Slack
Fraudulent Slack ad shows malvertiser’s patience and skills
Once again, threat actors seek out Google search ads for top software downloads, but this time they show a lot of patience and bring on evasion tricks.
Read moreCrooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services
Credit to Author: BrianKrebs| Date: Fri, 26 Jul 2024 21:31:54 +0000
Google says it recently fixed an authentication weakness that allowed crooks to circumvent email verification needed to create a Google Workspace account, and leverage that to impersonate a domain holder to third-party services that allow logins through Google’s “Sign in with Google” feature.
Read moreA week in security (January 9—15)
Categories: News Tags: AWIS Tags: weekly blog roundup Tags: week in security Tags: Slack Tags: GitHub Tags: Magecart Tags: Microsoft Tags: Pokemon NFT Tags: Facebook Tags: Instagram Tags: Snapchat Tags: TikTok Tags: YouTube Tags: Google Tags: Meta Tags: identity theft Tags: Maternal & Family Health Services Tags: 2023 predictions Tags: Royal Mail Tags: K-12 security Tags: K-12 Tags: WhatsApp Tags: NSO Group Tags: Department of Interior Tags: weak passwords Tags: Vice Society Tags: ransomware. Vice Society ransomware The most interesting security related news from the week of January 9—15. |
The post A week in security (January 9—15) appeared first on Malwarebytes Labs.
Read moreSlack private code on GitHub stolen
Categories: News Tags: Slack Tags: GitHub Tags: data breach Tags: Slack breach Tags: compromised tokens Stolen employee tokens gave an attacker access to Slack’s private code repositories. |
The post Slack private code on GitHub stolen appeared first on Malwarebytes Labs.
Read moreUber hacked
Categories: News Tags: Uber Tags: MFA Tags: push notification Tags: Slack Tags: HackerOne Uber was forced to take several systems offline after reports of a serious breach |
The post Uber hacked appeared first on Malwarebytes Labs.
Read moreSlack admits to leaking hashed passwords for five years
Credit to Author: Paul Ducklin| Date: Mon, 08 Aug 2022 15:14:38 +0000
“When those invitations went out… somehow, your password hash went out with them.”
Read moreLeaked Chats Show LAPSUS$ Stole T-Mobile Source Code
Credit to Author: BrianKrebs| Date: Fri, 22 Apr 2022 13:09:39 +0000
KrebsOnSecurity recently reviewed a copy of the private chat messages between members of the LAPSUS$ cybercrime group in the week leading up to the arrest of its most active members last month. The logs show LAPSUS$ breached T-Mobile multiple times in March, stealing source code for a range of company projects. T-Mobile says no customer or government information was stolen in the intrusion. LAPSUS$ is known for stealing data and then demanding a ransom not to publish or sell it. But the leaked chats indicate this mercenary activity was of little interest to the tyrannical teenage leader of LAPSUS$, whose obsession with stealing and leaking proprietary computer source code from the world’s largest tech companies ultimately led to the group’s undoing.
Read moreSlack fixes account-stealing bug
Credit to Author: Danny Bradbury| Date: Tue, 17 Mar 2020 12:33:43 +0000
Slack has fixed a bug that allowed attackers to hijack user accounts by tampering with their HTTP sessions.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/i-F9hS91EoQ” height=”1″ width=”1″ alt=””/>
Read moreSlack beefs up mobile security controls for Enterprise Grid
Credit to Author: Matthew Finnegan| Date: Tue, 06 Aug 2019 08:00:00 -0700
Slack today unveiled new security capabilities for Enterprise Grid customers, including tighter controls for admins who oversee mobile device access.
Enterprise Grid was launched in 2017 for Slack’s biggest customers, with additional features to support large-scale deployments. Among the 150 organizations now using Enterprise Grid are Capital One, IBM and Target.
Slack has continued to build out security and compliance features for the software since its introduction, including the addition of enterprise key management last September.