Resultados 1 a 2 de 2
  1. #1
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    18,473

    [EN] Equifax website borked again


    Reports emerged of another potential hack on the credit reporting group that is already reeling from a huge data breach.

    Malware researcher encounters bogus download links during multiple visits.

    Dan Goodin
    10/12/2017

    n May credit reporting service Equifax's website was breached by attackers who eventually made off with Social Security numbers, names, and a dizzying amount of other details for some 145.5 million US consumers. For several hours on Wednesday, and again early Thursday morning, the site was maliciously manipulated again, this time to deliver fraudulent Adobe Flash updates, which when clicked, infected visitors' computers with adware that was detected by only three of 65 antivirus providers.

    Randy Abrams, an independent security analyst by day, happened to visit the site Wednesday evening to check what he said was false information he had just found on his credit report.

    He was understandably incredulous. The site that previously gave up personal data for virtually every US person with a credit history was once again under the influence of attackers, this time trying to trick Equifax visitors into installing crapware Symantec calls Adware.Eorezo. Knowing a thing or two about drive-by campaigns, Abrams figured the chances were slim he'd see the download on follow-on visits. To fly under the radar, attackers frequently serve the downloads to only a select number of visitors, and then only once.

    Abrams tried anyway, and to his amazement, he encountered the bogus Flash download links on at least three subsequent visits. The picture above this post is the higher-resolution screenshot he captured during one visit. He also provided the video below. It shows an Equifax page redirecting the browser to at least four domains before finally opening the Flash download at the same centerbluray.info page.

    The file that got delivered when Abrams clicked through is called MediaDownloaderIron.exe. This VirusTotal entry shows only Panda, Symantec, and Webroot detecting the file as adware. This separate malware analysis from Payload Security shows the code is highly obfuscated and takes pains to conceal itself from reverse engineering. Malwarebytes flagged the centerbluray.info site as one that pushes malware, while both Eset and Avira provided similar malware warnings for one of the intermediate domains, newcyclevaults.com.

    It's not yet clear precisely how the Flash download page got displayed. The group-sourced analysis here and this independent assessment from researcher Kevin Beaumont—both submitted in the hours after this post went live—make a strong case that Equifax was working with a third-party ad network or analytics provider that's responsible for the redirects. In that case, the breach, technically speaking, isn't on the Equifax website and may be affecting other sites as well. But even if that's true, the net result is that the Equifax site was arguably compromised in some way, since administrators couldn't control the pages visitors saw when trying to use key functions, some which require visitors to enter Social Security numbers.

    Several hours after this post went live, an Ars reader e-mailed to say he recently encountered a sketchy ad when putting a temporary fraud alert on his Equifax file. The reader wrote:

    When I clicked it (from Gmail on Android) I was redirected to a spam page shortly after seeing the Equifax credit file form. I thought maybe it was an anomaly because it didn't happen again. But after reading your article about how sometimes hacks will redirect randomly I tried the link again just now and sure enough I got a spam page again (lucksupply.club saying I won an iPhone X). This is Chrome-in-a-tab from Gmail so i don't believe there's any extensions or other malware on my device that could have caused this redirect.


    In the hour this post was being reported and written, Abrams was unable to reproduce the redirects leading to the malicious download, but he said they returned early Thursday morning. Shortly after that, a section of the site was taken down. In an e-mail sent mid Thursday morning, an Equifax represesentative wrote:

    We are aware of the situation identified on the equifax.com website in the credit report assistance link. Our IT and Security teams are looking into this matter, and out of an abundance of caution have temporarily taken this page offline. When it becomes available or we have more information to share, we will.


    https://arstechnica.com/information-...-flash-update/


    Equifax takes down webpage to investigate another potential hack

    In a statement Equifax said: “Our IT and Security teams are looking into this matter, and out of an abundance of caution have temporarily taken this page offline. When it becomes available or we have more information to share, we will.”

    Shares in Equifax were down 1.8 per cent by early afternoon in New York.

    The S&P 500 company has been the subject of a public and political storm because of its botched handling of sensitive information earlier this year, which has put about half the adult population of the US at risk of identity theft.

    https://www.ft.com/content/ee6534fa-...a-ee80851dd464
    Última edição por 5ms; 12-10-2017 às 16:49.

  2. #2
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    18,473

    Equifax: vendor was “serving malicious content”



    Kevin Dugan
    October 12, 2017

    Equifax shot down reports on Thursday that its website was hacked, and instead put the blame on a third-party vendor that was compromised.

    “Despite early media reports, Equifax can confirm that its systems were not compromised,” Marisa Salcines, a spokeswoman for the company, said in a statement.

    A vendor that Equifax uses to measure website performance, like visits and hits, was “serving malicious content,” Salcines said.

    It’s unclear if any visitors were nevertheless compromised because of code that it appeared on its site.

    Earlier on Thursday, the tech website Ars Technica reported that the credit bureau’s website may have been compromised, and showed how one visitor to a page on the site was directed to a fishy scam that used a fake Adobe Flash download prompt.

    Soon after the report surfaced the company took the web page down.

    “Since we learned of the issue, the vendor’s code was removed from the webpage and we have taken the webpage offline to conduct further analysis,” she said.

    The confirmation that Equifax allowed compromised software on its website is the latest embarrassment for the company. Just last month Equifax announced that hackers broke into its servers and, over a period of three months, stole the private data of 145.5 million customers.

    The data stolen included Social Security numbers, addresses, credit card numbers, and, in some cases, driver’s license numbers.

    The scandal has led to the resignation of the company’s CEO and at least two other executives. Richard Smith, the ex-chief, was flayed through three days of Congressional testimony last week. Numerous federal agencies and state attorneys general have opened investigations.

    The company has apologized for the breach.

    http://nypost.com/2017/10/12/equifax...blames-vendor/

Permissões de Postagem

  • Você não pode iniciar novos tópicos
  • Você não pode enviar respostas
  • Você não pode enviar anexos
  • Você não pode editar suas mensagens
  •