Polyfill.io JavaScript supply chain attack impacts over 100K sites |
Polyfill.io JavaScript supply chain attack impacts over 100K sites |
Christian J |
Jun 29 2024, 04:25 AM
Post
#1
|
. Group: WDG Moderators Posts: 9,722 Joined: 10-August 06 Member No.: 7 |
https://www.bleepingcomputer.com/news/secur...ver-100k-sites/
Today, cybersecurity company Sansec warned that the polyfill.io domain and service was purchased earlier this year by a Chinese company named 'Funnull' and the script has been modified to introduce malicious code on websites in a supply chain attack. |
pandy |
Jun 29 2024, 06:16 PM
Post
#2
|
🌟Computer says no🌟 Group: WDG Moderators Posts: 20,756 Joined: 9-August 06 Member No.: 6 |
And cdn.polyfill.io is yet another library, one assumes?
Hmm. That must be a risk with just about any library that lives on or connects to a remote server. mustn't it? In the wrong hands it can get a whole lot of new "features" all of a sudden... |
Christian J |
Jun 30 2024, 03:28 PM
Post
#3
|
. Group: WDG Moderators Posts: 9,722 Joined: 10-August 06 Member No.: 7 |
Exactly! Same goes for browser extensions and mobile apps, BTW.
|
pandy |
Jun 30 2024, 07:15 PM
Post
#4
|
🌟Computer says no🌟 Group: WDG Moderators Posts: 20,756 Joined: 9-August 06 Member No.: 6 |
Yeah, apps are a little scary since one usually know nothing about the people behind the app. And they almost always needs access to a lot of things on the phone.
The same can probably be true for computer programs if they interact with a server in some way. BTW my beloved little FW thingie TinyWall is good for that too. No program that I haven't explicitly allowed can call home. |
Lo-Fi Version | Time is now: 7th October 2024 - 12:01 AM |