SquareX በ BSides San Francisco, አንድ ዋና DLP ፍለጋ ላይ ውሂብ ተለዋዋዋጭ መዳረሻዎችን ይሰጣል

Palo Alto, California, April 16th, 2025/CyberNewsWire/--SquareX researchers Jeswin Mathai and Audrey Adeline will be disclosing a new class of data exfiltration techniques at BSides San Francisco 2025.

Jeswin MathaiJeswin MathaiAudrey AdelineAudrey Adeline

Titled “Data Splicing Attacks: Breaking Enterprise DLP from the Inside Out”, the talk will demonstrate multiple data splicing techniques that will allow attackers to exfiltrate any sensitive file or clipboard data, completely bypassing major Data Loss Protection (DLP) vendors listed by Gartner by exploiting architectural vulnerabilities in the browser.

Data Splicing Attacks: Breaking Enterprise DLP from the Inside OutData Splicing Attacks: Breaking Enterprise DLP from the Inside Out

DLP ሁሉም ኢንዱስትሪ ደህንነት ጥቅሞች መካከል አንድ ዋና ጥቅል ነው. ውሂብ ውፅዓት በ IP ፍጥነት, መደበኛ ውፅዓት, ግምገማዎች, እና በዋናነት ላይ አስደናቂ ውፅዓት ጨምሮ አስደናቂ ውጤቶች ሊሆን ይችላል. የኮርፖሬሽን ውሂብ ከ 60% በላይ በኮርፖሬሽን ውሂብ በኮርፖሬሽን ውስጥ የተመሠረተ ነው.

እውነተኛ መጨረሻ እና የ Cloud DLP መፍትሔዎች በባህርተሮች እና በባህርተሮች ላይ ውሂብ ጋር እንዴት መተግበሪያዎችን ያካትታሉ ላይ ዝቅተኛ የቴሌሜቲክ እና ቁጥጥር አላቸው.

በተጨማሪም, በ browser ውስጥ ውሂብ መስመሮች ለመጠበቅ ጊዜ በርካታ ልዩ ልምዶች አሉ.

እነዚህ ብዙ የግል እና የሙያ ትዕዛዞች, የ SaaS መተግበሪያዎች እና የ Shadow SaaS መተግበሪያዎች አጠቃቀም, እና በዚህ መተግበሪያዎች መካከል ተስማሚ ውሂብ መውሰድ የሚችል ብዙ መንገድዎችን ያካትታል. የንግድ ኩባንያዎች መተግበሪያ ላይ መተግበሪያዎች ላይ መተግበሪያዎን ሙሉ በሙሉ መቆጣጠሪያ ያደርጋሉ.

“Data splicing attacks are a complete game changer for insider threats and attackers who are seeking to steal information from enterprises. They exploit newer browser features that were invented long after existing DLP solutions and thus the data exfiltrated using these techniques are completely uninspected, resulting in complete bypasses. With today’s workforce heavily relying on SaaS apps and cloud storage services, any organization that uses the browser is vulnerable to data splicing attacks.”

“Data splicing attacks are a complete game changer for insider threats and attackers who are seeking to steal information from enterprises. They exploit newer browser features that were invented long after existing DLP solutions and thus the data exfiltrated using these techniques are completely uninspected, resulting in complete bypasses. With today’s workforce heavily relying on SaaS apps and cloud storage services, any organization that uses the browser is vulnerable to data splicing attacks.”

እነዚህ ጓደኛዎች ደግሞ የ "Angry Magpie" የ Open-Source መሣሪያ መሣሪያ መሣሪያ መሣሪያ መተግበሪያ መተግበሪያ መተግበሪያ መተግበሪያ መተግበሪያ መተግበሪያ መተግበሪያ መተግበሪያ መተግበሪያ መተግበሪያ መተግበሪያ መተግበሪያ መተግበሪያ መተግበሪያ መተግበሪያ መተግበሪያ መተግበሪያ መተግበሪያ መተግበሪያ መተግበሪያ መተግበሪያ መተግበሪያ መተግበሪያ መተግበሪያ መተግበሪያ መተግበሪያ መተግበሪያ መተግበሪያ መተግበሪያ መተግበሪያ መተግበሪያ መተግበሪያ መተ

የ BSides San Francisco መጨረሻው በኋላ, የ SquareX ቡድን በ RSAC 2025 ላይ ተመልካች ይሆናል እና በ Booth S-2361, South Expo ላይ ይሰጣል.

የተግበሪያ መረጃ:

Title: Data Splicing Attacks: Breaking Enterprise DLP from the Inside Out

Data Splicing Attacks: Breaking Enterprise DLP from the Inside OutData Splicing Attacks: Breaking Enterprise DLP from the Inside Out

የተግበሪያዎች: Jeswin Mathai እና Audrey Adeline

አንድነት: BSides San Francisco 2025

አንድ ጣቢያ: ቻይና, ቻይና

Toolkit ስሪት: Angry Magpie (Open Source)

የተግበሪያዎች ስለ

Jeswin Mathai, Chief Architect, SquareX

Jeswin MathaiJeswin Mathai

Jeswin Mathai በ SquareX ውስጥ ዋና መሐንዲት ይሰራል, ይህም ኩባንያው ኢንዱስትሪ ንድፍ እና መተግበሪያዎችን ያስተዋውቃል. አንድ ተሞክሮ ተመራማሪ እና ምርምር, Jeswin እንደ DEF CON US, DEF CON China, RootCon, Blackhat Arsenal, Recon Village, እና Demo Labs በ DEFCON እንደ ታዋቂ ዓለም አቀፍ ደረጃዎች ላይ ልምድ ያስተዋውቃል. በተጨማሪም በ Black Hat US, Asia, HITB, RootCon, እና OWASP NZ Day ላይ በዓለም አቀፍ ደረጃ ላይ ልምድ ያስተዋውቃል. በ AWSGoat, AzureGoat, እና PAToolkit እንደ ታዋቂ የኦፕሬስ ኮድ ፕሮጀክቶች ያደርጋል.

Audrey Adeline, Researcher

Audrey AdelineAudrey Adeline

Audrey በአሁኑ ጊዜ በ SquareX ውስጥ የ Browser Bugs Year (YOBB) ፕሮጀክቱ ያስተዋውቃል, ይህም በአሁኑ ጊዜ በርካታ ዋና የ browser architectural vulnerabilities ይሰጣል. እሱ ደግሞ የ Browser Security Field Manual የተለጠፈው መተግበሪያ ነው. የ YOBB ከ ዋና መታወቂያዎች በ Polymorphic Extensions, Browser Ransomware እና Browser Syncjacking ያካትታል, እነርሱ ሁሉ በ Forbes, Bleeping Computer እና Mashable እንደ ዋና ገጽታዎች ያካትታል.

የተኮር ደህንነት ትምህርት ለማስተዋወቅ አስደናቂ ነው እና በ Stanford University እና በ Women in Security and Privacy (WISP) ጋር በርካታ ኮምፒውተርዎችን ያስተዋውቃል. SquareX በፊት, Audrey በ Sequoia Capital ውስጥ የኮምፒውተር ደህንነት ኢንቨስትመንት ነበር እና በኮምፒውተር ሳይንስ ዲግሪ ጋር የካምፒውተር ዩኒቨርሲቲ ተመሠረተ ነበር.

በ SquareX ስለ

SquareX’s industry-first Browser Detection and Response (BDR) helps organizations detect, mitigate, and threat-hunt client-side web attacks targeting employees happening against their users in real-time. This includes defending against identity attacks, malicious extensions, spearphishing, browser data loss, and insider threats.

SquareXSquareX

SquareX takes a research and attack-focused approach to browser security. SquareX’s dedicated research team was the first to discover and disclose multiple pivotal attacks, including Last Mile Reassembly Attacks, Browser Syncjacking, Polymorphic Extensions, and Browser-Native Ransomware. As part of the Year of Browser Bugs (YOBB) project, SquareX commits to continue disclosing at least one major architectural browser vulnerability every month.

Last Mile Reassembly AttacksLast Mile Reassembly AttacksBrowser SyncjackingBrowser SyncjackingPolymorphic ExtensionsPolymorphic ExtensionsBrowser-Native RansomwareBrowser-Native RansomwareYear of Browser BugsYear of Browser Bugs

የተግበሪያዎች

የአውስትራሊያ ገጽታ

የተኮር ፎቶዎች

የተግበሪያዎች

የእንጋይ@sqrx.com

This story was distributed as a release by Cybernewswire under HackerNoon’s Business Blogging Program. Learn more about the program here

herehere

እና

አግኙን