Security News

Salesforce and Slack have entered into a definitive agreement under which Salesforce will acquire Slack. Under the terms of the agreement, Slack shareholders will receive $26.79 in cash and 0.0776 shares of Salesforce common stock for each Slack share, representing an enterprise value of approximately $27.7 billion based on the closing price of Salesforce's common stock on November 30, 2020.

Child-friendly games website Animal Jam suffered a hack that exposed 46 million user records after a staff Slack channel was compromised by malicious people who discovered a private AWS key. Animal Jam chief exec Clary Stacey confirmed the hack after Bleeping Computer spotted information from the compromised AWS server being posted on stolen data bazaar raidforums[.

A critical remote-code-execution vulnerability affecting past versions of the Slack desktop app was disclosed on Friday after the software maker fixed its app. Back in January, Oskars Vegeris, a security engineer at Evolution Gaming, privately reported to Slack a remote code execution vulnerability affecting version 4.2 and 4.32 of its desktop apps for Linux, macOS, and Windows via bug bounty program HackerOne.

A security researcher was awarded a $1,750 bug bounty reward for discovering a remote code execution vulnerability in the Slack desktop applications. An attacker could exploit the vulnerability to execute arbitrary code within Slack's desktop apps for macOS, Linux, and Windows.

A critical vulnerability in the popular Slack collaboration app would allow remote code-execution. Attackers could gain full remote control over the Slack desktop app with a successful exploit - and thus access to private channels, conversations, passwords, tokens and keys, and various functions.

Armorblox, a cloud office security platform that protects inbound and outbound enterprise communications, announced the availability of integrations with Box and Slack to stop socially engineered attacks and data loss across email, messaging, and file-sharing services. In addition to API-based integrations with Office 365, G Suite, and Exchange, these new integrations extend Armorblox capabilities beyond email to prevent targeted attacks and sensitive data disclosures across cloud office applications.

The ZeroFOX Alpha Team uncovered thousands of cracked Zoom accounts for sale on a single hacking forum and entire websites dedicated to sharing insecure Zoom call IDs. Although Zoom has recently released updates focused on security and privacy, attackers are still able to easily target organizations and their employees through a variety of attacks that abuse the platform.

Most networks these days make do with one IP number that's shared between all the computers on the local network, which make do with so-called "Private IP numbers" that are reserved for internal use only. Because TURN servers can broker traffic between arbitrary services on arbitrary computers, you don't need to add TURN code to every type of server you run, meaning that you can dedicate TURN servers entirely to their job of "Packet brokering".

Popular video-conferencing app Zoom may currently be in the cybersecurity hot seat, but other collaboration tools, such as Slack, Trello, WebEx and Microsoft Teams, are certainly not immune from cybercriminal attention. According to a HackerOne bug-bounty report, a HTTP Request Smuggling bug, in a proof-of-concept, was used to force open-redirects within Slack, leading users to a rogue client outfitted with Slack domain cookies.

The bug uses a sneaky trick called HTTP smuggling, which takes advantage of how back-end servers process requests using this protocol. A front-end proxy server might send it to one of several back-end servers, for example.