SquareX Uncovers Critical Vulnerabilities in Malicious Document Detection Among Top Webmail Providers Like Gmail, Outlook

SquareX Uncovers Critical Vulnerabilities in Malicious Document Detection Among Top Webmail Providers Like Gmail, Outlook

SquareX, a browser-security start-up led by serial cybersecurity entrepreneur Vivek Ramachandran, today unveiled the results of its recent study, revealing a concerning reality about major email providers’ inadequacies in safeguarding users against malicious document-based threats.

The study, conducted by SquareX’s research and development team, involved analysing 100 malicious document samples, which were segmented into four distinct categories:

  1. Original malicious document samples from MalwareBazaar
  2. Slightly altered malicious document samples from MalwareBazaar, such as changes in metadata and file formats
  3. Malicious document samples modified using attack tools that have existed for many years
  4. Basic Macro-enabled documents that execute programs on user devices.

These samples were sent via a third-party email provider, ProtonMail, to several major email providers, including industry giants such as Gmail, Outlook, Yahoo, AOL, and Apple iCloud Mail. The study revealed that while email providers like Gmail and Outlook demonstrated basic detection capabilities in identifying unmodified malicious document samples, they faltered in detecting modified malicious documents manipulated with readily accessible attack tools – exposing a glaring cybersecurity loophole that poses a potential threat to millions of users around the world.

Given the prevailing reliance on email services as secure communication channels, these findings raise important questions about the effectiveness of relying on existing email security measures and the false sense of security they may instil in millions of users and enterprises worldwide. While cyber threats are becoming increasingly sophisticated, email providers appear ill-prepared to detect and intercept these emerging threats, consequently leaving users to potential exploitation.

“The inadvertent discovery of this significant lapse in email security during our product enhancement process was startling, especially in India where most people use these services both for personal and professional work and rely on them for security,” shared Vivek Ramachandran, the founder and CEO of SquareX. “Our intention in making these findings public is to ignite a dialogue on the urgent need for reinforced security measures and encourage email providers to either elevate their security protocols or transparently acknowledge their current limitations,” added Vivek.

To bridge this security gap, SquareX has introduced an advanced in-browser malicious document scanning feature as a part of its browser extension, currently in beta. This move not only speaks of the company’s commitment to making the web a safer place but also invites other companies to join forces in securing the web activities of users and enterprises from cyber-attacks.

About SquareX:

SquareX is a browser-security start-up founded by the seasoned cybersecurity expert and serial entrepreneur, Vivek Ramachandran. At the core of SquareX’s mission is the commitment to empower users and enterprises with the confidence to navigate the online world without fear. With its innovative browser-native security solutions and unique isolation technology, SquareX aims to safeguard both individuals and enterprises from a spectrum of browser-based threats, encompassing malicious files, websites, scripts, and compromised networks.

Available on the Chrome and Edge stores, the SquareX browser extension has not only been awarded as “featured extension” by Chrome store but has also earned over 100,000 users globally in less than a year.

  • Award
  • Closed
  • 5 min read

An Empowering Book ‘Introduction to Cybersecurity’ Receives Golden Book Award 2024

An Empowering Book ‘Introduction to Cybersecurity’ Receives Golden Book Award 2024

Introduction to Cybersecurity: Concepts, Principles, Technologies, and Practices by Ajay Singh (Universities Press, Orient Blackswan 2023) was among the winners at the Golden Book Awards 2024 (http://www.goldenbookawards.com/winners2024/)

In an era where digital threats loom large, cybersecurity has emerged as an indispensable survival skill. This book gives students and professional managers the basic knowledge they need to deal with cybersecurity issues at both the personal and organizational level. It covers a wide range of topics, such as the different kinds of cybercrimes and cyberattacks, the best practices, strategies, tools, and technologies for information security, and the cyber laws and regulations that affect both cybercrime and cybersecurity. It also shows how the development and improvement of digital technologies have shaped both cybercrime and cybersecurity.

The book is a valuable resource for those who want to build a career in cybersecurity as well as anyone who wants to learn more about cybersecurity and how to protect themselves and their organizations from cyber threats. Given its coverage of a wide range of topics, teachers and reviewers have found the book to be  useful as a fundamental textbook for UG and PG students for not only Computer Science other streams like commerce and arts as well.

Key Highlights of the book:

Course and Reference Material: This book has seamlessly integrated itself into several cybersecurity courses as a textbook, serving as a trusted resource for learners. The contents of the book are well structured for fostering easy learning and include:

  • Clearly defined objectives at the beginning of every chapter
  • Nuggets of information, such as contextual case studies, important statistics, critical definitions, and crucial processes, presented as info boxes.
  • Chapter-end exercises comprising multiple choice questions with answers and subjective questions.
  • Additional self-assessment questions at the end of the book

Library Collections: It finds a place of honour in esteemed libraries, including the Prime Ministers’ Museum and Library in New Delhi and The National Library of India.

Career Building: Whether you aspire to a cybersecurity career or simply seek to safeguard yourself and your organization, this book provides invaluable insights.

Broad Applicability: Reviewers have hailed it as a fundamental textbook suitable not only for Computer Science students but also for those pursuing commerce and arts.

Golden Book Awards recognize the exceptional literary works that have made a significant impact. The awards are organised by Wings Publication International, a leading independent publisher in India.

Ajay Singh, the author of the book is a veteran IT professional and former CEO of a fintech company. He is a prolific writer who has authored several books on cybersecurity including CyberStrong: A Primer on Cyber Risk Management for Business Managers. (SAGE, 2020) which was an award-winning finalist at the International Book Awards at the American Book Fest 2022.

He says, “The Golden Book Award motivates me to pursue my personal mission to spread awareness that knowledge of cybersecurity is a top priority for everyone in an increasingly interconnected world with redoubled vigour.”

The risks and potential damages associated with cyber breaches continue to grow at an unprecedented scale. Cybersecurity breaches have far-reaching economic and societal ramifications. They can disrupt businesses, compromise personal data, and even impact national security. Only awareness and knowledge of cybersecurity can keep us secure.

My sincere thanks to renowned publishing house Universities Press (Orient Blackswan) for bringing out the book and making it available to a wide audience.” Singh adds.

The book is available all over the world in print, Kindle and eBook formats in all leading bookstores and platforms such as Amazon, eBay, Flipkart, Apple Books, WH Smith, Rakuten Kobo and more.

You can also get more information about the book at:

https://learncybersecurity.co.in

https://www.universitiespress.com/

More about the author:

www.linkedin.com/in/ajay-singh-a597111/

For enquiries: ajaysingh@becyberstrong.com

16-Year-Old Saina Kakkar Takes on Teenage Cybercrime in India as Youngest Cyber Crime Intervention Officer (CCIO) and National Security Database Volunteer

16-Year-Old Saina Kakkar Takes on Teenage Cybercrime in India as Youngest Cyber Crime Intervention Officer (CCIO) and National Security Database Volunteer

Saina Kakkar, is an extraordinarily talented, insightful, and passionate 16-year-old student, who radiates both warmth and confidence, and already making a huge impact in the world of cybersecurity as an entrepreneur, researcher, inventor, author and a true advocate for cyber safety for teenagers. As a young person Saina has grown up in the digital age and studied high school during pandemic, she understands the allure of social media and the internet, but she has also seen the darker side of these technologies. As she speaks with unwavering conviction, “It’s easy to get lost in the online world,” she explains, “and many teenagers don’t realize the potential consequences of their actions. That’s why it’s so important to educate them about the risks and how to navigate the online world safely and responsibly.”

For Saina, this mission has become a personal one. She has made it her life’s work to help her fellow teenagers stay safe online, and she has done several things dedicated to this cause. “It breaks my heart to see so many young people fall victim to cyberbullying, online predators, and other dangers,” Saina says, her voice shaking with emotion. “I want to do everything I can to protect them and help them stay safe.” As she speaks, it’s clear Saina’s passion for this cause runs deep. She knows that she can make a difference, and she is willing to do whatever it takes to ensure that her peers are protected in the digital world.

Saina Kakkar is not just a thought leader in the field of cybersecurity, she has also published research paper on ‘PRIVACY IN PANDEMIC – impact of covid19 on high school students’ privacy in india’ in International Journal of Novel Research & Development (https://www.ijnrd.org/papers/IJNRD2302048.pdf).

Saina has filed a patent for her novel work Pause-Before-You-Post (Govt. Of India Patent Office application) which detects Personally Identifiable Information (PII)  for example phone numbers and sensitive images to alert user to pause-and-think before they post the content. This is based on her other research that suggests that 88% of the time, adolescents in India (ages 12-18), who had originally been willing to  post PII or other sensitive message, changed their mind and edited the post.

In Saina’s dedication to give back to the community and make an impact, Saina founded and runs a non-profit organization, www.TeenCyberShield.org, which sponsored 20+ children from Grace Trust Orphanage (www.grace-trust.org) and 700+ students in various schools in India to help them better understand and protect themselves from cyber threats.

'Saina Kakkar, India's Cyber Crime Intervention Officer (CCIO) and www.teencybershield.org'

Saina’s book – ‘Navigating the Social Media Maze’ (www.amzn.to/3HSZi3Q), written under the guidance of Group Captain P Aanand Naidu(retd) (https://www.linkedin.com/in/paanaidu ) – already got adopted in a CBSE school’s curriculum in NCR region, provides practical tools for school children to protect themselves online, make smart choices, and be good digital citizens. The book is available for free download on https://copconnect.app/resources/. One can download free mobile app “copconnect” to read the blog posts by Saina.

Saina is also a vice president and co-founder of Junkguards (www.junkguards.com), a privacy aware recyling ecosystem, founded in line with the vision of the Government of India and the Central Pollution Control Board of India, to ensure proper management of E-Waste and Private Data stored in it. In her words, “E-Waste and Data Security Go Hand-In-Hand, and it’s important to take your e-waste to a privacy aware recycling firm with security experts to truly wipe your device clean of all sensitive and personal identifiable information (PII)”.  So far, she is instrumental in collecting 700 kgs of e-waste in these bins, which was then given away for scientific disposal.

'Saina Kakkar, India's Cyber Crime Intervention Officer (CCIO) and www.teencybershield.org'

Saina Kakkar’s efforts have not gone unnoticed, she got recognized by ISAC (Information Sharing and Analysis Center – www.isacfoundation.org) to become India’s youngest Cyber Crime Intervention Officer (CCIO) after clearing the AICTE NEAT 2.0, Min of Edn, GoI approved CCIO and Professional Ethics Certification (CPEW) and a volunteer in National Security Database (NSD) helping cybercrime victims and make a positive impact in the community. ISAC offered both age waiver and INR 50,000/- scholarship to pursue National Security Database empaneled technical certifications.

'Saina Kakkar, India's Cyber Crime Intervention Officer (CCIO) and www.teencybershield.org'

Saina has engaged with her networks to ensure the success of her chosen activities. She has collaborated with Trumsy (www.trumsy.com ) to build good online habits that are essential to a teenager’s success but are difficult to master. She has offered a gamified solution to building online safety habits by recurring tasks that are easy and quick to do for children. Over 1000 parents use the Trumsy app and cards. Saina has initiated petitions to support Cyber Safety Clubs in every school in India, she is founder and captain of Cyber Safety in the school, and has built a strong community to address the issues of teen privacy and cyberbullying. During this period of India’s presidency of G20, she has taken pledge to support Ministry of Electronics and Information Technology (MeitY) in creating awareness among citizens including specially-abled persons to stay safe in an online world. (http://surl.li/fqgxc)

'Saina Kakkar, India's Cyber Crime Intervention Officer (CCIO) and www.teencybershield.org'

Saina Kakkar’s expertise and contributions to the field were recognized as a panelist at “Enabling Parents and Teens to Safely Navigate the Cyber-World” event, alongside various distinguished panelists from well-known tech companies such as Google, Uber, LinkedIn, and India’s leading non-profit organization – ISAC (Information Sharing and Analysis Center). Saina’s tireless efforts to address cyber safety issues in India have earned her recognition from the Prime Minister’s Office (PMO).

'Saina Kakkar, India's Cyber Crime Intervention Officer (CCIO) and www.teencybershield.org'

When most teenagers are spending their time traveling and enjoying their youth, it’s truly remarkable what Saina Kakkar has achieved to become India’s youngest Cyber Crime Intervention Officer (CCIO), the impact she has made at such a young age by supporting 1200+ children and her journey is sure to inspire many more young people to take up the cause of cyber safety and security. Saina is also active member of International Women in Security organiations (https://www.bbwic.com ). To learn more about Saina’s work follow her on LinkedIn and Twitter.