"Exploring the Aftermath of Polyfill.io's Chain Hack and Its Consequences"
In a recent security alert, cybersecurity company Qualys has recommended immediate action for organisations using scripts from cdn.polyfill.io. It appears that the Chinese company Funnull, now the owner of the polyfill.js library, has modified the library to insert malicious code into websites that embed scripts from cdn.polyfill.io.
This revelation comes with serious consequences. Known outcomes of this supply chain attack include user redirection to scam sites, data theft, and potential code execution. Impacted domains, apart from cdn.polyfill.io, include bootcdn.net, bootcss.com, staticfile.net, staticfile.org, unionadjs.com, xhsbpza.com, union.macoms.la, and newcrbpc.com.
Qualys advises launching CSAM, VM, WAS, and Web Malware scans to detect and remove the usage of scripts from polyfill.io and the affected domains. The company provides a comprehensive solution to detect security issues in organisations, including the detection of polyfill.io vulnerabilities. They have also released multiple detections to detect the usage of malicious domains and sites that have been compromised.
Modern browsers do not require Polyfill, and the original author, Andrew Betts, recommends not using Polyfill at all. Recommended alternatives to polyfill.io are CDNs such as Cloudflare and Fastly. It is therefore suggested that websites should remove any references to polyfill.io.
However, there is no information available in the search results about which company bought the domain cdn.polyfill.io and the GitHub account of polyfill.js in February 2024. This lack of transparency raises further concerns about the security risks associated with the use of polyfill.io.
In light of these findings, it is crucial for organisations to take immediate action to protect their users and data. By staying informed and taking proactive steps, we can help mitigate the risks posed by these types of cyber threats.
Read also:
- Packaging design of Comfort brand gets an update with a flexible, adaptable system.
- Expanding Bio-based Polypropylene Market to Showcase a Compound Annual Growth Rate (CAGR) of 26.5% till 2034
- victory for Central Java communities in landmark lawsuit against textile conglomerate over pollution issues
- Funding withdrawn from Eramet by Norway due to their mine jeopardizing Indonesian forests and a native tribe's land rights.
