Home bug Slack fixes bug that could have let hackers intercept downloads

Slack fixes bug that could have let hackers intercept downloads


A researcher with cybersecurity firm Tenable found that hackers could have placed a malicious link in a Slack channel that, when clicked, would have allowed them to redirect a user’s downloads to a file server belonging to the attacker. From there, the attacker obviously could have stolen the document. Since many workplaces use Slack in place of email, it seems inevitable that files with sensitive data change hands through the service.

Attackers could even have “inserted malicious code in [a document] so that when opened by victim after download [by clicking on them in Slack], their machine would have been infected,” Tenable researcher David Wells, who discovered the bug, wrote. “The options from there on are endless.”

As Wells suggests, a hacker might have been able to place a malicious link in a Slack channel using RSS feeds, which Slack users can add to channels. Hackers would have also been able to mask malicious links so they looked like URLs to legitimate websites.

Tenable reported the bug to Slack and it was patched in version 3.4.0 of the Windows app. “Slack investigated and found no indication that this vulnerability was ever utilized, nor reports that its users were impacted,” Slack told Gizmodo. “As always, users are encouraged to [update] their apps and clients to the last available version.”



Source link

Must Read

How to take better photos with a Galaxy phone

Shooting phenomenal photographs with your DSLR can be relatively easy, but getting the same stunning quality and clarity with your smartphone is a...

We thought up 17 new fragrances that are just as ridiculous as Xbox body wash

Lynx Xbox is a line of body wash, body spray, and deodorant that Microsoft is planning to release in July. Will other tech...

Galaxy A80 with rotating camera shows up on Samsung India ahead of launch

The Galaxy A80 was unveiled earlier this year in Thailand, with the phone being the first from Samsung with a rotating camera module....