Tenable, a cyber exposure company, has announced the company’s research team has discovered a vulnerability in the Slack Desktop Application for Windows that could have allowed an attacker to alter where a victim’s files are stored when the documents are downloaded within Slack.
For many organizations looking to keep their employees connected, Slack has become a critical tool.
The vulnerability, which was found in Slack Desktop Application for Windows version 3.3.7 and has since been patched in version 3.4.0, could have allowed an attacker to send a crafted hyperlink via a Slack message that, once clicked, changes the document download location path to an attacker-owned file share.
(Learn More. Courtesy of The CyberWire and YouTube. Sponsored by ObserveIT, a competitor in the 2019 ‘ASTORS’ Homeland Security Awards Program. See below to Learn More. Posted on May 17, 2019.)
By exploiting the flaw, an attacker can not only steal future documents downloaded within Slack, but they can also manipulate them, such as injecting malicious code that would compromise the victim’s machine once opened.
“The digital economy and global distributed workforce have brought new technologies to market with the ultimate goal of seamless connectivity,” explained Renaud Deraison, co-founder and chief technology officer at Tenable.
“But it’s critical that organizations realize this emerging technology is potentially vulnerable and part of their expanding attack surface.”
“Tenable Research continues to work with vendors such as Slack to disclose our discoveries to ensure consumers and organizations are secure.”
(Accurately identify, investigate and prioritize vulnerabilities. Courtesy of Tenable and YouTube. Posted on Nov 16, 2018.)
Slack has released version 3.4.0 to address this vulnerability. Users are urged to confirm that their Slack for Windows is updated to this latest version.
For more information on how this vulnerability was found, feel free to read the Tenable Research blog post on Medium.
(ObserveIT, the leader in Insider Threat Management, delivers comprehensive visibility into user and data activity providing security organizations with a powerful tool for protecting employees and valuable assets while saving time and resources. With more than 1,900 global customers across all major verticals, ObserveIT empowers security teams to proactively detect insider threats, streamline the investigation process and enable rapid response. Courtesy of ObserveIT and YouTube. Posted on Apr 24, 2019.)
As a 2019 ‘ASTORS’ Homeland Security Awards Program Competitor, ObserveIT will be competing against the industry’s leading providers of Innovative, Investigative/Surveillance/Detection Solutions.
Good luck to ObserveIT on becoming a Winner of the 2019 American Security Today’s Homeland Security Awards Program!
Nominations are now being accepted for the 2018 ‘ASTORS’ Homeland Security Awards at https://americansecuritytoday.com/ast-awards/.
|Access Control/ Identification||Personal/Protective Equipment||Law Enforcement Counter Terrorism|
|Perimeter Barrier/ Deterrent System||Interagency Interdiction Operation||Cloud Computing/Storage Solution|
|Facial/IRIS Recognition||Body Worn Video Product||Cyber Security|
|Video Surveillance/VMS||Mobile Technology||Anti-Malware|
|Audio Analytics||Disaster Preparedness||ID Management|
|Thermal/Infrared Camera||Mass Notification System||Fire & Safety|
|Metal/Weapon Detection||Rescue Operations||Critical Infrastructure|
|License Plate Recognition||Detection Products||And Many Others!|
Don’t see a Direct Hit for your Product, Agency or Organization?
Submit your category recommendation for consideration to Michael Madsen, AST Publisher at: firstname.lastname@example.org.
ObserveIT Takes Platinum in the 2018 ‘ASTORS’ Homeland Security Awards Program
Best IT Threat Intelligence Solution
ObserveIT Insider Threat Software
The Annual ‘ASTORS’ Awards Program is specifically designed to honor distinguished government and vendor solutions that deliver enhanced value, benefit and intelligence to end users in a variety of government, homeland security and public safety vertical markets.
Over 130 distinguished guests representing National, State and Local Governments, and Industry Leading Corporate Firms, gathered from across North America, Europe and the Middle East to be honored among their peers in their respective fields which included:
- The Department of Homeland Security
- The Federal Protective Service (FPS)
- Argonne National Laboratory
- The Department of Homeland Security
- The Department of Justice
- The Security Exchange Commission Office of Personnel Management
- U.S. Customs and Border Protection
- Viasat, Hanwha Techwin, Lenel, Konica Minolta Business Solutions, Verint, Canon U.S.A., BriefCam, Pivot3, Milestone Systems, Allied Universal, Ameristar Perimeter Security and More!
The Annual ‘ASTORS’ Awards is the preeminent U.S. Homeland Security Awards Program highlighting the most cutting-edge and forward-thinking security solutions coming onto the market today, to ensure our readers have the information they need to stay ahead of the competition, and keep our Nation safe – one facility, street, and city at a time.
The 2018 ‘ASTORS’ Homeland Security Awards Program was Proudly Sponsored by ATI Systems, Attivo Networks, Automatic Systems, Desktop Alert, and Royal Holdings Technologies.
2018 Champions Edition
See the 2018 ‘ASTORS’ Champions Edition – ‘Best Products of 2018 ‘ Year in Review’ for in-depth coverage of the outstanding products and services of firms receiving American Security Today’s 2018‘ASTORS’ Homeland Security Awards.’
Enter Early to Maximize Media Coverage of your Products and Services at Kickoff, and Get the Recognition Your Organization Deserves!
And be sure to Register Early for the 2019 ‘ASTORS’ Awards Presentation Luncheon at ISC East 2019 to ensure your place at this limited- space event!
Why the 2018 ‘ASTORS’ Homeland Security Awards Program?
American Security Today’s comprehensive Annual Homeland Security Awards Program is organized to recognize the most distinguished vendors of physical, IT, port security, law enforcement, and first responders, in acknowledgment of their outstanding efforts to ‘Keep our Nation Secure, One City at a Time.’
Why American Security Today?
American Security Today is uniquely focused on the broader Homeland Security & Public Safety marketplace with over 70,000 readers at the Federal, State and local levels of government as well as firms allied to government.
The old traditional security marketplace has been covered by a host of security publications that have changed little over many years.
American Security Today brings forward a fresh compelling look and read with our customized digital publications that provides our readers with solutions to their challenges.
Our Editorial staff provides a full plate of topics for our AST monthly digital editions, AST Website and AST Daily News Alerts.
The editorial calendar and AST’s high drawing website features 23 different Technology and Marketing Sectors such as Access Control, Perimeter Protection, Video Surveillance/Analytics, Airport Security, Border Security, CBRNE Detection, Border Security, Ports, Cybersecurity, Networking Security, Encryption, Law Enforcement, First Responders, Campus Security, Security Services, Corporate Facilities and Emergency Response among others.
These sectors are part of the new integration, where these major applications communicate with one another in a variety of solutions to protect our cities and critical infrastructure.
AST has Expanded readership into vital Critical Infrastructure audiences such as Protection of Nuclear Facilities, Water Plants & Dams, Bridges & Tunnels, and other Potential targets of terrorism.
Other areas of concern include Transportation Hubs, Public Assemblies, Government Facilities, Sporting & Concert Stadiums, our Nation’s Schools & Universities, and Commercial Business Destinations – enticing targets for extremist or lone wolf attacks due to the large number of persons and resources clustered together.
To learn more about ObserveIT’s Insider Threat Management solution and how it helps companies detect anomalous behavior, expedite investigations and prevent data loss, visit here, or to try a free hassle-free trial of ObserveIT 7.7, go to https://www.observeit.com/tryitnow/.