Slack | Breaking Cybersecurity News | The Hacker News

The Pakistan-nexus  Transparent Tribe  actor has been linked to a new set of attacks targeting Indian government, defense, and aerospace sectors using cross-platform malware written in Python, Golang, and Rust. "This cluster of activity spanned from late 2023 to April 2024 and is anticipated to persist," the BlackBerry Research and Intelligence Team  said  in a technical report published early last week. The spear-phishing campaign is also notable for its abuse of popular online services such as Discord, Google Drive, Slack, and Telegram, once again underscoring how threat actors are  adopting legitimate programs  into their attack flows. According to BlackBerry, the targets of the email-based attacks included three companies that are crucial stakeholders and clients of the Department of Defense Production ( DDP ). All the three companies targeted are headquartered in the Indian city of Bengaluru. While the names of the firms were not disclosed, i...

Slack said it took the step of resetting passwords for about 0.5% of its users after a flaw exposed salted password hashes when creating or revoking shared invitation links for workspaces. "When a user performed either of these actions, Slack transmitted a hashed version of their password to other workspace members," the enterprise communication and collaboration platform  said  in an alert on 4th August. Hashing refers to a cryptographic technique that transforms any form of data into a fixed-size output (called a hash value or simply hash).  Salting  is designed to add an extra security layer to the hashing process to make it resistant to brute-force attempts. The Salesforce-owned company, which reported more than  12 million daily active users  in September 2019, didn't reveal the exact  hashing algorithm  used to safeguard the passwords. The bug is said to have impacted all users who created or revoked shared invitation links between 17 ...

Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...

If you use Slack, a popular cloud-based team collaboration server, and recently received an email from the company about a security incident, don't panic and read this article before taking any action. Slack has been sending a "password reset" notification email to all those users who had not yet changed passwords for their Slack accounts since 2015 when the company suffered a massive data breach. For those unaware, in 2015, hackers unauthorisedly gained access to one of the company's databases that stored user profile information, including their usernames, email addresses, and hashed passwords. At that time, attackers also secretly inserted code, probably on the login page, which allowed them to capture plaintext passwords entered by some Slack users during that time. However, immediately following the security incident, the company automatically reset passwords for those small number of Slack users whose plaintext passwords were exposed, but asked other aff...