Rafia Shaikh reports: Cybercriminals are targeting Magento sites running Mirasvit Helpdesk – a popular helpdesk extension. The extension enables site owners to add a “Chat with us” widget on their Magento shops. Mirasvit was vulnerable to security flaws that affect every version of the extension up until version 1.5.2. Security firm WebShield had first published details about these security…
Category: Business Sector
Police say car lot took out loans on unsuspecting customers
Chris Hayes reports: ST. LOUIS COUNTY, Mo. – You could be a victim and not even know it. Police believe there may be other victims of Autoway Car Sales on St. Charles Rock Road. This morning, Pagedale police officers weaved through the car lot looking for connections between vehicles and other potential victims. Owner Anas…
H&R Block employee gave drug dealer access to client information, charges state
Phoebe Tollefson reports: An H&R Block employee let a man who sold him pot “help himself” to filing cabinets containing customer information earlier this year in order to settle a debt, prosecutors allege. James Maurice Palmer, 27, faces charges of forgery and identity theft, both felonies, stemming from the incident in April. Read more on…
A tale of three leaks, Wednesday edition
On December 6, DataBreaches.net was contacted by researchers who requested help notifying two entities that they were exposing health information due to misconfigured AWS S3 buckets. They would turn out to be a delight to deal with, unlike a third entity that was also leaking information from a misconfigured S3 bucket. So let’s start with…
Abandoned documents at raided cockfighting ring allegedly owned by PM’s in-law
Oops? The Phnom Penh Post reports: Kandal, Cambodia – Abandoned documents, found by Phnom Penh Post reporters at a raided cockfighting ring allegedly owned by Cambodian Prime Minister Hun Sen’s in-law, suggest a network of local payoffs across Kandal province. A trove of documents left behind by law enforcement officials at a recently shuttered cockfighting…
Data breach at Ancestry
Judy G. Russell reports: The folks at Ancestry have taken a proactive security step of closing part of the RootsWeb service today after being notified of a security breach affecting one part of the RootsWeb service. The security issue came from a part of RootsWeb that was closed some months ago. It turns out that,…