HYAS Protects Against Polyfill.io Supply Chain Attack with DNS Safeguards | allinfosecnews.com

June 28, 2024, 6:15 p.m. | David Brunsdon

Security Boulevard securityboulevard.com

Weekly Threat Intelligence Report

Date: June 28, 2024

Prepared by: David Brunsdon, Threat Intelligence - Security Engineer, HYAS

Recently a Chinese company named Funnull purchased the domain (polyfill.io) and github of an open source javascript library used in over 100,000 websites.

https://sansec.io/research/polyfill-supply-chain-attack

Polyfill allows website creators to maintain support for a variety of older browser types, however its operation has changed to include redirecting mobile devices to sports betting using a fake google analytics domain (www.googie-anaiytics.com).

For …

attack blog chinese creators date dns domain engineer featured github hyas intelligence javascript june library open source polyfill report safeguards security security engineer supply supply chain supply chain attack support threat threat intelligence website websites weekly

More from securityboulevard.com / Security Boulevard

Remote Rigor: Safeguarding Data in the Age of Digital Nomads 2 hours ago | securityboulevard.com

access age cloud security coffee +31

USENIX Security ’23 – Beyond The Gates: An Empirical Analysis of HTTP-Managed Password Stealers and … 19 hours ago | securityboulevard.com

access analysis authors beyond +18

Montgomery County, Md.’s Chatbot Shows GenAI in Action 1 day ago | securityboulevard.com

action best practices chatbot cyber +11

Staying Ahead of Adversarial AI with Incident Response Automation 1 day, 10 hours ago | securityboulevard.com

advancements adversarial adversarial ai artificial +21

USENIX Security ’23 – A Plot is Worth a Thousand Words: Model Information Stealing Attacks … 1 day, 19 hours ago | securityboulevard.com

access attacks authors conference +16

What Are the Cybersecurity Threats When Allowing Third-Party Cookies on Mac? 2 days ago | securityboulevard.com

blog browsing can cookies +13

Generative AI vs. Predictive AI: A Cybersecurity Perspective 2 days, 1 hour ago | securityboulevard.com

ai and machine learning in security ai and ml in security benefits cybersecurity +14

SBOM Attestation by 3PAOs: Everything You Need to Know 2 days, 12 hours ago | securityboulevard.com

assessment attestation build can +18

DAST Vs. Penetration Testing: Comprehensive Guide to Application Security Testing 2 days, 12 hours ago | securityboulevard.com

aim application applications application security +19

Senior Streaming Platform Engineer

@ Armis Security | Tel Aviv-Yafo, Tel Aviv District, Israel

View on infosec-jobs.com

Senior Streaming Platform Engineer

@ Armis Security | Tel Aviv-Yafo, Tel Aviv District, Israel

View on infosec-jobs.com

Deputy Chief Information Officer of Operations (Senior Public Service Administrator, Opt. 3)

@ State of Illinois | Springfield, IL, US, 62701-1222

View on infosec-jobs.com

Deputy Chief Information Officer of Operations (Senior Public Service Administrator, Opt. 3)

@ State of Illinois | Springfield, IL, US, 62701-1222

View on infosec-jobs.com

Analyst, Security

@ DailyPay | New York City

View on infosec-jobs.com

Analyst, Security

@ DailyPay | New York City

View on infosec-jobs.com