slack
Patch EVERYTHING: Widely Used ‘WebP’ Code has Critical Bug
Richi Jennings | | Buffer Overflow, buffer overflow attack, Buffer Overflow Vulnerabilities, buffer overflows, Chrome, Chromium, edge, Electron, Exploitable Vulnerabilities, Firefox, google, Heap Overflow, libwebp, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, opera, SB Blogwatch, secure software supply chain, slack, software supply chain, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Risks, thunderbird, WebP
WebP FAIL. Critical vuln in libwebp: Go get updates to Chrome, Firefox, Edge, Slack and more ...
Security Boulevard
Slack Security Breach Highlights Risks of SaaS Session Hijacking
Emile Antone | | CrowdStrike, FEATURED, Incident Response, SaaS Security, SaaS threat detection, Security Advisories, slack, Slack breach
Slack Attack: Employee Tokens Stolen On December 29, 2022, workforce collaboration application, Slack posted a security update that announced the discovery of unauthorized access to some of its code repositories. The company ...
CircleCI Rotates GitHub OAuth Tokens After Security Incident
Following a security incident, CircleCI has completed the process of rotating GitHub OAuth tokens for their customers. CircleCI said Saturday that while customers could still rotate their own tokens, it has “confidence ...
Security Boulevard
Slack GitHub Account Hacked via Stolen Employee API Token
Ivanwallarm | | api leak, API security, Cloud Security, Data breach, DEVOPS, Different attack types, Incident, Researcher Corner, security incidents, slack, Token Leak, Web Application Security
On December 29, 2022, Slack was alerted to suspicious activity on their GitHub account. Upon investigation, the company discovered that a limited number of employee tokens had been stolen and misused to ...
Slack App Leaked Hashed User Passwords for 5 YEARS
Richi Jennings | | api, I’m willing to bet someone JSON.stringify’d the entire user object without realizing the password hash is in there, Password, Salesforce, SB Blogwatch, slack, slack technologies, Slack Vulnerability
Since 2017, if you’ve invited anyone to a Slack workspace, your password has leaked. How could this have happened? ...
Security Boulevard
Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code
BrianKrebs | | A Little Sunshine, Amtrak, Apple, BitBucket, Breadcrumbs, Dan Goodin, Doxbin, Electronic Arts, emergency data request, Everlynn, Flashpoint, Genesis, Globant, Iqor, KT, Lapsus$, Lapsus$ Jobs, Michelin, Microsoft, Mobile Device Management, Mox, Ne'er-Do-Well News, Nvidia, Recursion Team, Russian Market, Samsung, SASCAR, SIM swapping, slack, source code theft, swatting, T-Mobile, T-Mobile Atlas, WhiteDoxbin
KrebsOnSecurity recently reviewed a copy of the private chat messages between members of the LAPSUS$ cybercrime group in the week leading up to the arrest of its most active members last month ...
Bolster Playbooks get the hookup with new API connector
Bolster has recently added the availability of a Playbook API connector that can help streamline the incredibly important work needed to analyze suspicious and fraudulent sites ...
GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services
BrianKrebs | | A Little Sunshine, Bibox, Celcius.network, Dan Race, Farsight Security, GitHub, GoDaddy, NameCheap, Phishing, privateemail.com, slack, vishing, Web Fraud 2.0, Wirex.app
Fraudsters redirected email and web traffic destined for several cryptocurrency trading platforms over the past week. The attacks were facilitated by scams targeting employees at GoDaddy, the world's largest domain name registrar, ...
“Easy Wins” When Securing Slack
Kevin Sheu | | Breach, CASB, Cloud Data Protection, Cloud Security, data leakage, Malware, Mobile Security, pii, slack
In 2019, Slack reached the 12 million daily user mark, which is likely even higher today as the remote workforce has surged, making the tool a foundational part of corporate and enterprise ...
Capital One Data Theft Impacts 106M People
BrianKrebs | | Capital One breach, Data breaches, GitHub, Masergy, Ne'er-Do-Well News, Paige A. Thompson, Ray Watson, slack, Twitter
Federal prosecutors this week charged a Seattle woman with stealing data from more than 100 million credit applications made with Capital One Financial Corp. Incredibly, much of this breached played out publicly ...