Monday , December 9 2024
coding

Polyfill supply chain attack hits 100K+ web sites

Over 100,000 websites were compromised in a recent supply chain attack. The attack injected malware into the popular Polyfill JS project. It was discovered by the Sansec Forensics Team and shows the increased risks of using open-source software.

The Polyfill JS library, which helps older web browsers, has been targeted in a supply chain attack. A Chinese company took control of the Polyfill domain and GitHub account in February 2024. After the acquisition, the domain, cdn.polyfill.io, was used to distribute malware to websites using the library. Notable users of Polyfill are JSTOR, Intuit, and the World Economic Forum.

Google’s released “Vanir” Open Sources Security Patch Validation Tool

Google has announced Vanir, an open-source tool for detecting and fixing security vulnerabilities, publicly available for developers. Vanir is a...
Read More
Google’s released “Vanir” Open Sources Security Patch Validation Tool

Hacker Claim 1tb, Deloitte denies, What Inside!

The spokesperson from Deloitte told two international media that, “No Deloitte systems have been impacted,”. The allegations relate to a...
Read More
Hacker Claim 1tb, Deloitte denies, What Inside!

New Windows zero-day: Exposes credentials, Gets unofficial patch

A newly found zero-day vulnerability lets attackers steal NTLM credentials by manipulating targets into opening a malicious file in Windows...
Read More
New Windows zero-day: Exposes credentials, Gets unofficial patch

Daily Security Update Dated: 07.12.2024

Every day a lot of cyberattack happen around the world including ransomware, Malware attack, data breaches, website defacement and so...
Read More
Daily Security Update Dated: 07.12.2024

Patch urgently: Hundred of CISCO switches impacted

A bootloader vulnerability in Cisco NX-OS affects over 100 switches, enabling attackers to bypass image signature checks. Cisco issued security...
Read More
Patch urgently: Hundred of CISCO switches impacted

Multiple ICS Advisories Released by CISA

On December 5, 2024, CISA issued two advisories regarding Industrial Control Systems (ICS). These advisories highlight current security issues, vulnerabilities,...
Read More
Multiple ICS Advisories Released by CISA

New DroidBot malware to attack 77 banks and CES globally

DroidBot is a sophisticated Android Remote Access Trojan (RAT) that merges traditional hidden VNC and overlay functions with spyware-like features....
Read More
New DroidBot malware to attack 77 banks and CES globally

Deloitte faces alleged cyber incident, claimed over 1tb stolen

Brain Cipher, a ransomware group that emerged in June 2024, claims to have stolen 1TB of data from Deloitte UK,...
Read More
Deloitte faces alleged cyber incident, claimed over 1tb stolen

Singapore embraces AI data centres with smarter cooling systems

AI and GPU operations are crucial for modern data centers, but they generate significant energy consumption and heat. A new...
Read More
Singapore embraces AI data centres with smarter cooling systems

Daily Security Update Dated: 04.12.2024

Every day a lot of cyberattack happen around the world including ransomware, Malware attack, data breaches, website defacement and so...
Read More
Daily Security Update Dated: 04.12.2024

Sansec found that the harmful code is specifically aimed at mobile users. It creates different versions of itself based on the HTTP headers. One version redirects users to a fake Google Analytics website, which then sends them to a sports betting site. The malware has advanced features to avoid being detected, like activating only on certain types of mobile devices at specific times, and deactivating when administrative users or web analytics services are present.

Polyfill JS malware:

Sansec’s forensics team decoded a sample of malware and found out how it works and who it targets. The malware has features that protect it from being analyzed and it also delays its execution to avoid being detected by web analytics services. This makes it difficult to track down where the infection originated from.

Impact and recommendations:

The original author of Polyfill has suggested not using it anymore since modern browsers no longer need it. However, for those still needing its functionality, there are trusted alternatives from Fastly and Cloudflare.

It’s important to monitor the dependencies in your software supply chain. Sansec offers a free monitoring service called Sansec Watch for Content Security Policy (CSP) to see the code users are loading. Also, their eComscan backend scanner now detects compromised Polyfill library instances.

Indicators of Compromise (IoCs)

Redirect URL: https://kuurza.com/redirect?from=bitget
Fake Google Analytics: https://www.googie-anaiytics.com/ga.js

This Polyfill JS attack shows that open-source dependencies can have vulnerabilities. Developers should carefully review and monitor their software supply chains. They should replace outdated libraries with trusted alternatives and use security tools to detect and prevent such threats.

Check Also

Rockstar 2FA

“Rockstar 2FA” Targets Microsoft 365 Users with AiTM Attacks

Cybersecurity researchers are alerting users about phishing email campaigns using a toolkit called “Rockstar 2FA” …

Leave a Reply

Your email address will not be published. Required fields are marked *