Latest news with #OAuth
Techday NZ
07-08-2025
- Techday NZ
SquareX launches open-source toolkits to defend browsers
SquareX has released two open-source toolkits to support security teams in simulating and defending against browser-based attacks that can evade traditional enterprise security measures. The two new toolkits, developed by SquareX security researchers, are designed to enable red and blue teams to more effectively address attack techniques that specifically target web browsers. These methods often exploit the fact that many conventional network and endpoint security solutions have limited visibility into threats that operate solely within the browser environment, such as session hijacking and data exfiltration. The prevalence of web browsers as the interface through which corporate resources are accessed and sensitive data is managed has elevated the browser as a key attack vector for threat actors. Despite this, most existing security frameworks continue to focus on more traditional points of compromise, like endpoints and networks. The toolkits aim to bridge this gap by providing practical resources for offensive (red teams) and defensive (blue teams) security teams. Red teams can leverage the tools to create simulations of browser-based attacks, while blue teams can use them to learn to detect and respond to threats that might be otherwise overlooked by standard monitoring systems. Angry Magpie toolkit One of the new toolkits, Angry Magpie, was developed by SquareX researchers Jeswin Mathai, Pankaj Sharma and Xian Xiang Chang. It focuses on simulating data exfiltration attacks using data splicing techniques that target weaknesses in data loss prevention (DLP) systems. Angry Magpie demonstrates how attackers can employ data sharding, ciphering, transcoding, and smuggling to bypass both proxy-based and endpoint DLP solutions. These attacks can be executed through everyday browser operations such as copying to clipboard, file uploads, downloads, and printing. This approach sheds light on how insider threats might launch data exfiltration campaigns from within a browser, offering security teams a means to recognise and counter similar techniques. The toolkit provides methods to reveal these vulnerabilities and can help teams develop targeted defences. Copycat toolkit The second toolkit, Copycat, was created by SquareX security researchers Dakshitaa Babu, Tejeswar S Reddy, Pankaj Sharma and Albin Antony. Copycat is designed to simulate identity and authentication attacks that are initiated through malicious or compromised browser extensions. The toolkit contains ten modules, each illustrating a distinct technique for carrying out identity compromise at the browser level, such as silent account hijacking, credential theft, two-factor authentication interception, and manipulation of OAuth flows. The toolkit demonstrates how even browser extensions with minimal permissions - such as widely-used colour picker extensions with tabs and scripting access - can be used by attackers to compromise user identities and gain control over authenticated sessions. Recent campaigns by threat actor groups like Scattered Spider and Muddled Libra have utilised similar browser-based techniques as an entry point into enterprises. "Enterprise security solutions are struggling to keep pace with modern attack techniques that operate entirely within web browsers. While organizations have invested heavily in endpoint detection and network security, these traditional defenses have limited visibility into browser-based threats - particularly identity attacks and data exfiltration that occur within authenticated sessions." The release of Angry Magpie and Copycat toolkits highlights the need for enhanced collective understanding and preparedness. They intend to give security professionals both concrete attack examples and the detection mechanisms necessary for enterprise environments. This effort is part of SquareX's broader strategy, which previously saw the introduction of a browser detection and response solution designed to deliver visibility and control within browser sessions. The company's security researchers emphasise that providing these tools to the wider community can help teams stay informed about the latest attack vectors and develop appropriate strategies in response. "Through these toolkits, SquareX extends its impact beyond pioneering the Browser Detection and Response solution to enabling the entire security industry - ensuring teams understand actively exploited attack techniques and can build appropriate defenses." The toolkits are open-source and available to security teams for direct use and adaptation in enterprise environments. Live demonstrations of Angry Magpie and Copycat are being held at DEF CON, offering a practical showcase of how the tools can be integrated into existing security frameworks.
Mid East Info
31-07-2025
- Mid East Info
The hidden risks of browser extensions – and how to stay safe - Middle East Business News and Information
Phil Muncaster, guest writer at ESET, explains that n ot all browser add-ons are handy helpers – some may contain far more than you have bargained for What would we do without the web browser? For most of us, it's our gateway to the digital world. But browsers are such a familiar tool today that we're in danger of giving them a free ride. In fact, there are plenty of rogue extensions masquerading as legitimate ad blockers, AI assistants, or even security tools that are designed to steal our data, send us to malicious sites and flood our screen with popups. For example, earlier this year, a malicious campaign was uncovered that may have impacted dozens of extensions and compromised nearly three million users. Next time you're thinking about downloading a web browser add-on, think through the following risks. Why extensions matter Browser extensions are an increasingly popular vehicle for threat actors. They give attackers access to a vast amount of sensitive information, with people often trusting these add-ons, especially if they're downloaded from official sources. Also, extensions provide multiple avenues for monetization and malicious activity and generally give attacks a better chance of success and are a threat also in corporate settings, where they may often stay under the radars of security teams and tools. However, by installing and granting an extension permissions, you could unwittingly be enabling malicious actors to access your most sensitive data – everything from browsing history to saved logins and session cookies, which could be abused to hijack your accounts. When browsers go bad A 2023 risk assessment of 300,000 browser extensions and third-party OAuth applications used in corporate environments revealed that half (51%) of the former were high risk and could potentially have caused 'extensive damage.' So how could they end up on your machine? Malware may be hidden in legitimate-looking browser extensions like those purporting to be ad blockers or PDF converters or even security enhancements. They could be packaged up and placed on browser stores for unwitting users to download, bundled with other software, shared through deceptive links or uploaded to platforms outside your official web store, where hackers rely on users 'sideloading' in order to target them. Sideloading is particularly dangerous because third-party stores don't feature the kind of security reviews and other checks that official marketplaces have in place. That means they're more likely to feature harmful add ons spoofed to appear as if legitimate. Alternatively, threat actors could hijack or acquire a legitimate extension and use it to send malicious updates to its entire user base. Sometimes, extensions can seem legitimate, but on activation will be programmed to install new payloads with malicious capabilities. What can malicious extensions do? The nefarious actions run the gamut and include: Stealing data, including usernames and passwords, browsing history, session cookies (which can be used to access your accounts without needing a password) and financial information. This may be sourced from your clipboard, browser or obtained via keylogging as you type it in. The end goal is usually to either sell that data on the dark web, or use it directly to hijack accounts and commit identity fraud. including usernames and passwords, browsing history, session cookies (which can be used to access your accounts without needing a password) and financial information. This may be sourced from your clipboard, browser or obtained via keylogging as you type it in. The end goal is usually to either sell that data on the dark web, or use it directly to hijack accounts and commit identity fraud. Directing you to malicious or risky websites that may harbor malware including infostealers and banking Trojans. Other sites may be spoofed to appear as if a legitimate brand, but are actually designed to harvest your personal and financial information and/or logins. that may harbor malware including infostealers and banking Trojans. Other sites may be spoofed to appear as if a legitimate brand, but are actually designed to harvest your personal and financial information and/or logins. Injecting unwanted ads and possible malware into your browsing experience. Ads could be monetized by threat actors, while malware may be designed to steal credentials or harvest other lucrative personal data for identity fraud. into your browsing experience. Ads could be monetized by threat actors, while malware may be designed to steal credentials or harvest other lucrative personal data for identity fraud. Backdooring your browser so that they can access your machine at any time in the future. so that they can access your machine at any time in the future. Mining for cryptocurrency without your knowledge, something that can slow down or even wear out your machine completely. Staying safe To mitigate these risks, caution is always advised when you're on the hunt for a new extension. First of all, stick to legitimate web stores and closely scrutinize any new add-on. That might include checking the developer's credentials, reading reviews of the product and searching separately for it to see if it has been connected to any suspicious or malicious behavior in the past. Look closely too at its permissions. If it requests any that seem to go beyond what is needed for the product, it should be a red flag. As is the case with, for example, mobile apps, not many extensions should need access to your passwords or browsing data. Additional tips to keep yourself safe include: Keep your browser updated so it's on the latest, more secure version at all times. This means it will be better protected against potential malware. Switch on multi-factor authentication on all your online accounts – that will go a long way toward keeping you safe even if a malicious browser extension does steal your passwords. To make your web browsing experience safer in general, consider using a secured browser mode that is offered together with other security-enhancing features by some security vendors. This mode comes in particularly handy when you perform financial and crypto transactions in your browser. Enhanced Safe Browsing in some common web browsers can also help you steer clear of malicious sites. Importantly, use security software from a reputable vendor, and perform periodic scans to check for anything suspicious running on your computer. It will go a long way towards preventing you downloading malware from third-party sites, or redirecting to a phishing site. Every piece of software we install, no matter how small, comes with an element of trust; indeed, this trust may be particularly significant with browser extensions, as they operate directly within your gateway to the internet. Think carefully about the value or convenience that an extension provides versus the potential risk. Ultimately, the goal is to make informed choices about the add-ons you allow into your digital space. be sure to source your browser extensions and, indeed, all other software from reliable providers.
Channel Post MEA
30-07-2025
- Channel Post MEA
Browser Extensions Boosts Big Hidden Risks
Phil Muncaster, guest writer at ESET, explains that n ot all browser add-ons are handy helpers – some may contain far more than you have bargained for What would we do without the web browser? For most of us, it's our gateway to the digital world. But browsers are such a familiar tool today that we're in danger of giving them a free ride. In fact, there are plenty of rogue extensions masquerading as legitimate ad blockers, AI assistants, or even security tools that are designed to steal our data, send us to malicious sites and flood our screen with popups. For example, earlier this year, a malicious campaign was uncovered that may have impacted dozens of extensions and compromised nearly three million users. Next time you're thinking about downloading a web browser add-on, think through the following risks. Why extensions matter Browser extensions are an increasingly popular vehicle for threat actors. They give attackers access to a vast amount of sensitive information, with people often trusting these add-ons, especially if they're downloaded from official sources. Also, extensions provide multiple avenues for monetization and malicious activity and generally give attacks a better chance of success and are a threat also in corporate settings, where they may often stay under the radars of security teams and tools. However, by installing and granting an extension permissions, you could unwittingly be enabling malicious actors to access your most sensitive data – everything from browsing history to saved logins and session cookies, which could be abused to hijack your accounts. When browsers go bad A 2023 risk assessment of 300,000 browser extensions and third-party OAuth applications used in corporate environments revealed that half (51%) of the former were high risk and could potentially have caused 'extensive damage.' So how could they end up on your machine? Malware may be hidden in legitimate-looking browser extensions like those purporting to be ad blockers or PDF converters or even security enhancements. They could be packaged up and placed on browser stores for unwitting users to download, bundled with other software, shared through deceptive links or uploaded to platforms outside your official web store, where hackers rely on users 'sideloading' in order to target them. Sideloading is particularly dangerous because third-party stores don't feature the kind of security reviews and other checks that official marketplaces have in place. That means they're more likely to feature harmful add ons spoofed to appear as if legitimate. Alternatively, threat actors could hijack or acquire a legitimate extension and use it to send malicious updates to its entire user base. Sometimes, extensions can seem legitimate, but on activation will be programmed to install new payloads with malicious capabilities. What can malicious extensions do? The nefarious actions run the gamut and include: Stealing data, including usernames and passwords, browsing history, session cookies (which can be used to access your accounts without needing a password) and financial information. This may be sourced from your clipboard, browser or obtained via keylogging as you type it in. The end goal is usually to either sell that data on the dark web, or use it directly to hijack accounts and commit identity fraud. including usernames and passwords, browsing history, session cookies (which can be used to access your accounts without needing a password) and financial information. This may be sourced from your clipboard, browser or obtained via keylogging as you type it in. The end goal is usually to either sell that data on the dark web, or use it directly to hijack accounts and commit identity fraud. Directing you to malicious or risky websites that may harbor malware including infostealers and banking Trojans. Other sites may be spoofed to appear as if a legitimate brand, but are actually designed to harvest your personal and financial information and/or logins. that may harbor malware including infostealers and banking Trojans. Other sites may be spoofed to appear as if a legitimate brand, but are actually designed to harvest your personal and financial information and/or logins. Injecting unwanted ads and possible malware into your browsing experience. Ads could be monetized by threat actors, while malware may be designed to steal credentials or harvest other lucrative personal data for identity fraud. into your browsing experience. Ads could be monetized by threat actors, while malware may be designed to steal credentials or harvest other lucrative personal data for identity fraud. Backdooring your browser so that they can access your machine at any time in the future. so that they can access your machine at any time in the future. Mining for cryptocurrency without your knowledge, something that can slow down or even wear out your machine completely. Staying safe To mitigate these risks, caution is always advised when you're on the hunt for a new extension. First of all, stick to legitimate web stores and closely scrutinize any new add-on. That might include checking the developer's credentials, reading reviews of the product and searching separately for it to see if it has been connected to any suspicious or malicious behavior in the past. Look closely too at its permissions. If it requests any that seem to go beyond what is needed for the product, it should be a red flag. As is the case with, for example, mobile apps, not many extensions should need access to your passwords or browsing data. Additional tips to keep yourself safe include: Keep your browser updated so it's on the latest, more secure version at all times. This means it will be better protected against potential malware. Switch on multi-factor authentication on all your online accounts – that will go a long way toward keeping you safe even if a malicious browser extension does steal your passwords. To make your web browsing experience safer in general, consider using a secured browser mode that is offered together with other security-enhancing features by some security vendors. This mode comes in particularly handy when you perform financial and crypto transactions in your browser. Enhanced Safe Browsing in some common web browsers can also help you steer clear of malicious sites. Importantly, use security software from a reputable vendor, and perform periodic scans to check for anything suspicious running on your computer. It will go a long way towards preventing you downloading malware from third-party sites, or redirecting to a phishing site. Every piece of software we install, no matter how small, comes with an element of trust; indeed, this trust may be particularly significant with browser extensions, as they operate directly within your gateway to the internet. Think carefully about the value or convenience that an extension provides versus the potential risk. Ultimately, the goal is to make informed choices about the add-ons you allow into your digital space. be sure to source your browser extensions and, indeed, all other software from reliable providers.
Malaysian Reserve
25-07-2025
- Business
- Malaysian Reserve
viaNexus Unveils MCP Service to Enable Agent-Driven Access to Financial Data
NEW YORK, July 24, 2025 /PRNewswire/ — viaNexus, the high-performance financial data platform built for intelligent systems, today announced the release of its MCP Service, a first-of-its-kind MCP implementation enabling a proper client/server architecture for autonomous agents to securely discover, request, and consume financial data — without manual Authentication/Authorization and paywall integration removinghuman intervention. The viaNexus MCP Service leverages the emerging Model Context Protocol (MCP) to deliver real-time, entitlement-aware access to market data, filings, fundamentals, news and more. Each agent is assigned a scoped identity and permission set, allowing precise control over what data can be accessed, by whom, and under what terms. 'Agents are the new users, and data is their fuel,' said Tim Baker, CEO of viaNexus. 'With the MCP Service, agents can connect directly to our data platform — with secure authentication, entitlements, and governance built in from the start.' Unlike current MCP server implementations, which are currently being advertised as API interfaces, often lack native support for secure authentication protocols, and agent-specific access controls, the viaNexus solution introduces several key innovations: Agent-Scoped Identity and Access Control — Unique, auditable access tied to organizational policies and account-level entitlements Asynchronous Authorization Workflow — Secure approval flows and timed bearer tokens remove reliance on human-mediated OAuth flows, which are incompatible with autonomous workflows Built-In Paywall Integration — Data providers can configure usage-based access and pricing, confident that monetization and compliance are enforced programmatically Native Integration with viaNexus Data — Agents can retrieve structured data on demand, fueling analysis, reasoning, or downstream processes 'This is just the beginning,' said Pedro Aguayo, CTO of viaNexus. 'We're already working on open sourcing the entire client stack — including connectors, configuration tools, and telemetry. Our goal is to make secure, agentic data workflows easy to build, deploy, and scale.' Read the blog post here: View the demo here: Stay up to date with future releases by signing up to our Newsletter here: viaNexus is also inviting select beta customers to test the viaNexus MCP service. Interested parties can reach the team at MCP-beta@ About viaNexusviaNexus is a next-generation financial data platform purpose-built for both data publishers and data consumers. From real-time prices to structured financial content, viaNexus delivers high-performance, entitlement-aware data access through APIs and next-gen protocols like MCP. The platform supports fintechs, institutions, and data providers looking to scale in an intelligent, compliant, and cost-effective way. Learn more at Media Contact: Tim Baker,
Techday NZ
03-07-2025
- Business
- Techday NZ
Most fintechs fail API security, risking sensitive payment data
New research conducted by Raidiam highlights significant weaknesses in API security across fintech companies, SaaS platforms, payments firms, and other enterprises operating outside regulated environments such as Open Banking. The report, which assessed security practices at 68 organisations, reveals that 84% remain vulnerable due to insufficient API protections, even when dealing with sensitive or high-value data. Widespread vulnerabilities The research indicates that 85% of the surveyed organisations handle either payment data or special category personal data, yet only one met the benchmark for modern, cryptographic API protection. The study found that outdated or insufficient controls—such as the use of static API keys and basic OAuth secrets—prevail among most firms, leaving them open to exploitation. "We've all read the recent headlines; API security should not be an afterthought. The gap between the sensitivity of data and the strength of controls is a board-level risk – not just a technical issue," said David Oppenheim, Head of Enterprise Strategy at Raidiam. Of the organisations surveyed, 57 out of 68 use bare API keys or basic OAuth credentials, mechanisms that have well-known security vulnerabilities. Less than half conduct regular API-specific penetration testing or runtime anomaly monitoring, measures deemed essential for identifying and addressing potential attack vectors in real time. Real-world consequences The report points to the 2023 Dell partner API breach as evidence that attackers are already actively exploiting these weak points in enterprise systems. These incidents underscore a growing risk for any entity exposing sensitive APIs without robust protective measures in place. According to the report, a Security vs Sensitivity Matrix mapping exercise revealed a severe misalignment between the sensitivity of the data held and the strength of security controls implemented. This mismatch increases the likelihood and potential impact of security incidents. "We found that even firms handling payment and personal data still rely on static API keys and basic secrets. In today's threat landscape, that's the digital equivalent of leaving the vault door open," Oppenheim added. "In regulated environments like Open Banking, stronger controls like mutual TLS and certificate-bound tokens are already standard. Outside those frameworks, there's a gaping hole." API risk in unregulated environments is becoming a prominent concern in the industry. In early 2025, the Chief Information Security Officer at JPMorgan Chase issued a public warning about rising vulnerabilities linked to third-party platforms, advocating for a shift towards prioritising security over rapid development. Gartner statistics cited in the report indicate that API breaches tend to leak 10 times more data than traditional attacks. The report states, "This isn't theoretical — attackers are already in." Recommendations for addressing risk The report provides a four-step action plan for organisations seeking to bridge the gap between data sensitivity and protection. It recommends elevating API security to a board-level priority, modernising controls through cryptographic methods such as mutual TLS (mTLS) and sender-constrained access tokens, increasing investment in developer awareness and security testing, and working with trusted partners to accelerate adoption of proven standards and infrastructure. Raidiam's expertise in secure digital data-sharing ecosystems is currently being made available to assist enterprise organisations in bringing API security standards up to date and closing the gaps identified by this research. Follow us on: Share on:
