Titled “Data Splicing Attacks: Breaking Enterprise DLP from the Inside Out”, the talk will demonstrate multiple data splicing techniques that will allow attackers to exfiltrate any sensitive file or clipboard data, completely bypassing major Data Loss Protection (DLP) vendors listed by Gartner by exploiting architectural vulnerabilities in the browser. Audrey currently leads the Year of Browser Bugs (YOBB) project at SquareX which has disclosed multiple major architectural browser vulnerabilities to date. SquareX’s dedicated research team was the first to discover and disclose multiple pivotal attacks, including Last Mile Reassembly Attacks, Browser Syncjacking, Polymorphic Extensions, and Browser-Native Ransomware. This includes defending against identity attacks, malicious extensions, spearphishing, browser data loss, and insider threats. As part of the Year of Browser Bugs (YOBB) project, SquareX commits to continue disclosing at least one major architectural browser vulnerability every month. SquareX researchers Jeswin Mathai and Audrey Adeline will be disclosing a new class of data exfiltration techniques at BSides San Francisco 2025. SquareX researcher Audrey Adeline says, “Data splicing attacks are a complete game changer for insider threats and attackers that are seeking to steal information from enterprises. They exploit newer browser features that were invented long after existing DLP solutions and thus the data exfiltrated using these techniques are completely uninspected, resulting in full bypasses. Key discoveries from YOBB include Polymorphic Extensions, Browser Ransomware and Browser Syncjacking, all of which have been covered by major publications such as Forbes, Bleeping Computer and Mashable. SquareX’s industry-first Browser Detection and Response (BDR) helps organizations detect, mitigate, and threat-hunt client-side web attacks targeting employees happening against their users in real-time.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 16 Apr 2025 13:45:18 +0000