Equifax Website Hacked Again, Redirects to Fake Flash Update

Megalith

Megalith

24-bit/48kHz
Staff member
Joined
Aug 20, 2006
Messages
13,000
It appears that Equifax’s website has been hacked again and made to redirect to site-serving adware masquerading as an Adobe Flash update: the fake Flash update conceals a file named MediaDownloaderIron.ex, which, according to VirusTotal, is detected as adware by only three AV solutions. For the moment, only Malwarebytes flags the URL of the site serving the adware as malicious.

Abrams encountered this malicious redirect on Wednesday evening, but multiple sources have since confirmed that it is no longer happening. There has been no comment from Equifax on this latest incident, and it is unknown whether the redirect code has been scrubbed by them or by the hackers who put it there in the first place. In any case, the fact that their Web site has no information on how to report security issues issues on it is another (unsurprising) weakness.
 
I'm not surprised. I won't also be surprised if the other 50% of the user's private information just happened to be leaked but hasn't been disclosed yet.

Hell. At this point any news headlines with the words "Equifax" might as well be synonymous with "You're getting fucked in new and exciting ways, America!"
 
While the US government sits on its hands and ignores the problem these hacks cause. This issue can be fixed with proper regulation of any institution that is holding your personal information and ultimately giving we the people control of our personal life data, who it is shared, when data is shared, how it is secured from hacks/misuse and what is the mitigation plan if your data has been compromised.
 
Last edited:
maxius said:
While the US government sits on its hands and ignores the problem these hacks cause. This issue can be fixed with proper regulation of any institution that is holding your personal information and ultimately giving we the people control of our personal life data, who it is shared, when data is shared, how it is secured from hacks/misuse and what is the mitigation plan if your data has been compromised.
Click to expand...
I don't think any regulation can fix this problem. I can't think of one that will either A. keep data safe or B. I can't get around (doesn't mean it doesn't exist, just saying i can't figure one out). I think the only way to fix this is liability laws and then banning SSNs for any other purpose than paying SS taxes and filing for SS security (in other words its not linked to you paying the rest of your taxes and can't be misused for stealing tax returns). We make a big deal about equifax but very recently you could get all the personal info you needed for ID theft from the IRS website and it has been vulnerable for it multiple times.
As far as the private sector goes make people responsible for any ID leaks for life. So you data gets leaked by equifax equifax has the responsibility of fixing your credit for any data breaches for life and has to pay a fine to the consumer whose data was stolen (not the government). Most of your security problems would go away pretty quickly as their is a definable cost that can be figure out. I think this would be a much better solution than any regulations. (the previous would be a liability law and not a regulation)
 
Gweenz said:
Which one of the security team is going to get thrown under the bus for this one?
Click to expand...

* Not a real security team. Paid actors. Might explain the music major CSO. She knew how to relate to all the different performers.

One fix the government could do is make these companies 100% liable for damages. They won't because they are too busy sticking their snouts into the corporate contribution slop trough and pigging out.
 
giphy.gif
 
RogueTadhg said:
I'm not surprised. I won't also be surprised if the other 50% of the user's private information just happened to be leaked but hasn't been disclosed yet.

Hell. At this point any news headlines with the words "Equifax" might as well be synonymous with "You're getting fucked in new and exciting ways, America!"
Click to expand...

I am 100% convinced that it is everyone in their records and someday, likely years from now, they will admit it.
 
Romale23 said:
are you sure they need a license? they don't actually offer any financial products that i know of
Click to expand...

how the heck do they get "all the info" and then are a part of almost every loan and credit agency? dont know how they do it but they should be gone.
 
maxius said:
While the US government sits on its hands and ignores the problem these hacks cause. This issue can be fixed with proper regulation of any institution that is holding your personal information and ultimately giving we the people control of our personal life data, who it is shared, when data is shared, how it is secured from hacks/misuse and what is the mitigation plan if your data has been compromised.
Click to expand...
You mean like HIPAA Title II? Seems to work pretty well for the healthcare industry.
 
You must log in or register to reply here.
Back
Top