Limited time offer

0

Days

12

Hrs

3

Min

57

Sec

Categories

Search blog

Subscribe to RSS

0 Shares

News Update on Equifax hack – 44 million British customers affected

The latest on the monster Equifax data breach and how to protect yourself, AT&T Arris routers vulnerable to attack and 711 million email details discovered in largest ever spambot.
 

Equifax hack – 44 million British customers affected

Late last week news broke that Equifax a major credit reporting agency had 143 million consumer records stolen.
At the time it was widely believed that these records were largely confined to US consumers but it has since emerged that the personal data of up to 44 million UK citizens has been stolen.
If you’re wondering whether your data may have gone AWOL too it’s probably a good bet to assume that it has.
Alongside Experian, Equifax is THE de facto repository for credit history of UK consumers. You may not be aware that it holds information on you but you shouldn’t bet against it.
Many UK companies including BT, Capital One and British Gas use Equifax as a default service to establish customer credentials and payment histories.
The UK’s information commissioner is investigating how the almighty cock up breach is affecting UK customers.
We’ll keep you posted as more details emerge.

We didn’t know anything… honest

The massive hack is believed to have happened between May and July of this year.
Equifax claimed to have discovered it on the 29 July but didn’t actually let on until late last week.
When news of the mega-hack emerged Equifax’s share price unsurprisingly plunged.
In a bizarre coincidence (?) three senior executives at Equifax sold shares worth a combined £1.3 million a few days after hack was discovered.
The company said the three executives “had no knowledge that an intrusion had occurred at the time they sold their shares”.
Mmmm.

Early investigations reveal…

According to reports Equifax appears to have been targeted initially because:
  • The company has millions of active credit cards on file belonging to people who pay Equifax to monitor their credit reports and alert them to potential fraud. It is thought this data was immediately sought by the hackers.
  • Active credit card numbers can fetch higher prices on the dark web than more personal data because they can be used immediately by fraudsters
  • The web application the attackers used to breach Equifax’s network granted access to both the credit card files and back-end systems storing consumer data profiles
  • However, some of the hackers’ behaviour suggests they were also looking for financial and personal information on individuals, which is more commonly associated with higher-level forms of identity theft

BullGuard protects your computer from hackers and malware

TRY NOW FOR FREE - 90 DAYS
 

What can you do to protect yourself?

Be proactive if you think your data might be a target, for instance, if you pay Equifax to monitor your credit reports or if you consider yourself a ‘high net worth’ individual.
  • Call the fraud department at your bank or credit card company
  • Look at credit card and bank statements frequently
In a sense you need to raise a red flag with your bank so they are also aware that there is potential for fraud on your account/s.
  • Banks and financial services companies have powerful behavioural analysis software running behind the scenes.
  • As such they can track and detect unusual activity on your credit card or bank account/s.
Also check BullGuard Premium Protection. It’s been developed for instances like these and immediately alerts you when some tries to use your personal data.

Security flaws in Arris AT&T routers

Routers sold or given away by AT&T, and branded Arris have a number of security vulnerabilities, some of them very serious.
Estimates as to the number of routers affected ranges from thousands to 138,000.  The flaws enable attackers to:
  • Gain remote access to an affected device, giving full control over the router.
  • View and change the Wi-Fi router name and password, and alter the network's setup, such as rerouting internet traffic to a malicious server.
  • Control a module that's dedicated to injecting advertisements into unencrypted web traffic, a common ploy used by internet providers and web companies. As such a hacker could inject malware into web traffic
The flaws were uncovered by a security researcher however it doesn’t mean they have been exploited by attackers.
Arris said it was verifying the finding and it will take any required action to protect subscribers who use its routers.
If you have an Arris branded router keep an eye on the company’s support web page: https://www.arris.com/support/

711 million emails found in ‘largest’ spambot

Another security researcher has discovered a huge spambot that has ensnared 711 million email accounts.
The spambot, called ‘Onliner’ is used to deliver the banking malware known as Ursnif.
This is a data-stealing trojan used to grab personal information such as banking login details, passwords, and credit card data.
  • The spambot is sending out ‘fingerprinting’ spam emails that identify operating systems vulnerable to Ursnif.
  • When these are identified it sends out a second batch of a few thousand targeted emails that are loaded with malware.
  • These emails often come days or even weeks after the initial spam mails and typically masquerade as invoices from delivery services, hotels, or insurance companies.
  • They carry a malicious JavaScript file which contains the banking malware.
The email addresses are now on the Have I Been Pwned website.
This website can be used to discover whether your email address has been discovered in a data breach.
If any of your email addresses appear on this website as being ‘pwned’ be sure to change your password to minimum 10 characters with a combination of upper and lower case letters, symbols and numbers.
Filed under: Security News

Written by Steve Bell

Steve has a background in IT and business journalism and has written extensively for both the UK national and trade press including The Guardian, Independent-on-Sunday, The Times, The Register, MicroScope and Computer Weekly. He's also worked for most of the world's largest IT companies producing content producing. He has a particular focus on IT security and has produced several magazines in this area.

More articles by Steve Bell

Leave a Reply

 

 

 

Please enter the code

Please enter the captcha code!

Security code

Ranked #1 by industry experts

BullGuard Internet Security Cup

BullGuard
Internet Security

Free download
We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.