有所准备。不难理解核心的领域使用本土产品和服务会增加可控性。

猜您喜欢

首席人才官工程启动
公司员工信息安全意识教育动画视频
网络安全法宣传片 002 国家网络安全的现状与重要性概述
三星太子李在镕今日二审出庭 明年2月前宣判
STUTTGARTER-WEIHNACHTSMARKT WESTLINNFLOWERS
保密培训第一课:准确定密并正确标识国家秘密