Tag Archive for: Slack

Teams, Slack, and GitHub, oh my! – How collaborative tools can create a security nightmare


When building Teams security, first determine the level of risk your organization is willing to accept. For example, do you want Teams to be open to anonymous users or limit it strictly to internal users?

To adjust this setting, perform the following steps:

If you decide that guest access is to be allowed on your network, you need to be aware of the potential for Teams to be used as a means for attack. You can improve security by deploying more phishing-resistant authentication methods, such as number matching, rather than merely allowing automatic approval of the prompt.

Next, consider implementing Conditional Access rules. This requires additional licensing to implement but may be wise, as attackers turn more and more to using the cloud as a launching point for attacks.

Conditional access rules will allow you to restrict Microsoft 365 logins by using stronger authentication techniques as well as increasing the various strengths of built-in authentication: Multifactor authentication strength, Passwordless MFA strength, and Phishing-resistant MFA strength.

You may decide to limit your Teams interactions to approved domains rather than leaving it open to new and anonymous users. And of course, educating end users only to accept files from trusted partners is crucial.

Source…

Slack Discloses Breach of Its Github Code Repository


Ever since Elon Musk spent $44 billion on Twitter and laid off a large percentage of the company’s staff, there have been concerns about data breaches. Now it seems a security incident that predates Musk’s takeover is causing headaches. This week, it emerged that hackers released a trove of 200 million email addresses and their links to Twitter handles, which were likely gathered between June 2021 and January 2022. The sale of the data may put anonymous Twitter accounts at risk and heap further regulatory scrutiny on the company.

WhatsApp has launched a new anti-censorship tool that it hopes will help people in Iran to avoid government-enforced blocks on the messaging platform. The company has made it possible for people to use proxies to access WhatsApp and avoid government filtering. The tool is available globally. We’ve also explained what pig-butchering scams are and how to avoid falling into their traps.

Also this week, cybersecurity firm Mandiant revealed that it has seen Russian cyberespionage group Turla using innovative new hacking tactics in Ukraine. The group, which is believed to be connected to the FSB intelligence agency, was spotted piggybacking on dormant USB infections of other hacker groups. Turla registered expired domains of years-old malware and managed to take over its command-and-control servers.  

We also reported on the continued fallout of the EncroChat hack. In June 2020, police across Europe revealed they had hacked into the encrypted EncroChat phone network and collected more than 100 million messages from its users, many of them potentially serious criminals. Now thousands of people have been jailed based on the intelligence gathered, but the bust is raising wider questions around law enforcement hacking and the future of encrypted phone networks.

But that’s not all. Each week, we round up the security stories we didn’t cover in-depth ourselves. Click on the headlines to read the full stories. And stay safe out there. 

On December 31, as millions of people were preparing for the start of 2023, Slack posted a new security update to its blog. In the post, the company says it detected a “security issue involving unauthorized access to…

Source…

First LastPass, now Slack and CircleCI. The hacks go on (and will likely worsen)


Shot of a person looking at a hacking message on her monitor reading

In the past 24 hours, the world has learned of serious breaches hitting chat service Slack and software testing and delivery company CircleCI, though giving the companies’ opaque wording—“security issue” and “security incident,” respectively—you’d be forgiven for thinking these events were minor.

The compromises—in Slack’s case, the theft of employee token credentials and for CircleCI, the possible exposure of all customer secrets it stores—come two weeks after password manager LastPass disclosed its own security failure: the theft of customers’ password vaults containing sensitive data in both encrypted and clear text form. It’s not clear if all three breaches are related, but that’s certainly a possibility.

The most concerning of the two new breaches is the one hitting CircleCI. On Wednesday evening, the company reported a “security incident” that prompted it to advise customers to rotate “all secrets” they store on the service. The alert also informed customers that it had invalidated their Project API tokens, an event requiring them to go through the hassle of replacing them.

CircleCI says it’s used by more than 1 million developers in support of 30,000 organizations and runs nearly 1 million daily jobs. The potential exposure of all those secrets—which could be login credentials, access tokens, and who knows what else—could prove disastrous for the security of the entire Internet.

A lack of transparency

CircleCI is still tight-lipped about precisely what happened. Its advisory never used the words “breach,” “compromise,” or “intrusion,” but that’s almost certainly what happened. Exhibit A is the statement: “At this point, we are confident that there are no unauthorized actors active in our systems,” suggesting that network intruders were active earlier. Exhibit B: the advice that customers check internal logs for unauthorized access between December 21 and January 4.

Taking the statements together, it’s not a stretch to suspect threat actors were active inside CircleCI’s systems for two weeks. That’s plenty of time to collect an unimaginable amount of some of the…

Source…

Beyond Zoom: How Safe Are Slack and Other Collaboration Apps?

COVID-19’s effect on work footprints has created an unprecedented challenge for IT and security staff. Many departments are scrambling to enable collaboration apps for all — but without proper security they can be a big risk.
Mobile Security – Threatpost