The Sansec.io research team warned today that a script from the polyfill.io domain and service, which was purchased earlier this year by a Chinese company named ‘Funnull’, has been modified to introduce malicious code on websites in a supply chain attack. Currently over 100,000 sites could be impacted.

What are your most important corporate assets? Like most companies, you probably have mission-critical assets and those that play a smaller role in your revenue and continuity. You are also likely to be using Vulnerability Management or Assessment tools to lock down where those assets can potentially be compromised. Vulnerability Prioritization combines asset importance and potential for risk.

SolarWinds has recently addressed a critical security flaw, designated as CVE-2024-28995, in its Serv-U Managed File Transfer and Secure FTP software. This vulnerability, discovered by Hussein Daher, involves a directory traversal flaw that allows unauthenticated attackers to access sensitive files on the host system.

The digital supply chain refers to the chain of third-party digital tools, services and infrastructure that a company depends on for a particular first-party service (such as their website or SaaS platform). In an ever-changing digital landscape, supply chains can be brittle with many unseen risks. The nature of supply chain risk is transitive; any part of the often long and complicated digital supply chain can be compromised, causing all components downstream of it to also be compromised.

IONIX’s Cloud Cross-View (CCV) uses cloud integrations to broaden the scope of attack surface mapping and coverage beyond traditional methods of monitoring. CCV extends asset analysis to consider aspects that are specific to cloud environments. This complements CSPM and CNAPP solutions by enriching them with broader attack surface data obtained through IONIX’s EASM capabilities.