 Polyfill.io JavaScript supply chain attack impacts over 100K sites |
  |
| Christian J |
 Jun 29 2024, 04:25 AM
Post
#1
|
|
.  Group: WDG Moderators Posts: 9,730 Joined: 10-August 06 Member No.: 7  |
https://www.bleepingcomputer.com/news/secur...ver-100k-sites/
Today, cybersecurity company Sansec warned that the polyfill.io domain and service was purchased earlier this year by a Chinese company named 'Funnull' and the script has been modified to introduce malicious code on websites in a supply chain attack. |
  |
 
|
| pandy |
Jun 29 2024, 06:16 PM
Post
#2
|
|
🌟Computer says no🌟 Group: WDG Moderators Posts: 20,759 Joined: 9-August 06 Member No.: 6 |
And cdn.polyfill.io is yet another library, one assumes?
Hmm. That must be a risk with just about any library that lives on or connects to a remote server. mustn't it? In the wrong hands it can get a whole lot of new "features" all of a sudden... |
|
|
|
| Christian J |
Jun 30 2024, 03:28 PM
Post
#3
|
|
. Group: WDG Moderators Posts: 9,730 Joined: 10-August 06 Member No.: 7 |
Exactly! Same goes for browser extensions and mobile apps, BTW.
 |
|
|
|
| pandy |
Jun 30 2024, 07:15 PM
Post
#4
|
|
🌟Computer says no🌟 Group: WDG Moderators Posts: 20,759 Joined: 9-August 06 Member No.: 6 |
Yeah, apps are a little scary since one usually know nothing about the people behind the app. And they almost always needs access to a lot of things on the phone.
The same can probably be true for computer programs if they interact with a server in some way. BTW my beloved little FW thingie TinyWall is good for that too. No program that I haven't explicitly allowed can call home. |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
|
Lo-Fi Version | Time is now: 19th October 2024 - 02:01 PM |
Invision Power Board
© 2024 IPS, Inc.
Licensed to: HTMLHelp.com, LLC