Saturday, May 18, 2019

If You're a Slack'er, Patch the Hacker

A security researcher has uncovered a flaw in Slack that could've been exploited to steal files over the business messaging app and potentially spread malware.

The flaw involves Slack's Windows desktop app, and how it can automatically send downloaded files to a certain destination—whether it be on your PC or to an online storage server...

"Using this attack vector, an insider could exploit this vulnerability for corporate espionage, manipulation, or to gain access to documents outside of their purview," David Wells, a researcher at the security firm Tenable said...

Slack has patched the flaw in version 3.4.0 of the Windows desktop app. more