malicious javascript injected into 100,000 websites

preview_player
Показать описание
A malicious CDN has been caught shipping javascript exploits on over 100,000 websites. This is truly one of the craziest attacks I've ever seen.

🛒 GREAT BOOKS FOR THE LOWEST LEVEL🛒

🔥🔥🔥 SOCIALS 🔥🔥🔥
  1. Low Level
  2. apple
  3. apple m1
  4. m1 bug
  5. cpu bug
  6. hackers
Рекомендации по теме
malicious javascript injected 0:12:28

malicious javascript injected into 100,000 websites

One Script Tag 0:16:04

One Script Tag Just Pwn'd Over 100,000 Websites

PolyFill Vulnerability is 0:13:43

PolyFill Vulnerability is WILD

100k sites compromised 0:09:33

100k sites compromised - It’s time to rethink this ecosystem

Million Browser Botnet 0:47:55

Million Browser Botnet - Jeremiah Grossman Matt Johanssen

JavaScript for the 0:02:50

JavaScript for the Haters

RuhrSec 2020 #StayAtHome 0:37:14

RuhrSec 2020 #StayAtHome Edition: HideNoSeek: Camouflaging Malicious JavaScript ... , Aurore Fass

Cross-Site Request Forgery 0:06:31

Cross-Site Request Forgery (CSRF) Explained And Demonstrated By A Pro Hacker!

USENIX Security '19 0:17:07

USENIX Security '19 - Robust Website Fingerprinting Through the Cache Occupancy Channel

7 Security Risks 0:09:00

7 Security Risks and Hacking Stories for Web Developers

Identifying Novel Malware 0:43:59

Identifying Novel Malware at Scale w/ Pedram Amini - SANS HackFest & Ranges Summit 2020

DefCamp 2016 - 0:39:50

DefCamp 2016 - DETECTING DRIVE-BY ATTACKS BY ANALYZING MALICIOUS JAVASCRIPT IN BIG DATA ENVIRONMENTS

TTP Cybersecurity Ep.104 0:22:25

TTP Cybersecurity Ep.104 - Derek Weeks | Forcepoint

Unit 0.2 Malicious 0:55:29

Unit 0.2 Malicious Code and Application Attacks (CISSP Ch 21)

Webcast: Undercover Agent 0:56:16

Webcast: Undercover Agent in the Chinese Card Shop Ecosystem: Become a Phishing Master

Emerging trends in 0:38:17

Emerging trends in malware downloaders

In the Danger 0:21:08

In the Danger Zone: XSS & React | Syneva Runyan

Black Hat USA 0:28:36

Black Hat USA 2013 - CrowdSource: Crowd Trained Machine Learning Model for Malware Capability Det.

Confidence London: Application 0:46:56

Confidence London: Application Real-time Monitoring to Hunt Malicious Injections (Pedro Fortuna)

Think Like a 0:46:47

Think Like a Hacker: Common Vulnerabilities Found in Web Applications

50 Thousand Needles 0:49:06

50 Thousand Needles in 5 Million Haystacks: Understanding Old Malware Tricks

Catch me if 0:47:38

Catch me if you can: Building a Web Malware Analyzer using Machine Learning - OWASP AppSecUSA 2014

'Prevention First': An 0:50:15

'Prevention First': An Approach to Cybersecurity w/ Minerva Labs!

Dor Livne - 1:02:56

Dor Livne - DeepVBA: A GCN approach for malicious code detection

Комментарии
Автор

when the child says googie : 🥰
when the hacker says googie : 💀

深夜-lf
Автор

Another reason why we don’t use 3rd party libraries or cdn’s. you can’t secure what you don’t control

saberint
Автор

i totally agree with the guy who commented “i just farted”

lolidkstudio
Автор

While escaping the js runtime certainly is a possibility, especially if they're targetting old unpatched browsers, my mind with this sort of exploit immediately jumps to user data theft rather than RCE.

RFelizardo
Автор

Lol, nope. Firefox don't use V8.

Being the inventor of JavaScript, they use the engine they developed during Netscape's heyday. Mozilla has maintained it ever since.

That is specific to Chromium-based browsers.

zzco
Автор

Polyfilling, as it says on the MDN page on the screen, is the name given to backporting features by rewriting them in compatible older JS, it doesn't refer to some specific library.

thennoth
Автор

This is why I always host all the JavaScript for my sites internally.

donleyp
Автор

10:15 Congrats to having a working digestive tract.

youtubewzd
Автор

6:26: "in V8's interpretation of C++" should be "in V8's interpretation of Javascript"

dominicbout
Автор

Even if it's not an exploit to get out of the browser's sandbox. They would still have access to the website and all user data and their security tokens would get leaked to that company. And as even financial institutions used it, that's a big issue.

Duconi
Автор

Watching half way through this it's already terrifying...

eggflaw
Автор

Nobody could have guessed that automatically using other people's code on your site could be dangerous 😂

tonyinv
Автор

I was recommended this channel by the algorithm - it's incredible how well it got to know me in the last 17 years since my account is technically active.

victorvsl
Автор

Polyfill is still a thing, but it’s usually compiled with the code rather than a link to another website.

LewisMoten
Автор

I just found your channel! I love it haha and this year has been crazy!

drakeomar
Автор

now im confident that i was never paranoid about polyfil but just beign realistic

Dj-Ann
Автор

JS and nodeJS are already notorious for memory issues

bugdeveloper
Автор

I find it pretty astonishing, that anyone can upload something to pip, cargo, npm etc but the majority of packages don't seem to contain malware.

seasong
Автор

12:04 what is there to say about open source?
Whenever an open source project comes out to have malicious code injected it's always the same story: "oh I really wonder if open source was a good idea, just saying you know. I wonder what this means for the future of open source".

The only reason we found out about this and many previous vulnerabilities and the word got spread is because of open source and open source platforms like github.

Would you have liked it better if polyfill were closed source and were just as popular? Without a community board or forum to discuss these things openly?

You think Microsoft's proprietary IE js interpreter was any more resilient compared to the same era Chrome interpreter because it was closed source? No, ofc not and even Microsoft knows that now.

What a naive way of looking at the world.

razt
Автор

I think it's funny that says "googie analytics" because he doesn't notice that the lowercase L in "anaiytics" has also been replaced

codewarren