1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Polyfill code breach much bigger than previously thought, with ne

    From TechnologyDaily@1337:1/100 to All on Fri Jul 5 11:15:05 2024
    Polyfill code breach much bigger than previously thought, with nearly 400,000customers affected

    Date:
    Fri, 05 Jul 2024 11:02:00 +0000

    Description:
    Polyfill threat seems to be much bigger than initially thought as researchers find nearly 400,000 websites possibly affected.

    FULL STORY ======================================================================

    The Polyfill supply chain attack is possibly around three times bigger than previously thought, experts have warned.

    Rather than the 100,000 sites previously thought to be hit, new findings
    from the Censys Research Team claims a week after Polyfill was observed serving malware , 384,773 sites are still linking to the service.

    Since the domain was suspended, the supply-chain attack has been halted,
    Aidan Holland, a member of the Censys Research Team, wrote in an email. However, if the domain was to be un-suspended or transferred, it could resume its malicious behavior. My hope is that NameCheap properly locked down the domain and would prevent this from occurring. More than a million victims

    Here is a little background: polyfill is a piece of JavaScript code that allows older browsers to run newer functions, which they dont natively support. The polyfill[.]io website was a popular service provider for this solution, which seems to have been used by at least 380,000 different websites.

    In February 2024, the site and the accompanying GitHub account were sold to a Chinese company called Funnul. A few months later, in late June,
    cybersecurity researchers from Sansec reported that the domain started redirecting visitors to adult and gambling websites, and was obviously doing it with malice, since the redirections were only performed at certain times
    of day, and to visitors that ticked all the right boxes. Funnul did not reply to anyones request for comment.

    When Sansec sounded the alarm, Cloudflare and Fastly set up their own
    versions of the Polyfill.io service, giving users a trusted alternative. "No website today requires any of the polyfills in the http://polyfill.io library," tweeted the original Polyfills service project developer. "Most features added to the web platform are quickly adopted by all major browsers, with some exceptions that generally can't be polyfilled anyway, like Web Serial and Web Bluetooth."

    Google also chimed in, notifying affected advertisers about their landing pages now possibly redirecting visitors away from their intended destination, and towards possibly malicious websites.

    That being said, having hundreds of thousands of websites still linking to
    the malicious service is a major red flag. To make matters worse, among them seem to be a couple of high-profile players, such as Hulu; Mercedes-Benz, Warner Bros., and even a couple of websites belonging to the US government, ArsTechnica reported.

    And thats not all. Funnul owns a number of other domains that perform malicious activity, similar to that on polyfill, and when combined, more than 1.6 million sites were linking to them.

    Via ArsTechnica More from TechRadar Pro Hundreds of Cobalt Strike linked servers taken down in major police operation Here's a list of the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/polyfill-code-breach-much-bigger-than-p reviously-thought-affects-hundreds-of-thousands-of-customers


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)