Ars Technica: The wave of domain hijackings besetting the Internet is worse than we thought. “The wave of domain hijacking attacks besetting the Internet over the past few months is worse than previously thought, according to a new report that says state-sponsored actors have continued to brazenly target key infrastructure despite growing awareness of the operation.”
BetaNews: Micropatch now available for Internet Explorer security hole. “Through its 0patch platform, ACROS Security is making the micropatch available to Windows users who are concerned about the security of Internet Explorer. While there are likely to be concerns voiced about installing a security patch from a third party, there are two things to consider here.”
BBC: Facebook copied email contacts of 1.5 million users. “Facebook ‘unintentionally’ uploaded the email contacts of more than 1.5 million users without asking permission to do so, the social network has admitted. The data harvesting happened via a system used to verify the identity of new members, Facebook asked new users to supply the password for their email account, and took a copy of their contacts.”
The Register: Just a little FYI: Filtering doodad in Adblock Plus opens door to third-party malware injection . “A feature introduced last year in Adblock Plus and a few other related content blocking browser extensions allows providers of filtering lists, under certain conditions, to execute arbitrary code on web pages.” Sure glad I use uBlock Origin instead of uBlock…
Boing Boing: Your kid’s “smart watch” lets anyone in the world trace their location. Again.. Warning: there is some swearing in the article and I bet after you read it you’ll want to swear too. “Tictoctrack is a rebadged Gator watch — the ones that had to fix a glaring API flaw that Pen Test Partners published on in January — but because it has its own back-end, one that keeps all kid-data onshore in Australia, it has its own grotesque security defects.”
Krebs on Security: Experts: Breach at IT Outsourcing Giant Wipro. “Wipro says it has more than 170,000 employees helping clients across six continents with Fortune 500 customers in healthcare, banking, communications and other industries. In March 2018, Wipro said it passed the $8 billion mark in annual IT services revenue.” As of this writing this article has been updated once; Wipro has admitted to the breach but there aren’t many more details available.
ZDNet: NoScript extension officially released for Google Chrome. “Starting today, the NoScript Firefox extension, a popular tool for privacy-focused users, is also available for Google Chrome, Giorgio Maone, NoScript’s author, has told ZDNet.”