Equifax Site Hacked Again? Links Redirect Users to Malicious URL

In a blog post yesterday, analyst Randy Abrams said that he visited the Equifax site to check and see whether false information from another credit bureau had made its way into his credit report on Equifax. When he tried to access his personal information, he said he was redirected to a site with a fake Flash Player update screen. In a tweet yesterday, Abrams said it appeared that the issue might indicate Equifax’ Web site had been breached again.
Equifax revealed in early September that its systems had been compromised sometime between May and July, causing sensitive personal data for around 143 million Americans, as well as a number of Canadian and British citizens, to be exposed. Early this month, the company increased its estimate of the number of U.S. victims by 2.5 million. The U.K.’s National Cyber Security Centre reported yesterday that nearly 700,000 Britons might have been affected by the breach.
Flash Update Link a Red Flag
擦亮眼睛,走出迷茫,信息安全投资黄金通用指南
Abrams noted on his blog that he “just sort of tripped over” the latest problem at Equifax’ Web site while trying to view his credit information. The appearance of a Flash update site was an immediate red flag, according to Abrams.
“Seriously folks, Equifax has enough on their plate trying to update Apache,” he said. “They are not going to help you update Flash. I know that nobody is surprised at my find, but watching Equifax is getting to be like watching a video of United Airlines ‘deplaning’ a passenger . . . It hurts.”
The fake Flash download links appeared during at least four separate visits Abrams made to the Equifax site, according to a report today in Ars Technica. An analysis by the German IT firm Payload Security gave the malicious file that attempted to load a threat score of 96 out of a possible 100.
黑客产业链角色职责分析,这些主要角色包括:漏洞研究人员、僵尸网络控制者、数据分析师、加密高手、刷卡及截货人、钱驴和移动专家。
‘Gets Scarier the More I Look’
Early last week, Equifax said the cybersecurity company Mandiant had completed a forensic investigation of the breach, although the credit bureau’s own internal investigation remains ongoing. The company added it’s working on its own and with outside advisors to “implement and accelerate long-term security improvements.”
In the wake of last month’s report, Equifax’ chief information officer and chief security officer both announced immediate plans to retire. The company is also offering to help people affected by the breach with credit freezes and credit monitoring.
Equifax continues to come under fire from many directions, not only for the initial breach but for its subsequent handling of the incident. After yesterday’s update by the National Cyber Security Centre, U.K.-based security writer Graham Cluley called the company’s response to date “shambolic.”
“Equifax said that it had not yet started notifying the affected UK consumers because it did not think it was ‘appropriate’ as it was waiting until ‘the full forensics investigation was completed,'” Cluley wrote yesterday on his blog. “Given the mess Equifax has made in its attempts to respond to this breach, you would think the credit bureau would be itching to repair its reputation in the eyes of consumers everywhere. Honestly, I’m not sure that reasoning does the trick.”
Meanwhile, U.S.-based security writer Brian Krebs has pointed out that the Equifax breach could expose not only people’s names, Social Security numbers, and birth dates, but also details about their salary and employment histories. Krebs also criticized the Web site that Equifax created to keep people informed about the issue.
“I’ve been spending quite a bit of time looking at Equifax’s various Web properties over the past few weeks and I have to say it gets scarier the more I look,” he said.

一拨又一拨的特大电信诈骗犯罪集团成员被押解回国,真是令人振奋的消息,不过相信像黑社会电影中的一样,小型的诈骗集团会晋级,大佬出狱后也会卷土重来。

猜您喜欢

沁水公司提升安全管理水平促秋检
保密培训第一课:准确定密并正确标识国家秘密
网络安全法实施宣传
美国加州山火持续肆虐 当地华人住房被夷为平地
NEWTON-DOCTOR KRAFTAPPS
信息安全意识考试