On Wednesday, security researcher Randy Abrams visited the Equifax site to contest bad information in his credit report and was attacked by malicious software that tried to get him to download a fake Flash updater that was a vector for an obscure piece of malware called Adware.Eorezo.
Other users confirm that they were subjected to redirections to scam sites and malware when visiting Equifax's site. It's not clear how these were injected into the Equifax pages (they could be malicious advertising that snuck in under the radar of a programmatic ad broker, or the Equifax servers could be compromised, or something else). This kind of malware is typically served intermittently and as of now, no one can reproduce the events on Equifax's site, which could mean that Equifax purged the bad ads or malware, or it could just mean that the malware is lying low. Equifax has not made any public statements about this.
The site that previously gave up personal data for virtually every US person with a credit history was once again under the control of attackers, this time trying to trick Equifax visitors into installing crapware Symantec calls Adware.Eorezo. Knowing a thing or two about drive-by campaigns, Abrams figured the chances were slim he'd see the download on follow-on visits. To fly under the radar, attackers frequently serve the downloads to only a select number of visitors, and then only once.
Abrams tried anyway, and to his amazement, he encountered the bogus Flash download links on at least three subsequent visits. The picture above this post is the higher-resolution screenshot he captured during one visit. He also provided the video below. It shows an Equifax page redirecting the browser to at least four domains before finally opening the Flash download at the same centerbluray.info page.
Equifax website hacked again, this time to redirect to fake Flash update
[Dan Goodin/Ars Technica]
A team of computer scientists, psychologists and neuroscientists used eye-tracking and fMRI to measure how users perceived security warnings, such as warnings about app permissions and browser warnings about insecure pages and plugin installations.
Konrad Rieck has data-mined the nine top security conferences, compiling a decade-by-decade list of the papers most often cited in the presentations delivered at these events: top of the pile is Random Oracles are Practical: A Paradigm for Designing Efficient Protocols (Sci-Hub mirror), from the 1993 ACM Conference on Computer and Communications Security. Rieck has […]
A former executive from the data-mining dark operator Cambridge Analytica ‘visited Julian Assange in February last year and told friends it was to discuss what happened during the US election,’ the Guardian reported today. Brittany Kaiser worked as a director there until not long ago, and is reported “to have channelled cryptocurrency payments and donations […]
The human eye is a powerful thing, but it’s not so great at seeing in the dark or around tight spaces, which is partially why most of us struggle with unplugging drains, cleaning under the fridge, and other hard-to-reach jobs. This 1080p HD Waterproof WiFi Wireless Endoscopic Camera, however, gives you the flexibility necessary to get […]
Macs are undeniably some of the most versatile computers on the market, but they can do so much more than what their stock apps allow. For those looking to get the most out of their Mac hardware, the Pay What You Want 2018 Super Mac Bundle features 10 of the industry’s top apps, including photo editors and […]
Salesforce has reinvented the way companies manage customer information, close deals, and ultimately drive revenue, so it should come as no surprise that it’s one of the more valuable skills you can list on your resume today. In fact, according to research from Burning Glass, this platform is now the 7th most in-demand software skill, beating out […]