Security News

Workflow and collaboration tools like Slack and Discord have been infiltrated by threat actors, who are abusing their legitimate functions to evade security and deliver info-stealers, remote-access trojans and other malware. The researchers saw this behavior across malware, adding that one Discord CDN search turned up almost 20,000 results in VirusTotal.

Code42 announced it is offering security analysts a new automated workflow that speeds alert triage and "Right-sizes" an appropriate response based on the severity of insider risk events. The workflow is available through an integration between Code42's Incydr data risk detection and response product and Slack collaboration software, and is recommended for non-malicious insider risk events, the most common cause of insider security events today.

Business communications platform Slack rushed to take action on Wednesday after customers raised security-related concerns regarding a new feature that allows users to send direct messages to any other Slack user. The new direct message feature, officially launched on Wednesday, is part of the Slack Connect service, which is advertised by the company as an efficient way for organizations to communicate with partners, vendors and customers - basically an alternative for email.

Slack has enabled a new 'Slack Connect' feature that allows users to send messages or create shared channels with people outside of their organization. While users had previously been able to test the Slack Connect feature, it has begun to roll out to all paid workspaces today.

Researchers have spotted malicious packages targeting internal applications for Amazon, Lyft, Slack and Zillow inside the npm public code repository - all of which exfiltrate sensitive information. The packages weaponize a proof-of-concept code dependency-confusion exploit that was recently devised by security researcher Alex Birsan to inject rogue code into developer projects.

Threat actors are targeting Amazon, Zillow, Lyft, and Slack NodeJS apps using a new 'Dependency Confusion' vulnerability to steal Linux/Unix password files and open reverse shells back to the attackers. When hosted on public repositories, including npm, PyPI, and RubyGems, dependency managers would use the packages on the public repo rather than the company's internal packages when building the application.

Element Matrix Services is adding a bridge between hipster chat platform Slack and the open-source world of Matrix messaging. To ease the journey from the centralised world of Slack, Element Matrix Services - a hosting platform for Matrix - is adding a managed bridge for connecting Slack to the Matrix ecosystem.

Business communications platform Slack is scrambling to recover from an ongoing outage that is proving disruptive to cybersecurity response teams around the world. At 7:15AM PST, the San Francisco, Calif.-based Slack confirmed users were "Having trouble loading channels or connecting to Slack." No other details were provided on the cause of the outage.

1/4/. As everyone gets back to work after the New Year holiday, Slack brings in 2021 with a massive outage affecting users worldwide. Starting at approximately 10 AM EST, Slack suffered an outage where users cannot connect, messages cannot be sent and received, and channel history cannot be retrieved.

IRONSCALES announced integrations with Microsoft Teams and Slack, to natively notify security teams using these two popular collaboration and messaging tools about phishing incidents in real-time. The integrations further bolster IRONSCALES' industry-leading on-the-go incident management platform, which already includes native mobile app applications for both iOS and Android devices and supports push notifications, to reach security teams wherever they are.