Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Sunday, 29 January, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

AT&T Researchers Discover Slack Webhooks Vulnerability

by SophieDowdell
April 15, 2020
in Cloud Security, Guru's Picks
slack
Share on FacebookShare on Twitter

Researchers at AT&T Alien Labs, the threat intelligence arm of AT&T Cybersecurity, have discovered a vulnerability in popular work collaboration platform Slack.

Slack is a popular cloud-based messaging platform that is commonly used in workplace communication, with Slack Incoming Webhooks allowing users to post messages from applications to Slack. By specifying a unique URL, the message body, and a destination channel, users can send a message to any webhook using the URL for any workspace.

In this instance researchers at AT&T Alien Labs noticed some functionality in the Slack platform that could be used to launch novel Phishing campaigns whilst creating webhooks for an internal tool.

Slack webhooks were previously considered a low security risk integration but according to AT&T Alien Labs researchers, attackers could simply find a leaked Slack webhook online and send a malicious app to a Slack channel where users would install it. This flaw could lead to malicious actors hijacking incoming webhooks in phishing attacks.

Ashley Graves, Cloud Security Researcher at AT&T Alien Labs, a part of AT&T Cybersecurity, wrote a blog documenting the finding and said: “First, a channel override allows you to override the previously specified webhook target channel by adding the “channel” key to your JSON payload. If you gain access to a webhook for one channel, you can use it in others.

“Slack documentation suggests that allowed target channels are based on the original creator of the webhook…so if you can find a webhook created by an admin – congrats, you can post to admin channels!”

According to Javvad Malik, Security Awareness Advocate at KnowBe4: “This is an interesting attack vector against Slack which is among the few popular messaging tools used in organisations. The concerning aspect about this is that people tend to lower their guard when receiving links on messaging platforms, and in particular when on mobile devices.

All this combined can lead to a great increase in the likelihood of a spearphishing attack being successful. It is why employees need to be wary of phishing attacks not just from email, but all social media platforms. In addition, organisations should have threat detection and response controls in place so that in the event an employee does fall victim to a phishing attack, it can be quickly identified and remediated before becoming a widespread incident.”

 

Link to original blog explaining AT&T’s findings: https://cybersecurity.att.com/blogs/labs-research/slack-phishing-attacks-using-webhooks

FacebookTweetLinkedIn
Share3TweetShare
Previous Post

Qualys VMDR® – Vulnerability Management Detection and Response

Next Post

600% increase in COVID-19 related phishing attacks

Recent News

Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023
Lupovis eliminates false positive security alerts for security analysts and MSSPs

Lupovis eliminates false positive security alerts for security analysts and MSSPs

January 26, 2023
Threat actors launch one malicious attack every minute

Threat actors launch one malicious attack every minute

January 25, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information