Palo Alto Networks Admits to Reports by SquareX Regarding Weaknesses of Secure Web Gateways against Last-Mile Reassembly Assaults
In the digital age, the browser has emerged as the primary interface for AI and cloud applications, making it the new operating system for the enterprise. Securing this crucial platform is no longer an option, but a necessity.
Over the past year, SquareX, a leading cybersecurity research firm, has discovered over 10 zero day vulnerabilities in popular browsers. This revelation underscores the urgent need for robust browser security.
One of the most significant findings by SquareX is the vulnerability of Secure Web Gateways (SWGs) to Last Mile Reassembly attacks. These attacks, first disclosed by SquareX at DEF CON 32 last year, manipulate the final stage of data packet reassembly in a network, potentially evading detection and compromising network security.
Palo Alto Networks was the first to publicly acknowledge this limitation, admitting that SWGs are architecturally unable to defend against Last Mile Reassembly attacks. Data Splicing Attacks, a type of attack that leverages Last Mile Reassembly techniques, can be used by insider threats and attackers to steal sensitive data, bypassing both endpoint DLP and cloud SASE/SSE DLP solutions.
Attackers have been found to use various methods to bypass SWGs, such as breaking malware into different chunks or smuggling malicious files via binary channels like WebRTC, gRPC, and WebSockets. This trend has led SASE/SSE vendors to recognise that proxy solutions are no longer sufficient to protect against browser-based attacks.
SquareX has demonstrated that all major SASE/SSE vendors are vulnerable to Last Mile Reassembly attacks. Despite responsible disclosures to these vendors, no official statements have been made to warn customers about the vulnerability in the past 13 months - until two weeks ago.
In response to these findings, SquareX has launched a series of initiatives to strengthen browser security. The "Year of Browser Bugs" research project, for instance, discloses a major architectural vulnerability every month since January. This project has resulted in the disclosure of seminal research findings such as Polymorphic Extensions, a malicious extension that can silently impersonate password managers and crypto wallets to steal credentials and cryptocurrency.
To address these vulnerabilities, SquareX has developed a browser extension that turns any browser into an enterprise-grade secure browser, seamlessly integrating with users' existing consumer browsers without compromising user experience. The extension also empowers organizations to proactively defend against browser-native threats with its Browser Detection and Response (BDR) solution.
In addition to these initiatives, SquareX has also launched The Browser Security Field Manual, a technical guide for cybersecurity practitioners, at Black Hat this year. This manual aims to equip practitioners with the knowledge they need to secure their browsers effectively.
For more information about SquareX's research-led innovation, visit www.sqrx.com. If you have any questions or need further information, please contact Junice Liew, the Head of PR at SquareX, at [email protected].
As more attackers leverage Last Mile Reassembly techniques to exploit enterprises, it is clear that securing the browser is no longer an option, but a necessity.
Read also:
- Mural at blast site in CDMX commemorates Alicia Matías, sacrificing life for granddaughter's safety
- Microsoft's Patch Tuesday essential fixes: 12 critical vulnerabilities alongside a Remote Code Execution flaw in SharePoint
- British intelligence agency MI6 establishes a covert dark web platform named 'Silent Courier' in Istanbul for the purpose of identifying and enlisting secret agents.
- Russia intends to manufacture approximately 79,000 Shahed drones by the year 2025, according to Ukraine's intelligence.
