Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED ABOUT A MINUTE AGO.
You are here: Home / Network Security / Was Equifax Site Hacked Again?
Equifax Site Hacked Again? Links Redirect Users to Malicious URL
Equifax Site Hacked Again? Links Redirect Users to Malicious URL
By Shirley Siluk / Enterprise Security Today Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
OCTOBER
12
2017
One month after news came out about a massive breach at Equifax, the credit bureau is still struggling with the fallout. The latest blow arrived yesterday when an independent security researcher reported discovering that links on the Equifax Web site were attempting to redirect him to a malicious URL.

In a blog post yesterday, analyst Randy Abrams said that he visited the Equifax site to check and see whether false information from another credit bureau had made its way into his credit report on Equifax. When he tried to access his personal information, he said he was redirected to a site with a fake Flash Player update screen. In a tweet yesterday, Abrams said it appeared that the issue might indicate Equifax' Web site had been breached again.

Equifax revealed in early September that its systems had been compromised sometime between May and July, causing sensitive personal data for around 143 million Americans, as well as a number of Canadian and British citizens, to be exposed. Early this month, the company increased its estimate of the number of U.S. victims by 2.5 million. The U.K.'s National Cyber Security Centre reported yesterday that nearly 700,000 Britons might have been affected by the breach.

Flash Update Link a Red Flag

Abrams noted on his blog that he "just sort of tripped over" the latest problem at Equifax' Web site while trying to view his credit information. The appearance of a Flash update site was an immediate red flag, according to Abrams.

"Seriously folks, Equifax has enough on their plate trying to update Apache," he said. "They are not going to help you update Flash. I know that nobody is surprised at my find, but watching Equifax is getting to be like watching a video of United Airlines 'deplaning' a passenger . . . It hurts."

The fake Flash download links appeared during at least four separate visits Abrams made to the Equifax site, according to a report today in Ars Technica. An analysis by the German IT firm Payload Security gave the malicious file that attempted to load a threat score of 96 out of a possible 100.

'Gets Scarier the More I Look'

Early last week, Equifax said the cybersecurity company Mandiant had completed a forensic investigation of the breach, although the credit bureau's own internal investigation remains ongoing. The company added it's working on its own and with outside advisors to "implement and accelerate long-term security improvements."

In the wake of last month's report, Equifax' chief information officer and chief security officer both announced immediate plans to retire. The company is also offering to help people affected by the breach with credit freezes and credit monitoring.

Equifax continues to come under fire from many directions, not only for the initial breach but for its subsequent handling of the incident. After yesterday's update by the National Cyber Security Centre, U.K.-based security writer Graham Cluley called the company's response to date "shambolic."

"Equifax said that it had not yet started notifying the affected UK consumers because it did not think it was 'appropriate' as it was waiting until 'the full forensics investigation was completed,'" Cluley wrote yesterday on his blog. "Given the mess Equifax has made in its attempts to respond to this breach, you would think the credit bureau would be itching to repair its reputation in the eyes of consumers everywhere. Honestly, I'm not sure that reasoning does the trick."

Meanwhile, U.S.-based security writer Brian Krebs has pointed out that the Equifax breach could expose not only people's names, Social Security numbers, and birth dates, but also details about their salary and employment histories. Krebs also criticized the Web site that Equifax created to keep people informed about the issue.

"I've been spending quite a bit of time looking at Equifax’s various Web properties over the past few weeks and I have to say it gets scarier the more I look," he said.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN NETWORK SECURITY

NETWORK SECURITY SPOTLIGHT
China-based Vivo will be the first company to come out with a smartphone featuring an in-display sensor for fingerprint security, beating Apple, Samsung, and other device makers to the punch.

ENTERPRISE SECURITY TODAY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.