July 3, 2024 at 09:57AM
Censys reports over 380,000 internet-exposed hosts with JavaScript scripts referencing the suspended polyfill.io domain. Following its suspension for malicious activities, over 100,000 websites were affected, prompting industry responses. Censys now identifies 384,773 hosts still referencing the domain. Further concerns arise about other potentially compromised domains controlled by the same threat actor.
Based on the meeting notes, here are the key takeaways:
1. The polyfill.io domain, which was recently suspended due to malicious activity, had scripts present on over 380,000 internet-exposed hosts, impacting a wide range of websites including those tied to major platforms and government websites.
2. The incident is part of a broader malicious campaign that started in June 2023 and involves four other domains likely controlled by the same threat actor.
3. While more websites are now using alternative secure polyfill endpoints, there are concerns that the same threat actor responsible for the polyfill.io attack might exploit other domains for similar activities in the future.
4. This incident highlights the importance of supply chain security and the need for vigilance against potential threats from third-party dependencies.
These takeaways summarize the key points from the meeting notes and can be used for further action or communication within the organization.