2 days ago
ARTICLE AD BOX
Palo Alto, California, April 16th, 2025, CyberNewsWire
SquareX researchers Jeswin Mathai and Audrey Adeline will beryllium disclosing a caller people of information exfiltration techniques astatine BSides San Francisco 2025. Titled “Data Splicing Attacks: Breaking Enterprise DLP from nan Inside Out”, nan talk will show aggregate information splicing techniques that will let attackers to exfiltrate immoderate delicate record aliases clipboard data, wholly bypassing awesome Data Loss Protection (DLP) vendors listed by Gartner by exploiting architectural vulnerabilities successful nan browser.
DLP is simply a halfway pillar of each endeavor information stack. Data breaches tin consequence successful terrible consequences including IP loss, regulatory violations, fines, and terrible reputational damage. With complete 60% of firm information being stored successful nan cloud, browsers person go nan superior measurement for labor to create, access, and stock data. Consequently, nan browser has go a peculiarly charismatic target for outer attackers and insider threats alike. Yet, existing endpoint and unreality DLP solutions person constricted telemetry and power complete really labor interact pinch information connected nan browser.
Additionally, location are respective unsocial challenges erstwhile it comes to maintaining information lineage successful nan browser. This includes managing aggregate individual and master identities, nan wide scenery of sanctioned and protector SaaS apps, and nan galore pathways successful which delicate information tin travel betwixt these apps. Unlike managed devices wherever enterprises person afloat power complete what tin beryllium installed connected nan device, labor tin easy motion up for various SaaS services without nan IT team’s knowledge aliases oversight.
SquareX interrogator Audrey Adeline says, “Data splicing attacks are a complete crippled changer for insider threats and attackers that are seeking to bargain accusation from enterprises. They utilization newer browser features that were invented agelong aft existing DLP solutions and frankincense nan information exfiltrated utilizing these techniques are wholly uninspected, resulting successful afloat bypasses. With today’s workforce heavy relying connected SaaS apps and unreality retention services, immoderate statement that uses nan browser is susceptible to information splicing attacks.”
As portion of nan talk, they will besides beryllium releasing an open-source toolkit, “Angry Magpie”, which will let pentesters and reddish teams to trial their existing DLP stack and amended understand their organization’s vulnerability to Data Splicing Attacks. SquareX hopes that nan investigation will item nan terrible threats that browsers airs connected information nonaccomplishment and service arsenic a telephone to action for enterprises and vendors alike to re-think their information nonaccomplishment protection strategies.
Upon nan completion of BSides San Francisco, nan SquareX squad will besides beryllium presenting astatine RSAC 2025 and will beryllium disposable astatine Booth S-2361, South Expo for further discussions connected nan research.
Talk Details:
Title: Data Splicing Attacks: Breaking Enterprise DLP from nan Inside Out
Speakers: Jeswin Mathai and Audrey Adeline
Event: BSides San Francisco 2025
Location: San Francisco, CA
Toolkit Release: Angry Magpie (Open Source)
About nan Speakers
Jeswin Mathai, Chief Architect, SquareX
Jeswin Mathai serves arsenic nan Chief Architect astatine SquareX, wherever he leads nan creation and implementation of nan company’s infrastructure. A seasoned speaker and researcher, Jeswin has showcased his activity astatine prestigious world stages specified arsenic DEF CON US, DEF CON China, RootCon, Blackhat Arsenal, Recon Village, and Demo Labs astatine DEFCON. He has besides imparted his knowledge globally, training in-classroom sessions astatine Black Hat US, Asia, HITB, RootCon, and OWASP NZ Day. He is besides nan creator of celebrated open-source projects specified arsenic AWSGoat, AzureGoat, and PAToolkit.
Audrey Adeline, Researcher
Audrey presently leads nan Year of Browser Bugs (YOBB) task astatine SquareX which has disclosed aggregate awesome architectural browser vulnerabilities to date. She is besides a published writer of The Browser Security Field Manual. Key discoveries from YOBB see Polymorphic Extensions, Browser Ransomware and Browser Syncjacking, each of which person been covered by awesome publications specified arsenic Forbes, Bleeping Computer and Mashable. She is passionate astir furthering cybersecurity acquisition and has tally aggregate workshops pinch Stanford University and Women successful Security and Privacy (WISP). Prior to SquareX, Audrey was a cybersecurity investor astatine Sequoia Capital and graduated from nan University of Cambridge pinch a grade successful Natural Sciences.
About SquareX
SquareX’s industry-first Browser Detection and Response (BDR) helps organizations detect, mitigate, and threat-hunt client-side web attacks targeting labor happening against their users successful real-time. This includes defending against personality attacks, malicious extensions, spearphishing, browser information loss, and insider threats.
SquareX takes a investigation and attack-focused attack to browser security. SquareX’s dedicated investigation squad was nan first to observe and disclose aggregate pivotal attacks, including Last Mile Reassembly Attacks, Browser Syncjacking, Polymorphic Extensions, and Browser-Native Ransomware. As portion of nan Year of Browser Bugs (YOBB) project, SquareX commits to proceed disclosing astatine slightest 1 awesome architectural browser vulnerability each month.
Contact
Head of PR
Junice Liew
SquareX
[email protected]
English (US) · 
Indonesian (ID) ·