all InfoSec news
HYAS Protects Against Polyfill.io Supply Chain Attack with DNS Safeguards
Security Boulevard securityboulevard.com
Weekly Threat Intelligence Report
Date: June 28, 2024
Prepared by: David Brunsdon, Threat Intelligence - Security Engineer, HYAS
Recently a Chinese company named Funnull purchased the domain (polyfill.io) and github of an open source javascript library used in over 100,000 websites.
https://sansec.io/research/polyfill-supply-chain-attack
Polyfill allows website creators to maintain support for a variety of older browser types, however its operation has changed to include redirecting mobile devices to sports betting using a fake google analytics domain (www.googie-anaiytics.com).
For …
attack blog chinese creators date dns domain engineer featured github hyas intelligence javascript june library open source polyfill report safeguards security security engineer supply supply chain supply chain attack support threat threat intelligence website websites weekly