SquareX Uncovers Critical Vulnerabilities in Malicious Document Detection Among Top Webmail Providers Like Gmail, Outlook

SquareX Uncovers Critical Vulnerabilities in Malicious Document Detection Among Top Webmail Providers Like Gmail, Outlook

SquareX, a browser-security start-up led by serial cybersecurity entrepreneur Vivek Ramachandran, today unveiled the results of its recent study, revealing a concerning reality about major email providers’ inadequacies in safeguarding users against malicious document-based threats.

The study, conducted by SquareX’s research and development team, involved analysing 100 malicious document samples, which were segmented into four distinct categories:

  1. Original malicious document samples from MalwareBazaar
  2. Slightly altered malicious document samples from MalwareBazaar, such as changes in metadata and file formats
  3. Malicious document samples modified using attack tools that have existed for many years
  4. Basic Macro-enabled documents that execute programs on user devices.

These samples were sent via a third-party email provider, ProtonMail, to several major email providers, including industry giants such as Gmail, Outlook, Yahoo, AOL, and Apple iCloud Mail. The study revealed that while email providers like Gmail and Outlook demonstrated basic detection capabilities in identifying unmodified malicious document samples, they faltered in detecting modified malicious documents manipulated with readily accessible attack tools – exposing a glaring cybersecurity loophole that poses a potential threat to millions of users around the world.

Given the prevailing reliance on email services as secure communication channels, these findings raise important questions about the effectiveness of relying on existing email security measures and the false sense of security they may instil in millions of users and enterprises worldwide. While cyber threats are becoming increasingly sophisticated, email providers appear ill-prepared to detect and intercept these emerging threats, consequently leaving users to potential exploitation.

“The inadvertent discovery of this significant lapse in email security during our product enhancement process was startling, especially in India where most people use these services both for personal and professional work and rely on them for security,” shared Vivek Ramachandran, the founder and CEO of SquareX. “Our intention in making these findings public is to ignite a dialogue on the urgent need for reinforced security measures and encourage email providers to either elevate their security protocols or transparently acknowledge their current limitations,” added Vivek.

To bridge this security gap, SquareX has introduced an advanced in-browser malicious document scanning feature as a part of its browser extension, currently in beta. This move not only speaks of the company’s commitment to making the web a safer place but also invites other companies to join forces in securing the web activities of users and enterprises from cyber-attacks.

About SquareX:

SquareX is a browser-security start-up founded by the seasoned cybersecurity expert and serial entrepreneur, Vivek Ramachandran. At the core of SquareX’s mission is the commitment to empower users and enterprises with the confidence to navigate the online world without fear. With its innovative browser-native security solutions and unique isolation technology, SquareX aims to safeguard both individuals and enterprises from a spectrum of browser-based threats, encompassing malicious files, websites, scripts, and compromised networks.

Available on the Chrome and Edge stores, the SquareX browser extension has not only been awarded as “featured extension” by Chrome store but has also earned over 100,000 users globally in less than a year.

Related post

GS Lab | GAVS welcomes Harmeet Chauhan as the CEO in its Journey to be a Scaled Purposeful AI-led Services Organization

GS Lab | GAVS welcomes Harmeet Chauhan as the CEO in its…

Princeton, New Jersey, October 23, 2024: The Board of Directors of GS Lab | GAVS (the “Company”) is excited to announce the appointment of Mr. Harmeet Chauhan as the new Chief Executive Officer of the Company, effective October 7, 2024. Harmeet succeeds Mr. Sumit Ganguli, who will continue to support…
SquareX Exposes Failures of Secure Web Gateways at DEF CON 32, Releases Framework for Enterprise Testing.

SquareX Exposes Failures of Secure Web Gateways at DEF CON 32, Releases…

SINGAPORE, Thursday, August 22, 2024 – SquareX delivered a groundbreaking presentation at DEF CON 32, univocally proving that Secure Web Gateways (SWGs) are broken beyond repair. Presented by SquareX founder Vivek Ramachandran and the research team, the talk exposed over 30 bypass techniques that highlight core architectural vulnerabilities in SWGs,…
SquareX Discovers New Cybersecurity Attacks that Completely Bypass Secure Web Gateways (SWG), Leaving Most Enterprises Vulnerable.

SquareX Discovers New Cybersecurity Attacks that Completely Bypass Secure Web Gateways (SWG),…

SINGAPORE, Aug 6, 2024 – SquareX Founder, Vivek Ramachandran, cybersecurity veteran with over 20 years of experience and founder/ex-CEO of Pentester Academy (acquired by INE), together with the security research team, will be delivering their latest findings in an upcoming main stage talk, titled Breaking Secure Web Gateways (SWG) for…
An Empowering Book ‘Introduction to Cybersecurity’ Receives Golden Book Award 2024

An Empowering Book ‘Introduction to Cybersecurity’ Receives Golden Book Award 2024

Introduction to Cybersecurity: Concepts, Principles, Technologies, and Practices by Ajay Singh (Universities Press, Orient Blackswan 2023) was among the winners at the Golden Book Awards 2024 (http://www.goldenbookawards.com/winners2024/) In an era where digital threats loom large, cybersecurity has emerged as an indispensable survival skill. This book gives students and professional managers the basic knowledge they need…
16-Year-Old Saina Kakkar Takes on Teenage Cybercrime in India as Youngest Cyber Crime Intervention Officer (CCIO) and National Security Database Volunteer

16-Year-Old Saina Kakkar Takes on Teenage Cybercrime in India as Youngest Cyber…

Saina Kakkar, is an extraordinarily talented, insightful, and passionate 16-year-old student, who radiates both warmth and confidence, and already making a huge impact in the world of cybersecurity as an entrepreneur, researcher, inventor, author and a true advocate for cyber safety for teenagers. As a young person Saina has grown…