SquareX Researchers Highlight Browser Security Concerns at Black Hat and DEF CON 33

In the ever-evolving sphere of cybersecurity, SquareX, a leader in browser security, is set to make a significant impact during the Black Hat USA and DEF CON 33 conventions this August. Researchers from SquareX will unveil a series of essential findings aimed at addressing widespread vulnerabilities inherent in current web browsing technologies.

SquareX's founder, Vivek Ramachandran, is scheduled to deliver a pivotal presentation titled "Browser-Native Security in a Browser First World" at Black Hat USA. In this talk, Ramachandran will highlight how modern enterprises can better protect themselves from browser-centric threats—a reality that has become increasingly urgent as statistics reveal employees now spend around 80% of their time using web browsers on their devices. He plans to expose the latest tactics, techniques, and procedures (TTPs) that cybercriminals employ to circumvent established security measures such as SASE (Secure Access Service Edge), EDR (Endpoint Detection and Response), and DLP (Data Loss Prevention) solutions.

The DEF CON 33 mainstage will feature a crucial talk by researchers Shourya Pratap Singh, Jonathan Lin, and Daniel Seetoh, who will present an alarming new technique capable of undermining passkey authentication systems in their session titled "Passkeys Pwned: Turning WebAuthn Against Itself." As tech giants such as Apple, Google, and Microsoft push for the adoption of passkeys as a more secure alternative to traditional passwords, this research indicates that critical vulnerabilities still exist that could be exploited by skilled attackers.

Moreover, SquareX will introduce an innovative tool named ExtHuntr at the Recon Village, designed to analyze browser extensions for security and risk assessment. Presented by Nishant Sharma and Shourya Pratap Singh, this open-source tool will provide defenders the essential visibility they need regarding installed browser extensions, scrutinizing their permissions and behaviors to help establish risk scores.

Adding to the agenda, Nishant Sharma will also host an enlightening two-hour workshop at the Cloud Village, titled "Serverless but Not Defenseless: A Security Deep Dive into Cloud Run." Attendees will gain a practical understanding of implementing secure deployment strategies for services on Cloud Run, aligning with modern DevSecOps principles.

Meanwhile, SquareX's Audrey Adeline will partake in a panel discussion on “The Trailblazer’s Guide to Cybersecurity,” shedding light on the journeys of first-generation technology professionals in the cybersecurity arena. Adeline will also brief attendees about the upcoming release of The Browser Security Field Manual, a collaborative publication with Fortune 500 executives, unveiling the latest tactics used by attackers to exploit browser vulnerabilities.

Reflecting on the importance of sharing knowledge in this field, Ramachandran notes, “Over the past year, we have been releasing cutting-edge research on architectural browser vulnerabilities as part of the Year of Browser Bugs project. We believe that understanding the attacker mindset is vital for countering the newest threat vectors. It is crucial to present these findings at industry-leading conferences such as Black Hat and DEF CON.” He elaborates that traditional security solutions have significant limitations, particularly regarding the sophisticated vulnerabilities discovered in passkeys and browser extensions.

SquareX's commitment extends beyond merely revealing vulnerabilities; the researchers aim to provide practical solutions and open-source tools to help enterprises effectively close the browser security gaps. The company envisions these findings will play a critical role in enhancing cybersecurity resilience across organizations.

For more comprehensive insights, attendees can expect detailed discussions of multiple open-source browser-native security solutions that SquareX plans to release during the events. Through these innovative approaches, SquareX is set to redefine enterprise browser security, ensuring organizations can safeguard against emerging threats effectively.

To learn more about SquareX’s initiatives and contributions to browser security, visit SquareX official website.