OVHcloud says it mitigated the largest ever DDoS attack leveraging packet rate, which peaked at 840 Mpps.
The post OVHcloud Sees Record 840 Mpps DDoS Attack appeared first on SecurityWeek.
SecurityWeek – Read More
Block popups, banners and video ads while also protecting yourself from activity trackers, phishing attempts, fraudulent websites and other types of malware with AdGuard.
Security | TechRepublic – Read More
Noteworthy stories that might have slipped under the radar: Microsoft details Rockwell HMI vulnerabilities, smart grills hacked, Predator spyware activity drops.
The post In Other News: Microsoft Details ICS Flaws, Smart Grill Hacking, Predator Spyware Activity appeared first on SecurityWeek.
SecurityWeek – Read More
The malware known as GootLoader continues to be in active use by threat actors looking to deliver additional payloads to compromised hosts.
“Updates to the GootLoader payload have resulted in several versions of GootLoader, with GootLoader 3 currently in active use,” cybersecurity firm Cybereason said in an analysis published last week.
“While some of the particulars of GootLoader payloads have
The Hacker News – Read More
Alabama’s education superintendent said some data was breached during a hacking attempt at the State Department of Education.
The post Some Data Is ‘Breached’ During a Hacking Attack on the Alabama Education Department appeared first on SecurityWeek.
SecurityWeek – Read More
A malicious QR code reader app on Google Play has been found distributing the Anatsa banking malware, posing a significant threat to users’ financial data. The app has already been downloaded thousands of times.
Cyware News – Latest Cyber News – Read More
The Turla malware has been found using weaponized LNK files to infect computers. The malware leverages a compromised website to distribute malicious packages through phishing emails.
Cyware News – Latest Cyber News – Read More
If your website uses the script from Polyfill.io, we recommend removing it ASAP: the service is sending malicious code to your visitors. This article explains what Polyfill.io is for, why it’s become dangerous to use, and what you should do about it if you do use it.
A polyfill is a piece of code that implements features otherwise unsupported by certain browser versions. This is typically JavaScript code that adds support for HTML5, CSS3, JavaScript API and other standards and technologies that spare web developers the headache of supporting exotic or outdated browsers. Polyfills saw their heyday in the 2010s as HTML5 and CSS3 gradually took over the Web.
Polyfill.io is a service that helps automatically deliver polyfills that a browser requires for displaying a particular website.
The service gained popularity both for its efficiency (only the polyfills you need are loaded) and for its regular updates to the technologies and standards used. Straightforward implementation was a factor as well: all the developer needed to start using Polyfill.io was to add a short string to the website code in order to enable the service’s script.
Polyfill.io was originally created by the Financial Times web development team. In February 2024, the service, along with the associated domain and GitHub account, was sold to the Chinese CDN provider Funnull. It wasn’t six months before trouble began.
On June 25, 2024, researchers at Sansec discovered that cdn.polyfill.io had begun to deliver malicious code to users of websites that used Polyfill.io. The code used a typosquatted domain pretending to be Google Analytics — [code] www.googie-anaiytics.com[/code] — to redirect users to a Vietnamese sports betting site.
The malicious code redirected the users of compromised sites to a sports betting site written in Vietnamese
According to the researchers, this wasn’t the first time that Polyfill.io had been caught spreading malicious code. Those who had noticed the dangerous behavior earlier tried complaining (archived link) in GitHub comments, but the new owners of Polyfill.io quickly removed all the criticisms (here’s another example from the Internet Archive).
The potentially harmful script is allegedly present on more than 100,000 websites — some of them rather big ones.
In case visitors getting a malicious script doesn’t sound too worrying, Google Ads is giving website operators a further valid reason to hurry up and get the problem fixed.
Google’s advertising service has suspended the display of ads linking to websites that spread malicious scripts from several services. Besides Polyfill.io, the list includes Bootcss.com, Bootcdn.net and Staticfile.org.
A Google Ads suspension warning due to the website using a malicious script downloaded from Polyfill.io, Bootcss.com, Bootcdn.net or Staticfile.org. Source
You’d be wise to stop using the aforementioned services on your website, or else you risk losing traffic due to users being led away by the malicious scripts and because of Google Ads no longer promoting you.
Here are a few steps to take about the attack:
Remove the Polyfill.io script from your website as soon as you can — along with ones from Bootcss.com, Bootcdn.net and Staticfile.org.
Consider dropping polyfills altogether. The Polyfill.io developer, which recommends doing just that, says that polyfills are no longer relevant.
The Polyfill.io developer recommends removing Polyfill.io and dropping polyfills altogether as these are no longer relevant. Source
If you can’t follow that advice for some reason, use the alternatives by Cloudflare or Fastly.
All in all, try cutting down on the number of external scripts your website uses. Each of those is a potential vulnerability.
Kaspersky official blog – Read More
Cybersecurity researchers have uncovered a new botnet called Zergeca that’s capable of conducting distributed denial-of-service (DDoS) attacks.
Written in Golang, the botnet is so named for its reference to a string named “ootheca” present in the command-and-control (C2) servers (“ootheca[.]pw” and “ootheca[.]top”).
“Functionally, Zergeca is not just a typical DDoS botnet; besides supporting six
The Hacker News – Read More
The supply chain attack targeting widely-used Polyfill[.]io JavaScript library is wider in scope than previously thought, with new findings from Censys showing that over 380,000 hosts are embedding a polyfill script linking to the malicious domain as of July 2, 2024.
This includes references to “https://cdn.polyfill[.]io” or “https://cdn.polyfill[.]com” in their HTTP responses, the attack
The Hacker News – Read More
