Quote: (09-16-2017 02:56 PM)Stallion Wrote:
Thanks for all that responded, now it makes more sense.
It does work completely different in Europe.
Quote: (09-16-2017 09:39 AM)Stallion Wrote:
This is my European ignorance speaking here, but I still don't get how a private company has so much private information about people?
Did you give it to them willingly, did they gather it on their own... how does this work?
I don't see the need for anyone except myself to know this stuff. Not even my own bank knows so much about me.
Why would I trust a bunch of people I don't know with this sensitive information? Is it mandatory for an American citizen?
Honest questions, I just don't get it.
![[Image: DL89Ao_X4AEhM-n.jpg:large]](https://pbs.twimg.com/media/DL89Ao_X4AEhM-n.jpg:large)
Quote:Quote:
As if suffering one of the worst hacks in history wasn't enough, Equifax has been attacked yet again.
Randy Abrams, an independent cybersecurity analyst, said Thursday that the company's website was serving up malicious software to visitors, spewing what's known as adware.
Abrams recently found that the Equifax website directed him to download what looked like a harmless Flash update but was actually a malicious piece of software known as Adware.Eorezo. Here's what adware does: It loads itself onto your computer and shows you unwanted ads when you're online.
To serve up the adware to visitors, the hackers appear to have redirected Abrams (and other visitors who corroborated his experience) from Equifax's site to shady web pages that host the malicious software. Visitors would have to click on the download for the adware to infect their computers.
Abrams doesn't think Equifax's website itself was hacked. Rather, it was swept up in a much larger hacking campaign. "Equifax would be a shotgun victim," he said. Jerome Segura, a researcher at security firm Malwarebytes who specializes in malvertising, said the same kind of attack happens every day on the internet, often on major websites. In fact, his analysis of the attack that targeted visitors to the Equifax website found that the TransUnion website was affected, too.
An Equifax representative said in a statement that the problem was coming from a third-party company that analyzes data on the Equifax website. "That vendor's code running on an Equifax website was serving malicious content," the representative said. "Since we learned of the issue, the vendor's code was removed from the webpage and we have taken the webpage offline to conduct further analysis."
TransUnion didn't immediately respond to a request for comment.
The fact that Equifax itself wasn't hacked again is good news for a company that earlier this year got hit by a massive data breach, which compromised the Social Security numbers and other personal information of about 145.5 million Americans. Instead, its website was caught up in a common and stealthy hacking technique called "malvertising."
With malvertising, hackers take advantage of weaknesses in the world of online advertising. Legitimate, trusted websites serve up ads to visitors all the time. But they get those ads from brokers, who themselves get the ads from other parties. It's a complex web that makes it difficult to stop bad actors from posing as legitimate advertisers.
Instead of ads, malvertisers trick websites into serving up prompts to download malicious software. It can look like a normal alert from your computer to update your Flash software (itself a common source of vulnerabilities in your computer, which Adobe is retiring in 2020) or other routine computer update.
"Typically it's not the host website that's to blame," Abrams said. "It's going to be a third party that's pushing ads."
Abrams said he hopes the public focus on Equifax will teach more people about the dangers of malvertising. "On any small or large website in the world, this is what it looks like in progress," Abrams said. "Stop when you see this."
