TZUTC: -0500   
   MSGID: 1072.consprcy@1:2320/105 2c761f9f   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Thousands of businesses at risk worldwide as new data exfiltration technique   
   uncovered - here's what you need to know   
      
   Date:   
   Mon, 28 Apr 2025 21:04:00 +0000   
      
   Description:   
   Data Splicing Attacks expose the inability of current DLP tools to detect   
   insider-driven data leaks through browsers.   
      
   FULL STORY   
      
   A newly uncovered data exfiltration technique known as Data Splicing Attacks   
   could place thousands of businesses worldwide at significant risk, bypassing   
   all leading data loss prevention ( DLP ) tools.    
      
   Attackers can split, encrypt, or encode data within the browser, transforming   
   files into fragments that evade the detection logic used by both endpoint   
   protection platforms (EPP) and network-based tools - before these pieces are   
   then reassembled outside the protected environment.    
      
   By using alternative communication channels such as gRPC and WebRTC, or    
   secure messaging platforms like WhatsApp and Telegram, threat actors can   
   further obscure their tracks and avoid SSL-based inspections.   
      
   Threat actors now splice, encrypt, and vanish   
      
   The growing reliance on browsers as primary work tools has increased    
   exposure. With more than 60% of enterprise data stored on cloud platforms   
   accessed via browsers , the importance of a secure browser has never been   
   greater.    
      
   Researchers demonstrated that proxy solutions used in many secure enterprise   
   browsers simply cannot access the necessary context to recognize these    
   attacks because they lack visibility into user interactions, DOM changes, and   
   browser context.    
      
   Additionally, endpoint DLP systems struggle because they rely on APIs exposed   
   by the browser, which do not offer identity context, extension awareness, or   
   control over encrypted content.    
      
   These limitations create a blind spot that attackers can exploit without   
   detection, undermining many enterprises ability to defend against insider   
   threat scenarios.    
      
   What makes this discovery even more urgent is the ease with which these   
   techniques can be adapted or modified. With new code, attackers can easily   
   create variants, further widening the gap between evolving threats and   
   outdated protections.    
      
   In response, the team introduced Angry Magpie, an open source toolkit    
   designed to replicate these attacks. Security teams, red teams, and vendors   
   can use the tool to evaluate their defenses.    
      
   Angry Magpie allows defenders to assess their systems exposure in realistic   
   scenarios, helping identify blind spots in current implementations of even    
   the best DLP solutions.    
      
   We hope our research will serve as a call to action to acknowledge the   
   significant risks browsers pose for data loss, the team said.   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/thousands-of-businesses-at-risk-worldwide-as-new   
   -data-exfiltration-technique-uncovered-heres-what-you-need-to-know   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426