Slashdot Mirror

← Back to Stories (view on slashdot.org)

Equifax Website Hacked Again, this Time To Redirect To Fake Flash Update (arstechnica.com)

Posted by msmash on from the fool-me-once dept.

For several hours on Wednesday Equifax's website was compromised again, this time to deliver fraudulent Adobe Flash updates, which when clicked, infected visitors' computers with adware that was detected by only three of 65 antivirus providers, reports Dan Goodin at Ars Technica. From the report: Randy Abrams, an independent security analyst by day, happened to visit the site Wednesday evening to contest what he said was false information he had just found on his credit report. Eventually, his browser opened up a page on the domain hxxp:centerbluray.info. He was understandably incredulous. The site that previously gave up personal data for virtually every US person with a credit history was once again under the control of attackers, this time trying to trick Equifax visitors into installing crapware Symantec calls Adware.Eorezo. Knowing a thing or two about drive-by campaigns, Abrams figured the chances were slim he'd see the download on follow-on visits. To fly under the radar, attackers frequently serve the downloads to only a select number of visitors, and then only once. Abrams tried anyway, and to his amazement, he encountered the bogus Flash download links on at least three subsequent visits. Update: Equifax said on Thursday it was taking one of its web pages offline as its security team looks into reports of another potential cyber breach.

2 of 150 comments (clear)

  1. But wait, there's more! by Ayano · · Score: 3, Funny

    Is this the story that never ends?

    --
    I don't read AC
  2. Stop being so judgemental by Lucas123 · · Score: 4, Funny

    You people act as though Equifax is made of money that they can lavishly spend it on securing the highly sensitive financial data of consumers who never gave the company authority to collect and share it in the first place. Equifax only made $3.1 billion last year; they have a lot of wealthy shareholders and executives whose lifestyles depend on a high revenue to profit ratio.

    Sure, Equifax was the subject of more than 57,000 consumer complaints to the Consumer Financial Protection Bureau from October 2012 to September 17, 2017 with most complaints relating to incomplete, inaccurate, outdated, or misattributed information held by the company, but that could happen to anyone. /s