Security News

Most networks these days make do with one IP number that's shared between all the computers on the local network, which make do with so-called "Private IP numbers" that are reserved for internal use only. Because TURN servers can broker traffic between arbitrary services on arbitrary computers, you don't need to add TURN code to every type of server you run, meaning that you can dedicate TURN servers entirely to their job of "Packet brokering".

Popular video-conferencing app Zoom may currently be in the cybersecurity hot seat, but other collaboration tools, such as Slack, Trello, WebEx and Microsoft Teams, are certainly not immune from cybercriminal attention. According to a HackerOne bug-bounty report, a HTTP Request Smuggling bug, in a proof-of-concept, was used to force open-redirects within Slack, leading users to a rogue client outfitted with Slack domain cookies.

The bug uses a sneaky trick called HTTP smuggling, which takes advantage of how back-end servers process requests using this protocol. A front-end proxy server might send it to one of several back-end servers, for example.

A researcher earned $6,500 from Slack last year after finding a critical vulnerability that could have been exploited to hijack Slack accounts. The vulnerability was reported to Slack in mid-November via the company's bug bounty program on HackerOne and it was patched within 24 hours, which is not uncommon for Slack when it comes to account hijacking issues.

Nightfall AI, a cloud data security platform, announced an extended list of investors participating in its oversubscribed Series A round. "We are thrilled to work with this exceptional set of investors. They bring an incredible breadth of experience and will be invaluable partners as we scale the company. They recognize our innovative approach as the industry's first cloud-native DLP and our rapid growth in this new category," remarks Isaac Madan, Nightfall's CEO and co-founder.

CASB+ for Slack provides 360o visibility, protection and control of all user activity on Slack as well as continuous risk assessment against external or internal threats. The result is end-to-end data protection and compliance for more than 10 million active Slack users today.

IRC-for-millennials biz shrugs: Yeah, we might fix that later Security researchers have uncovered a flaw in messaging app Slack that allows a file shared in a private channel to be viewed by...

Slack informed bug bounty hunters on Monday that it has increased the minimum rewards for serious vulnerabilities found in its products and websites. read more

Slack on Tuesday unveiled several new security tools designed to provide administrators of its Enterprise Grid product better control over who can use the platform and how they do it. read more

Slack's Enterprise Grid product now helps admins limit which people and devices can access Slack, and how Slack can be used.