Equifax Website Hacked Again, Redirects to Fake Flash Update

Discussion in '[H]ard|OCP Front Page News' started by Megalith, Oct 12, 2017.

  1. Megalith

    Megalith 24-bit/48kHz Staff Member

    Messages:
    10,815
    Joined:
    Aug 20, 2006
    It appears that Equifax’s website has been hacked again and made to redirect to site-serving adware masquerading as an Adobe Flash update: the fake Flash update conceals a file named MediaDownloaderIron.ex, which, according to VirusTotal, is detected as adware by only three AV solutions. For the moment, only Malwarebytes flags the URL of the site serving the adware as malicious.

    Abrams encountered this malicious redirect on Wednesday evening, but multiple sources have since confirmed that it is no longer happening. There has been no comment from Equifax on this latest incident, and it is unknown whether the redirect code has been scrubbed by them or by the hackers who put it there in the first place. In any case, the fact that their Web site has no information on how to report security issues issues on it is another (unsurprising) weakness.
     
    captaindiptoad likes this.
  2. Gweenz

    Gweenz Gawd

    Messages:
    954
    Joined:
    Dec 18, 2003
    Which one of the security team is going to get thrown under the bus for this one?
     
  3. RogueTadhg

    RogueTadhg Gawd

    Messages:
    919
    Joined:
    Dec 14, 2011
    I'm not surprised. I won't also be surprised if the other 50% of the user's private information just happened to be leaked but hasn't been disclosed yet.

    Hell. At this point any news headlines with the words "Equifax" might as well be synonymous with "You're getting fucked in new and exciting ways, America!"
     
  4. Burticus

    Burticus 2[H]4U

    Messages:
    2,368
    Joined:
    Nov 7, 2005
    Maybe he/she is still around from last time so they can recycle and reuse their scapegoat.
     
    GoldenTiger likes this.
  5. fadedlogic

    fadedlogic Limp Gawd

    Messages:
    162
    Joined:
    Mar 7, 2016
    His name was Robert Paulson.
     
  6. maxius

    maxius 2[H]4U

    Messages:
    3,067
    Joined:
    Dec 17, 2001
    While the US government sits on its hands and ignores the problem these hacks cause. This issue can be fixed with proper regulation of any institution that is holding your personal information and ultimately giving we the people control of our personal life data, who it is shared, when data is shared, how it is secured from hacks/misuse and what is the mitigation plan if your data has been compromised.
     
    Last edited: Oct 12, 2017
  7. katanaD

    katanaD Limp Gawd

    Messages:
    264
    Joined:
    Nov 15, 2016
    From what i have read, they are in fact NOT sitting on their hands about this, but working feverishly... to limit any liability that us the consumers can claim


    :)
     
    Last edited: Oct 12, 2017
  8. panhead

    panhead Gawd

    Messages:
    794
    Joined:
    Dec 19, 2003
  9. Romale23

    Romale23 Gawd

    Messages:
    880
    Joined:
    Dec 12, 2006
    I don't think any regulation can fix this problem. I can't think of one that will either A. keep data safe or B. I can't get around (doesn't mean it doesn't exist, just saying i can't figure one out). I think the only way to fix this is liability laws and then banning SSNs for any other purpose than paying SS taxes and filing for SS security (in other words its not linked to you paying the rest of your taxes and can't be misused for stealing tax returns). We make a big deal about equifax but very recently you could get all the personal info you needed for ID theft from the IRS website and it has been vulnerable for it multiple times.
    As far as the private sector goes make people responsible for any ID leaks for life. So you data gets leaked by equifax equifax has the responsibility of fixing your credit for any data breaches for life and has to pay a fine to the consumer whose data was stolen (not the government). Most of your security problems would go away pretty quickly as their is a definable cost that can be figure out. I think this would be a much better solution than any regulations. (the previous would be a liability law and not a regulation)
     
  10. Dead Parrot

    Dead Parrot Gawd

    Messages:
    1,004
    Joined:
    Mar 4, 2013
    * Not a real security team. Paid actors. Might explain the music major CSO. She knew how to relate to all the different performers.

    One fix the government could do is make these companies 100% liable for damages. They won't because they are too busy sticking their snouts into the corporate contribution slop trough and pigging out.
     
    GoldenTiger and Jim Kim like this.
  11. [21CW]killerofall

    [21CW]killerofall [H]ard|Gawd

    Messages:
    1,732
    Joined:
    Mar 16, 2006
  12. arnemetis

    arnemetis [H]ard|Gawd

    Messages:
    1,341
    Joined:
    Aug 2, 2004
    Jesus wtf, give it up. Equifax needs to close its doors, how the hell is this much failure still allowed to operate?
     
    RayderR6, captaindiptoad and testicle like this.
  13. Gweenz

    Gweenz Gawd

    Messages:
    954
    Joined:
    Dec 18, 2003
    I am 100% convinced that it is everyone in their records and someday, likely years from now, they will admit it.
     
  14. NeghVar

    NeghVar [H]ard|Gawd

    Messages:
    1,763
    Joined:
    May 1, 2003
    I wouldn;t be surprised if they suffered a fate like Arthur Andersen
     
  15. oROEchimaru

    oROEchimaru [H]ardness Supreme

    Messages:
    4,292
    Joined:
    Jun 1, 2004
    they need to lose their license as a creditor already.
     
    Armenius and captaindiptoad like this.
  16. Romale23

    Romale23 Gawd

    Messages:
    880
    Joined:
    Dec 12, 2006
    are you sure they need a license? they don't actually offer any financial products that i know of
     
    captaindiptoad likes this.
  17. atp1916

    atp1916 2[H]4U

    Messages:
    2,513
    Joined:
    Jun 18, 2004
    Honeypot comes to mind
     
  18. oROEchimaru

    oROEchimaru [H]ardness Supreme

    Messages:
    4,292
    Joined:
    Jun 1, 2004
    how the heck do they get "all the info" and then are a part of almost every loan and credit agency? dont know how they do it but they should be gone.
     
  19. DeathFromBelow

    DeathFromBelow [H]ardForum Junkie

    Messages:
    9,204
    Joined:
    Jul 15, 2005
  20. Armenius

    Armenius [H]ardForum Junkie

    Messages:
    11,096
    Joined:
    Jan 28, 2014
    You mean like HIPAA Title II? Seems to work pretty well for the healthcare industry.
     
    fadedlogic and GoldenTiger like this.
  21. lcpiper

    lcpiper [H]ardForum Junkie

    Messages:
    8,372
    Joined:
    Jul 16, 2008
    The one that was asking for security testing of course :whistle:
     
    Meeho and GoldenTiger like this.
  22. Romale23

    Romale23 Gawd

    Messages:
    880
    Joined:
    Dec 12, 2006
    no it doesn't its a joke you dont' even have to encrypt your data under hipaa, its just much less public