Skip to comments.
Equifax website borked again, this time to redirect to fake Flash update
ars technica ^
| 10/12/2017
| DAN GOODIN
Posted on 10/12/2017 11:00:13 AM PDT by Leaning Right
In May credit reporting service Equifax's website was breached by attackers who eventually made off with Social Security numbers, names, and a dizzying amount of other details for some 145.5 million US consumers.
For several hours on Wednesday, and again early Thursday morning, the site was maliciously manipulated again, this time to deliver fraudulent Adobe Flash updates, which when clicked, infected visitors' computers with adware that was detected by only three of 65 antivirus providers.
(Excerpt) Read more at arstechnica.com ...
TOPICS: Business/Economy; Crime/Corruption; News/Current Events
KEYWORDS: adobeflash; equifax; equifaxadobeflash; equifaxhacked; equifaxhackedagain; flash
Navigation: use the links below to view more comments.
first 1-20, 21-24 next last
Another day, another Equifax breach. Hillary must be loving this. Because compared to Equifax, Hillary looks like a cybersecurity expert.
To: Leaning Right
Anytime ANYTHING prompts me to update flash, I move on...
2
posted on
10/12/2017 11:00:55 AM PDT
by
robroys woman
(So you're not confused, I'm male.)
To: Leaning Right
3
posted on
10/12/2017 11:02:16 AM PDT
by
dfwgator
To: Leaning Right
Fake Flash update?
How could they tell?................
4
posted on
10/12/2017 11:16:18 AM PDT
by
Red Badger
(Road Rage lasts 5 minutes. Road Rash lasts 5 months!.....................)
To: Red Badger
> How could they tell?................ <
A cybersecurity expert was visiting the Equifax site to check on some personal information. He was directed to a “Flash update” page. He noticed that the “update” page was on a domain that nothing to do with Adobe, the makers of Flash.
For example, to download a Flash update, better go to Adobe’s actual site. You wouldn’t want to download an update that’s on some domain like BigOldGreenBalloons.net (I just made that site up, but you get the idea).
The problem is that many fake domains choose names that are very close to the real domain names.
5
posted on
10/12/2017 11:36:26 AM PDT
by
Leaning Right
(I have already previewed or do not wish to preview this composition.)
To: All
When are the _USA_ corporations going to be held accountable? There needs be serious penalties, retribution against these ongoing leaking corporations.
6
posted on
10/12/2017 11:40:05 AM PDT
by
veracious
(UN = OIC = Islam ; Democrats may change USAgov completely, just amend USConstitution)
To: Leaning Right
>>"only three of 65 antivirus providers"Which ones!
7
posted on
10/12/2017 11:54:38 AM PDT
by
Aevery_Freeman
(Why do those with the least to say do so loudly and often?)
To: Aevery_Freeman
Panda, Symantec, and Webroot detected the antivirus.
8
posted on
10/12/2017 11:58:45 AM PDT
by
Leaning Right
(I have already previewed or do not wish to preview this composition.)
To: Aevery_Freeman
Ugh, sorry. Post #8 should have read:
Panda, Symantec, and Webroot detected the virus.
9
posted on
10/12/2017 11:59:49 AM PDT
by
Leaning Right
(I have already previewed or do not wish to preview this composition.)
To: Leaning Right
Who borked it, Ted Kennedy’s ghost?
10
posted on
10/12/2017 12:21:55 PM PDT
by
rfp1234
(I have already previewed this composition.)
To: Leaning Right
infected visitors' computers with adware
Well, if I had a choice, I'd take the adware infection over ransomware anyday.
11
posted on
10/12/2017 12:23:32 PM PDT
by
oh8eleven
(RVN '67-'68)
To: rfp1234
Before posting the article, I actually had to look up what “borked” meant.
12
posted on
10/12/2017 12:26:23 PM PDT
by
Leaning Right
(I have already previewed or do not wish to preview this composition.)
To: Leaning Right
At what point does the Federal Government walk in and tell Equifax to shut their shit down and arrest those in charge of "security"????
I was affected by their lax security which in order to protect myself required I lock all three of my credit reports and upgrade my Lifelock to their Premium package.
Total cost to me: $335.40 for a year of LifeLock and $30 to lock my credit reports at each of the three credit reporting agencies. These expenses aren't just for this year, I'll be paying them every year the rest of my life to protect myself!
Who at Equifax do I sue for these unexpected expenses to protect my credit rating?
13
posted on
10/12/2017 12:29:18 PM PDT
by
usconservative
(When The Ballot Box No Longer Counts, The Ammunition Box Does. (What's In Your Ammo Box?))
To: rfp1234
Harvey Weinstein may offer Equifax a cameo slot in his next movie.
But first, the test on the casting couc....
14
posted on
10/12/2017 12:35:56 PM PDT
by
ptsal
( Get your facts first, then you can distort them as you please. - M. Twain)
To: usconservative
> At what point does the Federal Government walk in and tell Equifax to shut their shit down and arrest those in charge of “security”???? <
The chart at the link below shows what Equifax spends on lobbying politicians. Take a quick look at the chart and you’ll realize that the answer to your question is “never”.
https://www.opensecrets.org/lobby/clientsum.php?id=D000025712
15
posted on
10/12/2017 12:39:06 PM PDT
by
Leaning Right
(I have already previewed or do not wish to preview this composition.)
To: usconservative
At what point does the Federal Government walk in and tell Equifax to shut their shit down and arrest those in charge of "security"????
I don't think the Federal Government even knows what cybersecurity is. See: the Awan brothers.
16
posted on
10/12/2017 12:50:26 PM PDT
by
caligatrux
(Rage, rage against the dying of the light.)
To: usconservative
Who at Equifax do I sue for these unexpected expenses to protect my credit rating? I guess that is why you would hire a lawyer to find out. A retainer for that might be 10 years worth of LifeLock payments. Hiring your own attorney seems out of question unless you had ID theft. You could explore signing up with an existing class action lawsuit. I am doing the 90 day fraud alert and seeing how this develops.
17
posted on
10/12/2017 1:37:47 PM PDT
by
EVO X
To: EVO X
You could explore signing up with an existing class action lawsuit. I am doing the 90 day fraud alert and seeing how this develops. A 90 day fraud alert is useless when your identity is used Day #91 to establish credit and run up debt in your name ...............
18
posted on
10/12/2017 1:39:35 PM PDT
by
usconservative
(When The Ballot Box No Longer Counts, The Ammunition Box Does. (What's In Your Ammo Box?))
To: usconservative
I understand the window. Will probably go with a freeze in the near future.
19
posted on
10/12/2017 1:45:03 PM PDT
by
EVO X
To: Leaning Right
And yet the IRS gave them a contract?
And yet financial institutions are still giving them our data?
20
posted on
10/12/2017 1:56:34 PM PDT
by
tbw2
Navigation: use the links below to view more comments.
first 1-20, 21-24 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson
