slack – Computer Security Articles

A week in security (August 19 – August 25)

August 26, 2024 admin general motors, live stream, national public data, news, slack, Toyota

A list of topics we covered in the week of August 19 to August 25 of 2024

Fraudulent Slack ad shows malvertiser’s patience and skills

August 21, 2024 admin cybercrime, Google Ads, malvertising, malware, sectoprat, slack

Once again, threat actors seek out Google search ads for top software downloads, but this time they show a lot of patience and bring on evasion tricks.

Independent Krebs

Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services

July 26, 2024 admin A Little Sunshine, anu yamunan, dropbox, google, google workspace, Latest Warnings, Sign in with Google, slack, Squarespace, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Fri, 26 Jul 2024 21:31:54 +0000

Google says it recently fixed an authentication weakness that allowed crooks to circumvent email verification needed to create a Google Workspace account, and leverage that to impersonate a domain holder to third-party services that allow logins through Google’s “Sign in with Google” feature.

Kaspersky Security

Why using Google OAuth in work applications is unsafe

January 18, 2024 admin accounts, authentication, Business, enterprise, google, OAuth, risks, slack, SMB, zoom

Credit to Author: Alanna Titterington| Date: Thu, 18 Jan 2024 17:19:06 +0000

A bug in the Google OAuth sign-in mechanism can be exploited by fired employees to retain access to accounts

MalwareBytes Security

A week in security (January 9—15)

January 16, 2023 admin 2023 predictions, awis, department of interior, Facebook, GitHub, google, Identity Theft, instagram, k-12 security, K–12, Magecart, maternal & family health services, meta, microsoft, news, nso group, pokemon nft, ransomware. vice society ransomware, royal mail, slack, snapchat, TikTok, vice society, weak passwords, Week in security, weekly blog roundup, WhatsApp, Youtube

Categories: News

Tags: AWIS

Tags: weekly blog roundup

Tags: week in security

Tags: Slack

Tags: GitHub

Tags: Magecart

Tags: Microsoft

Tags: Pokemon NFT

Tags: Facebook

Tags: Instagram

Tags: Snapchat

Tags: TikTok

Tags: YouTube

Tags: Google

Tags: Meta

Tags: identity theft

Tags: Maternal & Family Health Services

Tags: 2023 predictions

Tags: Royal Mail

Tags: K-12 security

Tags: K-12

Tags: WhatsApp

Tags: NSO Group

Tags: Department of Interior

Tags: weak passwords

Tags: Vice Society

Tags: ransomware. Vice Society ransomware

The most interesting security related news from the week of January 9—15.

(Read more…)

The post A week in security (January 9—15) appeared first on Malwarebytes Labs.

MalwareBytes Security

Slack private code on GitHub stolen

January 9, 2023 admin compromised tokens, data breach, GitHub, news, slack, slack breach

Categories: News

Tags: Slack

Tags: GitHub

Tags: data breach

Tags: Slack breach

Tags: compromised tokens

Stolen employee tokens gave an attacker access to Slack’s private code repositories.

(Read more…)

The post Slack private code on GitHub stolen appeared first on Malwarebytes Labs.

MalwareBytes Security

Uber hacked

September 16, 2022 admin hackerone, mfa, news, push notification, slack, Uber

Categories: News

Tags: Uber

Tags: MFA

Tags: push notification

Tags: Slack

Tags: HackerOne

Uber was forced to take several systems offline after reports of a serious breach

(Read more…)

The post Uber hacked appeared first on Malwarebytes Labs.

Independent Krebs

Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code

April 22, 2022 admin A Little Sunshine, amtrak, apple, bitbucket, Breadcrumbs, Dan Goodin, Doxbin, Electronic Arts, emergency data request, everlynn, Flashpoint, genesis, globant, iqor, kt, lapsus$, lapsus$ jobs, michelin, microsoft, Mobile Device Management, mox, Ne'er-Do-Well News, nvidia, recursion team, russian market, Samsung, sascar, SIM swapping, slack, source code theft, SWATting, T-Mobile, t-mobile atlas, whitedoxbin

Credit to Author: BrianKrebs| Date: Fri, 22 Apr 2022 13:09:39 +0000

KrebsOnSecurity recently reviewed a copy of the private chat messages between members of the LAPSUS$ cybercrime group in the week leading up to the arrest of its most active members last month. The logs show LAPSUS$ breached T-Mobile multiple times in March, stealing source code for a range of company projects. T-Mobile says no customer or government information was stolen in the intrusion. LAPSUS$ is known for stealing data and then demanding a ransom not to publish or sell it. But the leaked chats indicate this mercenary activity was of little interest to the tyrannical teenage leader of LAPSUS$, whose obsession with stealing and leaking proprietary computer source code from the world’s largest tech companies ultimately led to the group’s undoing.

← Previous