Hot Topics

slack

The Google WebP logo

Patch EVERYTHING: Widely Used ‘WebP’ Code has Critical Bug

| | Buffer Overflow, buffer overflow attack, Buffer Overflow Vulnerabilities, buffer overflows, Chrome, Chromium, edge, Electron, Exploitable Vulnerabilities, Firefox, google, Heap Overflow, libwebp, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, opera, SB Blogwatch, secure software supply chain, slack, software supply chain, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Risks, thunderbird, WebP
WebP FAIL. Critical vuln in libwebp: Go get updates to Chrome, Firefox, Edge, Slack and more ...
Security Boulevard
Slack Security Breach Highlights Risks of SaaS Session Hijacking

Slack Security Breach Highlights Risks of SaaS Session Hijacking

| | CrowdStrike, FEATURED, Incident Response, SaaS Security, SaaS threat detection, Security Advisories, slack, Slack breach
Slack Attack: Employee Tokens Stolen On December 29, 2022, workforce collaboration application, Slack posted a security update that announced the discovery of unauthorized access to some of its code repositories. The company ...
Obsidian Security
CircleCI talent cybersecurity

CircleCI Rotates GitHub OAuth Tokens After Security Incident

| | CircleCI, cyberattack, lastpass, Okta, Secrets, slack, source code breach
Following a security incident, CircleCI has completed the process of rotating GitHub OAuth tokens for their customers. CircleCI said Saturday that while customers could still rotate their own tokens, it has “confidence ...
Security Boulevard

Slack GitHub Account Hacked via Stolen Employee API Token

| | api leak, API security, Cloud Security, Data breach, DEVOPS, Different attack types, Incident, Researcher Corner, security incidents, slack, Token Leak, Web Application Security
On December 29, 2022, Slack was alerted to suspicious activity on their GitHub account. Upon investigation, the company discovered that a limited number of employee tokens had been stolen and misused to ...
Wallarm
Slack

Slack App Leaked Hashed User Passwords for 5 YEARS

| | api, I’m willing to bet someone JSON.stringify’d the entire user object without realizing the password hash is in there, Password, Salesforce, SB Blogwatch, slack, slack technologies, Slack Vulnerability
Since 2017, if you’ve invited anyone to a Slack workspace, your password has leaked. How could this have happened? ...
Security Boulevard
Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code

Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code

| | A Little Sunshine, Amtrak, Apple, BitBucket, Breadcrumbs, Dan Goodin, Doxbin, Electronic Arts, emergency data request, Everlynn, Flashpoint, Genesis, Globant, Iqor, KT, Lapsus$, Lapsus$ Jobs, Michelin, Microsoft, Mobile Device Management, Mox, Ne'er-Do-Well News, Nvidia, Recursion Team, Russian Market, Samsung, SASCAR, SIM swapping, slack, source code theft, swatting, T-Mobile, T-Mobile Atlas, WhiteDoxbin
KrebsOnSecurity recently reviewed a copy of the private chat messages between members of the LAPSUS$ cybercrime group in the week leading up to the arrest of its most active members last month ...
Krebs on Security
Bolster Playbooks get the hookup with new API connector

Bolster Playbooks get the hookup with new API connector

| | api, Customer Success, platform, slack
Bolster has recently added the availability of a Playbook API connector that can help streamline the incredibly important work needed to analyze suspicious and fraudulent sites ...
Bolster Blog
GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

| | A Little Sunshine, Bibox, Celcius.network, Dan Race, Farsight Security, GitHub, GoDaddy, NameCheap, Phishing, privateemail.com, slack, vishing, Web Fraud 2.0, Wirex.app
Fraudsters redirected email and web traffic destined for several cryptocurrency trading platforms over the past week. The attacks were facilitated by scams targeting employees at GoDaddy, the world's largest domain name registrar, ...
Krebs on Security

“Easy Wins” When Securing Slack

| | Breach, CASB, Cloud Data Protection, Cloud Security, data leakage, Malware, Mobile Security, pii, slack
In 2019, Slack reached the 12 million daily user mark, which is likely even higher today as the remote workforce has surged, making the tool a foundational part of corporate and enterprise ...
Bitglass Blog
Capital One Data Theft Impacts 106M People

Capital One Data Theft Impacts 106M People

| | Capital One breach, Data breaches, GitHub, Masergy, Ne'er-Do-Well News, Paige A. Thompson, Ray Watson, slack, Twitter
Federal prosecutors this week charged a Seattle woman with stealing data from more than 100 million credit applications made with Capital One Financial Corp. Incredibly, much of this breached played out publicly ...
Krebs on Security
Load more