Security News

Hackers have injected malware in multiple extensions from FishPig, a vendor of Magento-WordPress integrations that count over 200,000 downloads. The intruders took control of FishPig's server infrastructure and added malicious code to the vendor's software to gain access to websites using the products, in what is described as a supply-chain attack.

U.S. moving and storage rental company U-Haul has suffered a data breach due to an unauthorized person having accessed an unspecified number of rental contracts, U-Haul's parent company Amerco has revealed in a last week.It is not known have many customers have been affected, but apparently their payment card information is safe - the person had access "Only" to customers' name, driver's license or state identification number.

Moving and storage giant U-Haul International disclosed a data breach after a customer contract search tool was hacked to access customers' names and driver's license information. As the company revealed notification letters sent to impacted individuals on Friday, it discovered on August 1, following an incident investigation, attackers accessed some customers' rental contracts between November 5, 2021, and April 5, 2022.

Impact of Samsung's most recent data breach unknown. Samsung announced on Sept. 2, 2022 its second data breach of 2022.

DUCK. I'm doing very, very well, thank you, Douglas! A messy thing that is bugging people is the question of this TikTok thing.

The denial follows alleged reports of a hack that surfaced on the Breach Forums message board on September 3, with the threat actor noting that the server holds 2.05 billion records in a humongous 790GB database. "Who would have thought that TikTok would decide to store all their internal backend source code on one Alibaba Cloud instance using a trashy password?," the hacking group known as BlueHornet tweeted over the weekend.

TikTok denies recent claims it was breached, and source code and user data were stolen, telling BleepingComputer that data posted to a hacking forum is "Completely unrelated" to the company. The user shared screenshots of an alleged database belonging to the companies, which they say was accessed on an Alibaba cloud instance containing data for both TikTok and WeChat users.

South Korean chaebol Samsung on Friday said it experienced a cybersecurity incident that resulted in the unauthorized access of some customer information, the second time this year it has reported such a breach. "In late July 2022, an unauthorized third-party acquired information from some of Samsung's U.S. systems," the company disclosed in a notice.

Electronics giant Samsung has confirmed a new data breach today after some of its U.S. systems were hacked to steal customer data. Samsung later discovered on August 4 that customer personal information was accessed and exfiltrated out of its network.

EdFinancial and the Oklahoma Student Loan Authority are notifying over 2.5 million loanees that their personal data was exposed in a data breach. The target of the breach was Nelnet Servicing, the Lincoln, Neb.-based servicing system and web portal provider for OSLA and EdFinancial, according to a breach disclosure letter.